From 0cdf63668d5df74d58d8eb5a155cdf2d4693c9cf Mon Sep 17 00:00:00 2001
From: Kim Hagen <kim.sidney@gmail.com>
Date: Tue, 4 Jun 2019 15:22:39 +0200
Subject: T1379: Deprecated functions in /sbin/dhclient-script

---
 src/conf_mode/dns_forwarding.py | 64 +++++++++++++++++++++++++++--------------
 1 file changed, 43 insertions(+), 21 deletions(-)

(limited to 'src/conf_mode/dns_forwarding.py')

diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py
index 135f6fec0..7559a0af6 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/dns_forwarding.py
@@ -19,12 +19,18 @@
 import sys
 import os
 
-import netifaces
+import argparse
 import jinja2
+import netifaces
 
 from vyos.config import Config
 from vyos import ConfigError
 
+
+parser = argparse.ArgumentParser()
+parser.add_argument("--dhclient", action="store_true",
+                    help="Started from dhclient-script")
+
 config_file = r'/etc/powerdns/recursor.conf'
 
 # XXX: pdns recursor doesn't like whitespace near entry separators,
@@ -84,31 +90,36 @@ default_config_data = {
     'name_servers': [],
     'negative_ttl': 3600,
     'domains': [],
-    'dnssec' : 'process-no-validate'
+    'dnssec': 'process-no-validate'
 }
 
 
 # borrowed from: https://github.com/donjajo/py-world/blob/master/resolvconfReader.py, THX!
 def get_resolvers(file):
-    resolvers = []
     try:
         with open(file, 'r') as resolvconf:
-            for line in resolvconf.readlines():
-                line = line.split('#',1)[0];
-                line = line.rstrip();
-                if 'nameserver' in line:
-                    resolvers.append(line.split()[1])
+            lines = [line.split('#', 1)[0].rstrip()
+                     for line in resolvconf.readlines()]
+            resolvers = [line.split()[1]
+                         for line in lines if 'nameserver' in line]
         return resolvers
     except IOError:
         return []
 
-def get_config():
+
+def get_config(arguments):
     dns = default_config_data
     conf = Config()
+
+    if arguments.dhclient:
+        conf.exists = conf.exists_effective
+        conf.return_value = conf.return_effective_value
+        conf.return_values = conf.return_effective_values
+
     if not conf.exists('service dns forwarding'):
         return None
-    else:
-        conf.set_level('service dns forwarding')
+
+    conf.set_level('service dns forwarding')
 
     if conf.exists('cache-size'):
         cache_size = conf.return_value('cache-size')
@@ -139,7 +150,8 @@ def get_config():
         system_name_servers = []
         system_name_servers = conf.return_values('name-server')
         if not system_name_servers:
-            print("DNS forwarding warning: No name-servers set under 'system name-server'\n")
+            print(
+                "DNS forwarding warning: No name-servers set under 'system name-server'\n")
         else:
             dns['name_servers'] = dns['name_servers'] + system_name_servers
         conf.set_level('service dns forwarding')
@@ -171,9 +183,10 @@ def get_config():
             try:
                 addrs = netifaces.ifaddresses(interface)
             except ValueError:
-                print("WARNING: interface {0} does not exist".format(interface))
+                print(
+                    "WARNING: interface {0} does not exist".format(interface))
                 continue
-                
+
             if netifaces.AF_INET in addrs.keys():
                 for ip4 in addrs[netifaces.AF_INET]:
                     listen4.append(ip4['addr'])
@@ -183,7 +196,8 @@ def get_config():
                     listen6.append(ip6['addr'])
 
             if (not listen4) and (not (listen6)):
-                print("WARNING: interface {0} has no configured addresses".format(interface))
+                print(
+                    "WARNING: interface {0} has no configured addresses".format(interface))
 
