From 379fe18f7a08050a6465c2909e4604a61a807136 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Wed, 5 Jan 2022 18:49:30 +0100
Subject: [PATCH] test dns resolvers at startup

---
 core/admin/start.py | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/core/admin/start.py b/core/admin/start.py
index 0eff3bbe..5e573fd6 100755
--- a/core/admin/start.py
+++ b/core/admin/start.py
@@ -18,6 +18,36 @@ if account is not None and domain is not None and password is not None:
     log.info("Creating initial admin accout %s@%s with mode %s",account,domain,mode)
     os.system("flask mailu admin %s %s '%s' --mode %s" % (account, domain, password, mode))
 
+def test_DNS():
+    import dns.resolver
+    import dns.exception
+    import dns.flags
+    import dns.rdtypes
+    import dns.rdatatype
+    import dns.rdataclass
+    import time
+    # DNS stub configured to do DNSSEC enabled queries
+    resolver = dns.resolver.Resolver()
+    resolver.use_edns(0, 0, 1232)
+    resolver.flags = dns.flags.AD | dns.flags.RD
+    nameservers = resolver.nameservers
+    for ns in nameservers:
+        resolver.nameservers=[ns]
+        error = True
+        while error:
+            try:
+                result = resolver.query('example.org', dns.rdatatype.A, dns.rdataclass.IN, lifetime=10)
+                if not result.response.flags & dns.flags.AD:
+                    log.critical("Your DNS resolver at %s isn't doing DNSSEC validation; Please install unbound.", ns)
+                else:
+                    error = False
+                    continue
+            except Exception as e:
+                log.critical("Your DNS resolver at %s is not working (%s). Please install unbound.", ns, e);
+            time.sleep(5)
+
+test_DNS()
+
 start_command="".join([
     "gunicorn --threads ", str(os.cpu_count()),
     " -b :80 ",