Fix dns rfc2136 (#7142) (#7143)

* Revert "Add an option to dns_rfc2136 plugin to specify an authorative base domain. (#7029)"

This reverts commit 5ab6a597b0.

* Update changelog.

(cherry picked from commit 23b52ca1c8)

CHANGELOG.md

@@ -2,6 +2,23 @@
 
 Certbot adheres to [Semantic Versioning](https://semver.org/).
 
+## 0.35.1 - master
+
+### Fixed
+
+* Support for specifying an authoritative base domain in our dns-rfc2136 plugin
+  has been removed. This feature was added in our last release but had a bug
+  which caused the plugin to fail so the feature has been removed until it can
+  be added properly.
+
+Despite us having broken lockstep, we are continuing to release new versions of
+all Certbot components during releases for the time being, however, the only
+package with changes other than its version number was:
+
+* certbot-dns-rfc2136
+
+More details about these changes can be found on our GitHub repo.
+
 ## 0.35.0 - 2019-06-05
 
 ### Added

certbot-dns-rfc2136/certbot_dns_rfc2136/__init__.py

@@ -21,8 +21,8 @@ Credentials
 -----------
 
 Use of this plugin requires a configuration file containing the target DNS
-server, optional authorative domain and optional port that supports RFC 2136 Dynamic Updates,
-the name of the TSIG key, the TSIG key secret itself and the algorithm used if it's
+server and optional port that supports RFC 2136 Dynamic Updates, the name
+of the TSIG key, the TSIG key secret itself and the algorithm used if it's
 different to HMAC-MD5.
 
 .. code-block:: ini
@@ -33,8 +33,6 @@ different to HMAC-MD5.
    dns_rfc2136_server = 192.0.2.1
    # Target DNS port
    dns_rfc2136_port = 53
-   # Authorative domain (optional, will try to auto-detect if missing)
-   dns_rfc2136_base_domain = example.com
    # TSIG key name
    dns_rfc2136_name = keyname.
    # TSIG key secret

certbot-dns-rfc2136/certbot_dns_rfc2136/dns_rfc2136.py

@@ -79,33 +79,25 @@ class Authenticator(dns_common.DNSAuthenticator):
         self._get_rfc2136_client().del_txt_record(validation_name, validation)
 
     def _get_rfc2136_client(self):
-        key = _RFC2136Key(self.credentials.conf('name'),
-                          self.credentials.conf('secret'),
-                          self.ALGORITHMS.get(self.credentials.conf('algorithm'),
-                                              dns.tsig.HMAC_MD5))
         return _RFC2136Client(self.credentials.conf('server'),
                               int(self.credentials.conf('port') or self.PORT),
-                              key,
-                              self.credentials.conf('base-domain'))
+                              self.credentials.conf('name'),
+                              self.credentials.conf('secret'),
+                              self.ALGORITHMS.get(self.credentials.conf('algorithm'),
+                                                  dns.tsig.HMAC_MD5))
 
-class _RFC2136Key(object):
-    def __init__(self, name, secret, algorithm):
-        self.name = name
-        self.secret = secret
-        self.algorithm = algorithm
 
 class _RFC2136Client(object):
     """
     Encapsulates all communication with the target DNS server.
     """
-    def __init__(self, server, port, base_domain, key):
+    def __init__(self, server, port, key_name, key_secret, key_algorithm):
         self.server = server
         self.port = port
         self.keyring = dns.tsigkeyring.from_text({
-            key.name: key.secret
+            key_name: key_secret
         })
-        self.algorithm = key.algorithm
-        self.base_domain = base_domain
+        self.algorithm = key_algorithm
 
     def add_txt_record(self, record_name, record_content, record_ttl):
         """
@@ -179,33 +171,23 @@ class _RFC2136Client(object):
 
     def _find_domain(self, record_name):
         """
-        If 'base_domain' option is specified check if the requested domain matches this base domain
-        and return it. If not explicitly specified find the closest domain with an SOA record for
-        the given domain name.
+        Find the closest domain with an SOA record for a given domain name.
 
-        :param str record_name: The record name for which to find the base domain.
+        :param str record_name: The record name for which to find the closest SOA record.
         :returns: The domain, if found.
         :rtype: str
         :raises certbot.errors.PluginError: if no SOA record can be found.
         """
 
-        if self.base_domain:
-            if not record_name.endswith(self.base_domain):
-                raise errors.PluginError('Requested domain {0} does not match specified base '
-                                         'domain {1}.'
-                                         .format(record_name, self.base_domain))
-            else:
-                return self.base_domain
-        else:
-            domain_name_guesses = dns_common.base_domain_name_guesses(record_name)
+        domain_name_guesses = dns_common.base_domain_name_guesses(record_name)
 
-            # Loop through until we find an authoritative SOA record
-            for guess in domain_name_guesses:
-                if self._query_soa(guess):
-                    return guess
+        # Loop through until we find an authoritative SOA record
+        for guess in domain_name_guesses:
+            if self._query_soa(guess):
+                return guess
 
-            raise errors.PluginError('Unable to determine base domain for {0} using names: {1}.'
-                                     .format(record_name, domain_name_guesses))
+        raise errors.PluginError('Unable to determine base domain for {0} using names: {1}.'
+                                 .format(record_name, domain_name_guesses))
 
     def _query_soa(self, domain_name):
         """

certbot-dns-rfc2136/certbot_dns_rfc2136/dns_rfc2136_test.py

@@ -73,12 +73,9 @@ class AuthenticatorTest(test_util.TempDirTestCase, dns_test_common.BaseAuthentic
 class RFC2136ClientTest(unittest.TestCase):
 
     def setUp(self):
-        from certbot_dns_rfc2136.dns_rfc2136 import _RFC2136Client, _RFC2136Key
+        from certbot_dns_rfc2136.dns_rfc2136 import _RFC2136Client
 
-        self.rfc2136_client = _RFC2136Client(SERVER,
-                                             PORT,
-                                             None,
-                                             _RFC2136Key(NAME, SECRET, dns.tsig.HMAC_MD5))
+        self.rfc2136_client = _RFC2136Client(SERVER, PORT, NAME, SECRET, dns.tsig.HMAC_MD5)
 
     @mock.patch("dns.query.tcp")
     def test_add_txt_record(self, query_mock):
@@ -165,28 +162,6 @@ class RFC2136ClientTest(unittest.TestCase):
             self.rfc2136_client._find_domain,
             'foo.bar.'+DOMAIN)
 
-    def test_find_domain_with_base(self):
-        # _query_soa | pylint: disable=protected-access
-        self.rfc2136_client._query_soa = mock.MagicMock(side_effect=[False, False, True])
-        self.rfc2136_client.base_domain = 'bar.' + DOMAIN
-
-        # _find_domain | pylint: disable=protected-access
-        domain = self.rfc2136_client._find_domain('foo.bar.' + DOMAIN)
-
-        self.assertTrue(domain == 'bar.' + DOMAIN)
-
-    def test_find_domain_with_wrong_base(self):
-
-        # _query_soa | pylint: disable=protected-access
-        self.rfc2136_client._query_soa = mock.MagicMock(side_effect=[False, False, True])
-        self.rfc2136_client.base_domain = 'wrong.' + DOMAIN
-
-        self.assertRaises(
-            errors.PluginError,
-            # _find_domain | pylint: disable=protected-access
-            self.rfc2136_client._find_domain,
-            'foo.bar.' + DOMAIN)
-
     @mock.patch("dns.query.udp")
     def test_query_soa_found(self, query_mock):
         query_mock.return_value = mock.MagicMock(answer=[mock.MagicMock()], flags=dns.flags.AA)