From 3ddec4d64ed8fdc97b57e60ac23958988bcb1845 Mon Sep 17 00:00:00 2001 From: Andreas Olsson Date: Wed, 15 Aug 2018 20:33:00 +0200 Subject: [PATCH] Fix the nsupdate module's TTL change detection (#42973) Ideally I would have liked to compare the TTL as part of the prerequisite check. Sadly that isn't supported by the RFC 2136 update protocol. Hence the additional query. Resolves #39465 --- lib/ansible/modules/net_tools/nsupdate.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/lib/ansible/modules/net_tools/nsupdate.py b/lib/ansible/modules/net_tools/nsupdate.py index 81dcd42d939..8c743bf6940 100644 --- a/lib/ansible/modules/net_tools/nsupdate.py +++ b/lib/ansible/modules/net_tools/nsupdate.py @@ -190,6 +190,11 @@ class RecordManager(object): if self.zone[-1] != '.': self.zone += '.' + if module.params['record'][-1] != '.': + self.fqdn = module.params['record'] + '.' + self.zone + else: + self.fqdn = module.params['record'] + if module.params['key_name']: try: self.keyring = dns.tsigkeyring.from_text({ @@ -326,12 +331,26 @@ class RecordManager(object): response = self.__do_update(update) self.dns_rc = dns.message.Message.rcode(response) if self.dns_rc == 0: - return 1 + if self.ttl_changed(): + return 2 + else: + return 1 else: return 2 else: return 0 + def ttl_changed(self): + query = dns.message.make_query(self.fqdn, self.module.params['type']) + + try: + lookup = dns.query.tcp(query, self.module.params['server'], timeout=10, port=self.module.params['port']) + except (socket_error, dns.exception.Timeout) as e: + self.module.fail_json(msg='DNS server error: (%s): %s' % (e.__class__.__name__, to_native(e))) + + current_ttl = lookup.answer[0].ttl + return current_ttl != self.module.params['ttl'] + def main(): tsig_algs = ['HMAC-MD5.SIG-ALG.REG.INT', 'hmac-md5', 'hmac-sha1', 'hmac-sha224',