test dns resolvers at startup

2 years ago · 379fe18f7a
parent 94bbd25fe8
commit 379fe18f7a
1 changed files with 30 additions and 0 deletions
--- a/core/admin/start.py
+++ b/core/admin/start.py
@ -18,6 +18,36 @@ if account is not None and domain is not None and password is not None:
    log.info("Creating initial admin accout %s@%s with mode %s",account,domain,mode)
    os.system("flask mailu admin %s %s '%s' --mode %s" % (account, domain, password, mode))

+def test_DNS():
+    import dns.resolver
+    import dns.exception
+    import dns.flags
+    import dns.rdtypes
+    import dns.rdatatype
+    import dns.rdataclass
+    import time
+    # DNS stub configured to do DNSSEC enabled queries
+    resolver = dns.resolver.Resolver()
+    resolver.use_edns(0, 0, 1232)
+    resolver.flags = dns.flags.AD | dns.flags.RD
+    nameservers = resolver.nameservers
+    for ns in nameservers:
+        resolver.nameservers=[ns]
+        error = True
+        while error:
+            try:
+                result = resolver.query('example.org', dns.rdatatype.A, dns.rdataclass.IN, lifetime=10)
+                if not result.response.flags & dns.flags.AD:
+                    log.critical("Your DNS resolver at %s isn't doing DNSSEC validation; Please install unbound.", ns)
+                else:
+                    error = False
+                    continue
+            except Exception as e:
+                log.critical("Your DNS resolver at %s is not working (%s). Please install unbound.", ns, e);
+            time.sleep(5)
+
+test_DNS()
+
 start_command="".join([
    "gunicorn --threads ", str(os.cpu_count()),
    " -b :80 ",