nsupdate: zone lookup failure

[n0p90]

Summary

The nsupdate module fails to lookup the zone of a record since the dns.resolver.zone_for_name() call was replaced by custom SOA lookup code. The bug was introduced by commit ansible/ansible@75dfe6c, prior to the nsupdate module being migrated to this repo.

The cause of this bug is that the SOA record returned when querying an existing zone is returned in the "Answer RR" part of the DNS response and not in its "Authority RR".

$ dig -t SOA example.com

; <<>> DiG 9.18.10 <<>> -t SOA example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28004
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.com.			IN	SOA

;; ANSWER SECTION:
example.com.		3600	IN	SOA	ns.icann.org. noc.dns.icann.org. 2022091184 7200 3600 1209600 3600

;; Query time: 440 msec
;; SERVER: 10.0.3.1#53(10.0.3.1) (UDP)
;; WHEN: Wed Jan 11 22:03:54 UTC 2023
;; MSG SIZE  rcvd: 96

It is returned in the "Authority RR" of the DNS response only when querying for a subdomain of an existing zone:

$ dig -t SOA www.example.com

; <<>> DiG 9.18.10 <<>> -t SOA www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34132
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.example.com.		IN	SOA

;; AUTHORITY SECTION:
example.com.		3600	IN	SOA	ns.icann.org. noc.dns.icann.org. 2022091184 7200 3600 1209600 3600

;; Query time: 290 msec
;; SERVER: 10.0.3.1#53(10.0.3.1) (UDP)
;; WHEN: Wed Jan 11 22:05:07 UTC 2023
;; MSG SIZE  rcvd: 100

I'll send a PR to fix this issue.

Issue Type

Bug Report

Component Name

nsupdate

Ansible Version

$ ansible --version
ansible [core 2.13.3]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.13 (main, Nov 16 2022, 15:31:39) [GCC 8.5.0 20210514 (Red Hat 8.5.0-15)]
  jinja version = 3.1.2
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general

# /usr/lib/python3.9/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 5.5.0

OS / Environment

Rocky Linux release 8.7 (Green Obsidian)

Steps to Reproduce

Use community.general.nsupdate without a zone value:

- name: Add or modify ansible.mydomain.com A to 192.168.1.1"
  community.general.nsupdate:
    key_name: "nsupdate"
    key_secret: "+bFQtBCta7j2vWkjPkAFtgA=="
    server: "10.1.1.1"
    record: "ansible.mydomain.com."
    value: "192.168.1.1"

Expected Results

The zone lookup works and the record is inserted in the mydomain.com zone.

Actual Results

Fails with the following error:

Zone lookup failure: '10.1.1.1' will not respond to queries regarding 'ansible.mydomain.com.'.

Code of Conduct

• I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/modules/nsupdate.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @nerzhul
click here for bot help

[n0p90]

Fixed with merge of #5818