[Git][NTPsec/ntpsec][master] Address GitLab issue #314: Forward-confirmed reverse DNS

Eric S. Raymond gitlab at mg.gitlab.com
Mon Aug 14 21:35:04 UTC 2017 

Eric S. Raymond pushed to branch master at NTPsec / ntpsec


Commits:
637087c3 by Eric S. Raymond at 2017-08-14T17:34:31-04:00
Address GitLab issue #314: Forward-confirmed reverse DNS

Don't crap out on DNS failure, and add a TTL in the cache.

- - - - -


1 changed file:

- pylib/util.py


Changes:

=====================================
pylib/util.py
=====================================
--- a/pylib/util.py
+++ b/pylib/util.py
@@ -472,8 +472,11 @@ canonicalization_cache = {}
 
 def canonicalize_dns(inhost, family=socket.AF_UNSPEC):
     "Canonicalize a hostname or numeric IP address."
+    TTL = 300
     if inhost in canonicalization_cache:
-        return canonicalization_cache[inhost]
+        (resname, restime) = canonicalization_cache[inhost]
+        if restime >= time.time() - TTL:
+            return resname
     # Catch garbaged hostnames in corrupted Mode 6 responses
     m = re.match("([:.[\]]|\w)*", inhost)
     if not m:
@@ -483,8 +486,7 @@ def canonicalize_dns(inhost, family=socket.AF_UNSPEC):
         ai = socket.getaddrinfo(hostname, None, family, 0, 0,
                                 socket.AI_CANONNAME)
     except socket.gaierror as e:
-        print('getaddrinfo failed: %s' % e, file=sys.stderr)
-        raise SystemExit(1)
+        return "DNSFAIL:%s" % hostname 
     (family, socktype, proto, canonname, sockaddr) = ai[0]
     try:
         name = socket.getnameinfo(sockaddr, socket.NI_NAMEREQD)
@@ -494,7 +496,7 @@ def canonicalize_dns(inhost, family=socket.AF_UNSPEC):
         # Fall back to the hostname.
         canonicalized = canonname or hostname
         result = canonicalized.lower() + portsuffix
-    canonicalization_cache[inhost] = result
+    canonicalization_cache[inhost] = (result, time.time())
     return result
 
 TermSize = collections.namedtuple("TermSize", ["width", "height"])



View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/637087c312d036be6998f44ea026e8655547d4f9

---
View it on GitLab: https://gitlab.com/NTPsec/ntpsec/commit/637087c312d036be6998f44ea026e8655547d4f9
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/vc/attachments/20170814/356d644c/attachment.html>

More information about the vc mailing list