From e39cc53d90175e3cae6805302f318a96bc0e1af1 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Sep 14 2016 12:57:07 +0000
Subject: Catch DNS exceptions during emptyzones named.conf upgrade


For some reasons named may not be runnig and this cause fail of this
upgrade step. This step is not critical so only ERROR message with
recommendation is shown.

https://fedorahosted.org/freeipa/ticket/6205

Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>

---

diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
index 19ea8ca..b47d8fa 100644
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -11,6 +11,8 @@ import pwd
 import fileinput
 import sys
 
+import dns.exception
+
 import six
 from six.moves.configparser import SafeConfigParser
 
@@ -840,9 +842,18 @@ def named_update_global_forwarder_policy():
         'forward_policy_conflict_with_empty_zones_handled',
         True
     )
-    if not dnsutil.has_empty_zone_addresses(api.env.host):
-        # guess: local server does not have IP addresses from private ranges
-        # so hopefully automatic empty zones are not a problem
+    try:
+        if not dnsutil.has_empty_zone_addresses(api.env.host):
+            # guess: local server does not have IP addresses from private
+            # ranges so hopefully automatic empty zones are not a problem
+            return False
+    except dns.exception.DNSException as ex:
+        root_logger.error(
+            'Skipping update of global DNS forwarder in named.conf: '
+            'Unable to determine if local server is using an '
+            'IP address belonging to an automatic empty zone. '
+            'Consider changing forwarding policy to "only". '
+            'DNS exception: %s', ex)
         return False
 
     if bindinstance.named_conf_get_directive(