Fix the nsupdate module's TTL change detection (#42973)

Ideally I would have liked to compare the TTL as part of the prerequisite check. Sadly that isn't supported by the RFC 2136 update protocol. Hence the additional query. Resolves #39465
2018-08-15 20:33:00 +02:00 · 2018-08-15 20:33:00 +02:00 · 3ddec4d64e
commit 3ddec4d64e
parent 63e87a3a0a
1 changed files with 20 additions and 1 deletions
--- a/lib/ansible/modules/net_tools/nsupdate.py
+++ b/lib/ansible/modules/net_tools/nsupdate.py
@ -190,6 +190,11 @@ class RecordManager(object):
            if self.zone[-1] != '.':
                self.zone += '.'

+        if module.params['record'][-1] != '.':
+            self.fqdn = module.params['record'] + '.' + self.zone
+        else:
+            self.fqdn = module.params['record']
+
        if module.params['key_name']:
            try:
                self.keyring = dns.tsigkeyring.from_text({
@ -326,12 +331,26 @@ class RecordManager(object):
            response = self.__do_update(update)
            self.dns_rc = dns.message.Message.rcode(response)
            if self.dns_rc == 0:
-                return 1
+                if self.ttl_changed():
+                    return 2
+                else:
+                    return 1
            else:
                return 2
        else:
            return 0

+    def ttl_changed(self):
+        query = dns.message.make_query(self.fqdn, self.module.params['type'])
+
+        try:
+            lookup = dns.query.tcp(query, self.module.params['server'], timeout=10, port=self.module.params['port'])
+        except (socket_error, dns.exception.Timeout) as e:
+            self.module.fail_json(msg='DNS server error: (%s): %s' % (e.__class__.__name__, to_native(e)))
+
+        current_ttl = lookup.answer[0].ttl
+        return current_ttl != self.module.params['ttl']
+

 def main():
    tsig_algs = ['HMAC-MD5.SIG-ALG.REG.INT', 'hmac-md5', 'hmac-sha1', 'hmac-sha224',