         dns['listen_on'] = dns['listen_on'] + listen4 + listen6
 
@@ -195,31 +209,37 @@ def get_config():
         interfaces = []
         interfaces = conf.return_values('dhcp')
         for interface in interfaces:
-            dhcp_resolvers = get_resolvers("/etc/resolv.conf.dhclient-new-{0}".format(interface))
+            dhcp_resolvers = get_resolvers(
+                "/etc/resolv.conf.dhclient-new-{0}".format(interface))
             if dhcp_resolvers:
                 dns['name_servers'] = dns['name_servers'] + dhcp_resolvers
 
     return dns
 
+
 def bracketize_ipv6_addrs(addrs):
     """Wraps each IPv6 addr in addrs in [], leaving IPv4 addrs untouched."""
     return ['[{0}]'.format(a) if a.count(':') > 1 else a for a in addrs]
 
+
 def verify(dns):
     # bail out early - looks like removal from running config
     if dns is None:
         return None
 
     if not dns['listen_on']:
-        raise ConfigError("Error: DNS forwarding requires either a listen-address (preferred) or a listen-on option")
+        raise ConfigError(
+            "Error: DNS forwarding requires either a listen-address (preferred) or a listen-on option")
 
     if dns['domains']:
         for domain in dns['domains']:
             if not domain['servers']:
-                raise ConfigError('Error: No server configured for domain {0}'.format(domain['name']))
+                raise ConfigError(
+                    'Error: No server configured for domain {0}'.format(domain['name']))
 
     return None
 
+
 def generate(dns):
     # bail out early - looks like removal from running config
     if dns is None:
@@ -232,19 +252,21 @@ def generate(dns):
         f.write(config_text)
     return None
 
+
 def apply(dns):
     if dns is not None:
         os.system("systemctl restart pdns-recursor")
     else:
         # DNS forwarding is removed in the commit
         os.system("systemctl stop pdns-recursor")
-        os.unlink(config_file)
+        if os.path.isfile(config_file):
+            os.unlink(config_file)
 
-    return None
 
 if __name__ == '__main__':
+    args = parser.parse_args()
     try:
-        c = get_config()
+        c = get_config(args)
         verify(c)
         generate(c)
         apply(c)
-- 
cgit v1.2.3


From 7773ad30bd940ffb5144224d61dc3354396f2c8b Mon Sep 17 00:00:00 2001
From: qiuchengxuan <qiuchengxuan@gmail.com>
Date: Sat, 22 Jun 2019 21:51:17 +0800
Subject: [pdns-recursor] T1469 - replace forward-zones with
 forward-zones-recurse (#75)

forward-zones-recurse behaves identically to dnsmasq server option
in legacy vyos 1.1.8, while forward-zones option disallow recursive
name resolving, which leads to dns lookup failure
---
 src/conf_mode/dns_forwarding.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/conf_mode/dns_forwarding.py')

diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py
index 7559a0af6..0ce2eee2c 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/dns_forwarding.py
@@ -63,7 +63,7 @@ local-address={{ listen_on | join(',') }}
 # domain ... server ...
 {% if domains -%}
 
-forward-zones={% for d in domains %}
+forward-zones-recurse={% for d in domains %}
 {{ d.name }}={{ d.servers | join(";") }}
 {{- "," if not loop.last -}}
 {% endfor %}
-- 
cgit v1.2.3


From 99cca9bea1a23c396b4b3121f759b3e21240fbd0 Mon Sep 17 00:00:00 2001
From: qiuchengxuan <qiuchengxuan@gmail.com>
Date: Tue, 25 Jun 2019 15:55:55 +0800
Subject: [pdns-recursor] T1469 - specified dns forwarding not work

when conflict exists between forward-zone-recurse entry,
the lower one hides the upper one, which leads to inactive dns forwarding configuration
---
 src/conf_mode/dns_forwarding.py | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

(limited to 'src/conf_mode/dns_forwarding.py')

diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py
index 0ce2eee2c..c7e362d07 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/dns_forwarding.py
@@ -60,16 +60,6 @@ export-etc-hosts={{ export_hosts_file }}
 # listen-on
 local-address={{ listen_on | join(',') }}
 
