Skip to content

Commit

Permalink
feat(IPv6): Allow custom domains with AAAA domains
Browse files Browse the repository at this point in the history
  • Loading branch information
cogk committed Oct 15, 2024
1 parent ed11238 commit 98c4dcd
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 3 deletions.
42 changes: 41 additions & 1 deletion press/api/site.py
Original file line number Diff line number Diff line change
Expand Up @@ -1652,6 +1652,37 @@ def check_dns_a(name, domain):
return result


def check_dns_aaaa(name, domain):
result = {"type": "AAAA", "matched": False, "answer": ""}
try:
resolver = Resolver(configure=False)
resolver.nameservers = NAMESERVERS
answer = resolver.query(domain, "AAAA")
domain_ip = answer[0].to_text()
site_ip = resolver.query(name, "AAAA")[0].to_text()
result["answer"] = answer.rrset.to_text()
if domain_ip == site_ip:
result["matched"] = True
elif site_ip:
# We can issue certificates even if the domain points to the secondary proxies
server = frappe.db.get_value("Site", name, "server")
proxy = frappe.db.get_value("Server", server, "proxy_server")
secondary_ips = frappe.get_all(
"Proxy Server",
{"status": "Active", "primary": proxy, "is_replication_setup": True},
pluck="ip6",
)
if domain_ip in secondary_ips:
result["matched"] = True
except dns.exception.DNSException as e:
result["answer"] = str(e)
except Exception as e:
result["answer"] = str(e)
log_error("DNS Query Exception - AAAA", site=name, domain=domain, exception=e)
finally:
return result


def ensure_dns_aaaa_record_doesnt_exist(domain: str):
"""
Ensure that the domain doesn't have an AAAA record
Expand All @@ -1676,7 +1707,7 @@ def ensure_dns_aaaa_record_doesnt_exist(domain: str):

def check_dns_cname_a(name, domain):
check_domain_allows_letsencrypt_certs(domain)
ensure_dns_aaaa_record_doesnt_exist(domain)
# ensure_dns_aaaa_record_doesnt_exist(domain)
cname = check_dns_cname(name, domain)
result = {"CNAME": cname}
result.update(cname)
Expand All @@ -1688,6 +1719,15 @@ def check_dns_cname_a(name, domain):
result.update({"A": a})
result.update(a)

# Check that both A and AAAA records match a proxy
aaaa = check_dns_aaaa(name, domain)
result.update({"AAAA": aaaa})
a_found = a["answer"] and "does not contain an answer" not in a["answer"]
aaaa_found = aaaa["answer"] and "does not contain an answer" not in aaaa["answer"]
if a_found and aaaa_found and a["matched"] != aaaa["matched"]:
# There is both records but one does not match.
result["matched"] = False

return result


Expand Down
5 changes: 3 additions & 2 deletions press/press/doctype/site_domain/site_domain.py
Original file line number Diff line number Diff line change
Expand Up @@ -204,9 +204,10 @@ def update_dns_type():
return
try:
response = check_dns(domain.site, domain.domain)
if response["matched"] and response["type"] != domain.dns_type:
dns_type = "A" if response["type"] == "AAAA" else response["type"]
if response["matched"] and dns_type != domain.dns_type:
frappe.db.set_value(
"Site Domain", domain.name, "dns_type", response["type"], update_modified=False
"Site Domain", domain.name, "dns_type", dns_type, update_modified=False
)
pretty_response = json.dumps(response, indent=4, default=str)
frappe.db.set_value(
Expand Down

0 comments on commit 98c4dcd

Please sign in to comment.