Add port option for rfc2136 plugin (#5844)

2026-06-14 19:20:09 -04:00 · 2018-04-13 18:17:08 +02:00 · 2018-04-13 18:17:08 +02:00 · 523cdc578d
commit 523cdc578d
parent e0a5b1229f
3 changed files with 19 additions and 11 deletions
--- a/certbot-dns-rfc2136/certbot_dns_rfc2136/init.py
+++ b/certbot-dns-rfc2136/certbot_dns_rfc2136/init.py
@ -21,8 +21,9 @@ Credentials
 -----------

 Use of this plugin requires a configuration file containing the target DNS
-server that supports RFC 2136 Dynamic Updates, the name of the TSIG key, the
-TSIG key secret itself and the algorithm used if it's different to HMAC-MD5.
+server and optional port that supports RFC 2136 Dynamic Updates, the name
+of the TSIG key, the TSIG key secret itself and the algorithm used if it's
+different to HMAC-MD5.

 .. code-block:: ini
   :name: credentials.ini
@ -30,6 +31,8 @@ TSIG key secret itself and the algorithm used if it's different to HMAC-MD5.

   # Target DNS server
   dns_rfc2136_server = 192.0.2.1
+   # Target DNS port
+   dns_rfc2136_port = 53
   # TSIG key name
   dns_rfc2136_name = keyname.
   # TSIG key secret
--- a/certbot-dns-rfc2136/certbot_dns_rfc2136/dns_rfc2136.py
+++ b/certbot-dns-rfc2136/certbot_dns_rfc2136/dns_rfc2136.py
@ -36,6 +36,8 @@ class Authenticator(dns_common.DNSAuthenticator):
      'HMAC-SHA512': dns.tsig.HMAC_SHA512
    }

+    PORT = 53
+
    description = 'Obtain certificates using a DNS TXT record (if you are using BIND for DNS).'
    ttl = 120

@ -78,6 +80,7 @@ class Authenticator(dns_common.DNSAuthenticator):

    def _get_rfc2136_client(self):
        return _RFC2136Client(self.credentials.conf('server'),
+                              int(self.credentials.conf('port') or self.PORT),
                              self.credentials.conf('name'),
                              self.credentials.conf('secret'),
                              self.ALGORITHMS.get(self.credentials.conf('algorithm'),
@ -88,8 +91,9 @@ class _RFC2136Client(object):
    """
    Encapsulates all communication with the target DNS server.
    """
-    def __init__(self, server, key_name, key_secret, key_algorithm):
+    def __init__(self, server, port, key_name, key_secret, key_algorithm):
        self.server = server
+        self.port = port
        self.keyring = dns.tsigkeyring.from_text({
            key_name: key_secret
        })
@ -118,7 +122,7 @@ class _RFC2136Client(object):
        update.add(rel, record_ttl, dns.rdatatype.TXT, record_content)

        try:
-            response = dns.query.tcp(update, self.server)
+            response = dns.query.tcp(update, self.server, port=self.port)
        except Exception as e:
            raise errors.PluginError('Encountered error adding TXT record: {0}'
                                     .format(e))
@ -153,7 +157,7 @@ class _RFC2136Client(object):
        update.delete(rel, dns.rdatatype.TXT, record_content)

        try:
-            response = dns.query.tcp(update, self.server)
+            response = dns.query.tcp(update, self.server, port=self.port)
        except Exception as e:
            raise errors.PluginError('Encountered error deleting TXT record: {0}'
                                     .format(e))
@ -202,7 +206,7 @@ class _RFC2136Client(object):
        request.flags ^= dns.flags.RD

        try:
-            response = dns.query.udp(request, self.server)
+            response = dns.query.udp(request, self.server, port=self.port)
            rcode = response.rcode()

            # Authoritative Answer bit should be set
--- a/certbot-dns-rfc2136/certbot_dns_rfc2136/dns_rfc2136_test.py
+++ b/certbot-dns-rfc2136/certbot_dns_rfc2136/dns_rfc2136_test.py
@ -14,6 +14,7 @@ from certbot.plugins.dns_test_common import DOMAIN
 from certbot.tests import util as test_util

 SERVER = '192.0.2.1'
+PORT = 53
 NAME = 'a-tsig-key.'
 SECRET = 'SSB3b25kZXIgd2hvIHdpbGwgYm90aGVyIHRvIGRlY29kZSB0aGlzIHRleHQK'
 VALID_CONFIG = {"rfc2136_server": SERVER, "rfc2136_name": NAME, "rfc2136_secret": SECRET}
@ -74,7 +75,7 @@ class RFC2136ClientTest(unittest.TestCase):
    def setUp(self):
        from certbot_dns_rfc2136.dns_rfc2136 import _RFC2136Client

-        self.rfc2136_client = _RFC2136Client(SERVER, NAME, SECRET, dns.tsig.HMAC_MD5)
+        self.rfc2136_client = _RFC2136Client(SERVER, PORT, NAME, SECRET, dns.tsig.HMAC_MD5)

    @mock.patch("dns.query.tcp")
    def test_add_txt_record(self, query_mock):
@ -84,7 +85,7 @@ class RFC2136ClientTest(unittest.TestCase):

        self.rfc2136_client.add_txt_record("bar", "baz", 42)

-        query_mock.assert_called_with(mock.ANY, SERVER)
+        query_mock.assert_called_with(mock.ANY, SERVER, port=PORT)
        self.assertTrue("bar. 42 IN TXT \"baz\"" in str(query_mock.call_args[0][0]))

    @mock.patch("dns.query.tcp")
@ -117,7 +118,7 @@ class RFC2136ClientTest(unittest.TestCase):

        self.rfc2136_client.del_txt_record("bar", "baz")

-        query_mock.assert_called_with(mock.ANY, SERVER)
+        query_mock.assert_called_with(mock.ANY, SERVER, port=PORT)
        self.assertTrue("bar. 0 NONE TXT \"baz\"" in str(query_mock.call_args[0][0]))

    @mock.patch("dns.query.tcp")
@ -169,7 +170,7 @@ class RFC2136ClientTest(unittest.TestCase):
        # _query_soa | pylint: disable=protected-access
        result = self.rfc2136_client._query_soa(DOMAIN)

-        query_mock.assert_called_with(mock.ANY, SERVER)
+        query_mock.assert_called_with(mock.ANY, SERVER, port=PORT)
        self.assertTrue(result == True)

    @mock.patch("dns.query.udp")
@ -179,7 +180,7 @@ class RFC2136ClientTest(unittest.TestCase):
        # _query_soa | pylint: disable=protected-access
        result = self.rfc2136_client._query_soa(DOMAIN)

-        query_mock.assert_called_with(mock.ANY, SERVER)
+        query_mock.assert_called_with(mock.ANY, SERVER, port=PORT)
        self.assertTrue(result == False)

    @mock.patch("dns.query.udp")