Inhibit DNS service

If Samba DC is configured on the local node, inhibit our DNS service.
NethServer · Dec 11, 2024 · 1ded98e · 1ded98e
1 parent 4989a99
commit 1ded98e
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 5 deletions.
diff --git a/imageroot/actions/get-configuration/10get b/imageroot/actions/get-configuration/10get
@@ -7,7 +7,7 @@
 
 import json
 import sys
-
+import agent
 import network
 
 config = json.load(open("config.json"))
@@ -18,8 +18,8 @@ if config["interface"] != "" and config["dhcp-server"]["start"] == "" and config
     config["dhcp-server"]["start"] = str(interface["start"])
     config["dhcp-server"]["end"] = str(interface["end"])
 
-# we test if tcp/53 or udp/53 is bound to the interface
-config["is_dns_bound"] = network.are_ports_53_bound()
+# we test if tcp/53 or udp/53 is bound to the interface, or local Samba DCs are present
+config["is_dns_bound"] = network.are_ports_53_bound() or network.get_local_samba_dcs()
 # check if dnsmasq is enabled in the configuration, needed to determine in the UI if the DNS server was enabled and used by dnsmasq.
 # the dnsmasq service is always running, we cannot state if it is enabled/active or not.
 config['is_dns_enabled'] = config["dns-server"]["enabled"]

diff --git a/imageroot/bin/expand-config b/imageroot/bin/expand-config
@@ -8,6 +8,7 @@
 import json
 import sys
 import agent
+import network
 
 # Read configuration from a JSON file or initialize it.
 try:
@@ -31,6 +32,9 @@ except FileNotFoundError:
     json.dump(config, fp=open("config.json", "w"))
 
 
+# Lookup local Samba DCs. They want to bind DNS port 53 like us.
+local_samba_dcs = network.get_local_samba_dcs()
+
 # convert json to configuration file
 with open("dnsmasq.d/00config.conf", "w") as file:
     file.write("# This file is automatically generated by NethServer, manual changes will be lost.\n")
@@ -42,8 +46,11 @@ with open("dnsmasq.d/00config.conf", "w") as file:
     if config["dhcp-server"]["enabled"]:
         file.write("dhcp-range=set:default," + config["dhcp-server"]["start"] + "," + config["dhcp-server"]["end"] + "," + str(config["dhcp-server"]["lease"]) + "h\n")
 
-    # write dns-server configuration
-    if config["dns-server"]["enabled"]:
+    # write dns-server configuration, if no local Samba DC is present
+    if local_samba_dcs:
+        agent.print("Local Active Directory DC found, DNS feature is blocked.", local_samba_dcs, file=sys.stderr)
+        file.write("port=0\n")
+    elif config["dns-server"]["enabled"]:
         file.write("server=" + config["dns-server"]["primary-server"] + "\n")
         if config["dns-server"]["secondary-server"] != "":
             file.write("server=" + config["dns-server"]["secondary-server"] + "\n")

diff --git a/imageroot/pypkg/network.py b/imageroot/pypkg/network.py
@@ -9,6 +9,7 @@
 import json
 import subprocess
 import socket
+import agent
 
 
 def __filter_interface(interface):
@@ -78,3 +79,18 @@ def are_ports_53_bound(ip='127.0.0.1'):
     Check if both TCP and UDP ports 53 are bound on a specific IP address.
     """
     return __is_port_bound(53, 'tcp', ip) or __is_port_bound(53, 'udp', ip)
+
+def get_local_samba_dcs():
+    """
+    Lookup Samba modules installed on the local node. Returns an array of
+    Samba module IDs that were installed on the local node. Typically the
+    array has 1 element at most.
+    """
+    rdb = agent.redis_connect(use_replica=True)
+    local_samba_dcs = []
+    for module_id, node_id in rdb.hgetall("cluster/module_node").items():
+        if node_id != os.environ["NODE_ID"]:
+            continue
+        if module_id.startswith('samba'):
+            local_samba_dcs.append(module_id)
+    return local_samba_dcs