From d35067515e20de764e58d3ad8e343b3e2282a780 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspacek@redhat.com>
Date: Dec 16 2015 14:25:53 +0000
Subject: dns: Handle SERVFAIL in check if domain already exists.


In cases where domain is already delegated to IPA prior installation
we might get timeout or SERVFAIL. The answer depends on the recursive
server we are using for the check.

Reviewed-By: David Kupka <dkupka@redhat.com>

---

diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 4666678..bd1cf78 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -41,7 +41,7 @@ import locale
 import collections
 
 from dns import resolver, rdatatype, reversename
-from dns.exception import DNSException, Timeout
+from dns.exception import DNSException
 import six
 from six.moves import input
 from six.moves import urllib
@@ -1046,7 +1046,7 @@ def reverse_record_exists(ip_address):
     return True
 
 
-def check_zone_overlap(zone, raise_on_timeout=True):
+def check_zone_overlap(zone, raise_on_error=True):
     root_logger.info("Checking DNS domain %s, please wait ..." % zone)
     if not isinstance(zone, DNSName):
         zone = DNSName(zone).make_absolute()
@@ -1058,10 +1058,9 @@ def check_zone_overlap(zone, raise_on_timeout=True):
 
     try:
         containing_zone = resolver.zone_for_name(zone)
-    except Timeout as e:
-        msg = ("DNS check for domain %s failed: %s. Please make sure that the "
-               "domain is properly delegated to this IPA server." % (zone, e))
-        if raise_on_timeout:
+    except DNSException as e:
+        msg = ("DNS check for domain %s failed: %s." % (zone, e))
+        if raise_on_error:
             raise ValueError(msg)
         else:
             root_logger.warning(msg)
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 9374487..8daca55 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -291,7 +291,7 @@ def read_reverse_zone(default, ip_address, allow_zone_overlap=False):
             continue
         if not allow_zone_overlap:
             try:
-                ipautil.check_zone_overlap(zone, raise_on_timeout=False)
+                ipautil.check_zone_overlap(zone, raise_on_error=False)
             except ValueError as e:
                 root_logger.error("Reverse zone %s will not be used: %s"
                                   % (zone, e))
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index 94e9017..763b2ac 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -126,10 +126,12 @@ def install_check(standalone, replica, options, hostname):
         domain = dnsutil.DNSName(util.normalize_zone(api.env.domain))
         print("Checking DNS domain %s, please wait ..." % domain)
         try:
-            ipautil.check_zone_overlap(domain, raise_on_timeout=False)
+            ipautil.check_zone_overlap(domain, raise_on_error=False)
         except ValueError as e:
             if options.force or options.allow_zone_overlap:
-                root_logger.warning(e.message)
+                root_logger.warning("%s Please make sure that the domain is "
+                                    "properly delegated to this IPA server.",
+                                    e.message)
             else:
                 raise e