-# domain ... server ...
-{% if domains -%}
-
-forward-zones-recurse={% for d in domains %}
-{{ d.name }}={{ d.servers | join(";") }}
-{{- "," if not loop.last -}}
-{% endfor %}
-
-{% endif %}
-
 # dnssec
 dnssec={{ dnssec }}
 
@@ -80,6 +70,16 @@ forward-zones-recurse=.={{ name_servers | join(';') }}
 # no name-servers specified - start full recursor
 {% endif %}
 
+# domain ... server ...
+{% if domains -%}
+
+forward-zones-recurse={% for d in domains %}
+{{ d.name }}={{ d.servers | join(";") }}
+{{- "," if not loop.last -}}
+{% endfor %}
+
+{% endif %}
+
 """
 
 default_config_data = {
-- 
cgit v1.2.3


From 65f5e295c3dbe72ca3df831c552d7bc92389c958 Mon Sep 17 00:00:00 2001
From: Daniil Baturin <daniil@baturin.org>
Date: Wed, 3 Jul 2019 04:00:50 +0200
Subject: T1504: wait for commit lock before trying to update resolv.conf in
 the out of CLI mode.

---
 src/conf_mode/dns_forwarding.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/conf_mode/dns_forwarding.py')

diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py
index 0ce2eee2c..b9a5b99e9 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/dns_forwarding.py
@@ -23,6 +23,8 @@ import argparse
 import jinja2
 import netifaces
 
+import vyos.util
+
 from vyos.config import Config
 from vyos import ConfigError
 
@@ -265,6 +267,12 @@ def apply(dns):
 
 if __name__ == '__main__':
     args = parser.parse_args()
+
+    if args.dhclient:
+        # There's a big chance it was triggered by a commit still in progress
+        # so we need to wait until the new values are in the running config
+        vyos.util.wait_for_commit_lock()
+
     try:
         c = get_config(args)
         verify(c)
-- 
cgit v1.2.3


From 5886dd27cbc65f8cda04752bbd39a960b0887523 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Sun, 14 Jul 2019 10:59:07 +0200
Subject: [dns-forwarding] T1333: handle domain forward and general recursion
 in one configuration line

In the past we used the PowerDNS cofniguration option forward-zones and
forward-zones-recurse, but only the latter one sets the recursion bit in
the DNS query.

Thus all recursions have been moved to this config statement.
---
 src/conf_mode/dns_forwarding.py | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

(limited to 'src/conf_mode/dns_forwarding.py')

diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py
index aab389074..3ca77adee 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/dns_forwarding.py
@@ -65,21 +65,19 @@ local-address={{ listen_on | join(',') }}
 # dnssec
 dnssec={{ dnssec }}
 
-{% if name_servers -%}
-# name-server
-forward-zones-recurse=.={{ name_servers | join(';') }}
-{% else %}
-# no name-servers specified - start full recursor
-{% endif %}
-
-# domain ... server ...
-{% if domains -%}
-
-forward-zones-recurse={% for d in domains %}
+# forward-zones / recursion
+#
+# statement is only inserted if either one forwarding domain or nameserver is configured
+# if nothing is given at all, powerdns will act as a real recursor and resolve all requests by its own
+#
+{% if name_servers or domains %}forward-zones-recurse=
+{%- for d in domains %}
 {{ d.name }}={{ d.servers | join(";") }}
-{{- "," if not loop.last -}}
-{% endfor %}
-
+{{- ", " if not loop.last -}}
+{%- endfor -%}
+{%- if name_servers -%}
+{%- if domains -%}, {% endif -%}.={{ name_servers | join(';') }}
+{% endif %}
 {% endif %}
 
 """
@@ -248,7 +246,6 @@ def generate(dns):
         return None
 
     tmpl = jinja2.Template(config_tmpl, trim_blocks=True)
-
     config_text = tmpl.render(dns)
     with open(config_file, 'w') as f:
         f.write(config_text)
-- 
cgit v1.2.3