Inhibit DNS service

If Samba DC is configured on the local node, inhibit our DNS service.
NethServer · Dec 11, 2024 · 212d35f · 212d35f
1 parent ab3cf4c
commit 212d35f
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 5 deletions.
diff --git a/imageroot/actions/get-configuration/10get b/imageroot/actions/get-configuration/10get
@@ -7,7 +7,7 @@
 
 import json
 import sys
-
+import agent
 import network
 
 config = json.load(open("config.json"))
@@ -18,8 +18,14 @@ if config["interface"] != "" and config["dhcp-server"]["start"] == "" and config
     config["dhcp-server"]["start"] = str(interface["start"])
     config["dhcp-server"]["end"] = str(interface["end"])
 
-# we test if tcp/53 or udp/53 is bound to the interface
-config["is_dns_bound"] = network.are_ports_53_bound()
+# Lookup local Samba DCs. They want to bind DNS port 53 like us.
+local_samba_dcs = agent.list_service_providers(rdb, 'ldap', 'tcp', {
+    "schema": "ad",
+    "node": os.environ["NODE_ID"],
+})
+
+# we test if tcp/53 or udp/53 is bound to the interface, or local Samba DCs are present
+config["is_dns_bound"] = network.are_ports_53_bound() or local_samba_dcs
 # check if dnsmasq is enabled in the configuration, needed to determine in the UI if the DNS server was enabled and used by dnsmasq.
 # the dnsmasq service is always running, we cannot state if it is enabled/active or not.
 config['is_dns_enabled'] = config["dns-server"]["enabled"]

diff --git a/imageroot/bin/expand-config b/imageroot/bin/expand-config
@@ -31,6 +31,13 @@ except FileNotFoundError:
     json.dump(config, fp=open("config.json", "w"))
 
 
+rdb = agent.redis_connect(use_replica=True)
+# Lookup local Samba DCs. They want to bind DNS port 53 like us.
+local_samba_dcs = agent.list_service_providers(rdb, 'ldap', 'tcp', {
+    "schema": "ad",
+    "node": os.environ["NODE_ID"],
+})
+
 # convert json to configuration file
 with open("dnsmasq.d/00config.conf", "w") as file:
     file.write("# This file is automatically generated by NethServer, manual changes will be lost.\n")
@@ -42,8 +49,11 @@ with open("dnsmasq.d/00config.conf", "w") as file:
     if config["dhcp-server"]["enabled"]:
         file.write("dhcp-range=set:default," + config["dhcp-server"]["start"] + "," + config["dhcp-server"]["end"] + "," + str(config["dhcp-server"]["lease"]) + "h\n")
 
-    # write dns-server configuration
-    if config["dns-server"]["enabled"]:
+    # write dns-server configuration, if no local Samba DC is present
+    if local_samba_dcs:
+        agent.print("Local Active Directory DC found, DNS feature is blocked.", local_samba_dcs, file=sys.stderr)
+        file.write("port=0\n")
+    elif config["dns-server"]["enabled"]:
         file.write("server=" + config["dns-server"]["primary-server"] + "\n")
         if config["dns-server"]["secondary-server"] != "":
             file.write("server=" + config["dns-server"]["secondary-server"] + "\n")