Open JedMeister opened 4 years ago
Or better still, perhaps we should just probe the domain(s) and check if they point to the public IP of the current server?!
I note that the public IP can be determined via the python3 standard library like this:
import urllib.request
external_ip = urllib.request.urlopen('https://www.wikipedia.org').headers['X-Client-IP']
external_ip
will be a string containing the public IP address.
Then if the dnspython
library (python3-dnspython
in Debian repos) is installed, then the A record of the desired domain name can be checked like this:
domain = 'domain.to.check.com'
answers = dns.resolver.query(domain, 'A')
for answer in answers:
print(answer.to_text())
answer.to_text()
should be a string containing the 'A' record IP address. For the couple that I tested, answers[0].to_text()
returned the same info.
It is possible the domain has multiple A records as such here's a possible solution
from urllib.request import request
import dns
external_ip = urllib.request.urlopen('https://www.wikipedia.org').headers['X-Client-IP']
domain = 'domain.to.check.com'
domain_is_correct = False
for record in dns.resolver.query(domain, 'A'):
if record.to_text() == external_ip: # note these may differ in format/type, couldn't find direct info in docs
domain_is_correct = True
break
if domain_is_correct:
...
else:
...
Deferring to 17.0, but I might handle this beforehand if I get the time.
I have implemented an improvement. It now suggests checking via Google's online DIG tool.
We could still do better though, so I'll leave this open.
As suggested by Farmer20 in the forums it might be useful to have some more noob friendly docs explaining what "correctly configured" DNS means in context of Let's Encrypt.