From 6f68f45a33ce88564986fd11377a032514fdc159 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Tue, 25 Oct 2022 07:44:12 +0200
Subject: [PATCH] misc: do not use dns.resolver.query on later versions of
 dnspython (#70632)

---
 src/authentic2/utils/evaluate.py | 11 ++++++++++-
 tests/test_utils_evaluate.py     |  6 ++++--
 tox.ini                          |  3 +++
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/authentic2/utils/evaluate.py b/src/authentic2/utils/evaluate.py
index d0833f22..a81c9d73 100644
--- a/src/authentic2/utils/evaluate.py
+++ b/src/authentic2/utils/evaluate.py
@@ -90,12 +90,21 @@ def is_valid_hostname(hostname):
     return all(allowed.match(label) for label in labels)
 
 
+def _resolver_resolve(domain):
+    try:
+        method = dns.resolver.resolve
+    except AttributeError:
+        # support for dnspython 2.0.0 on bullseye, prevent deprecation warning on later versions
+        method = dns.resolver.query
+    return method(domain, 'A', lifetime=1)
+
+
 def check_dnsbl(dnsbl, remote_addr):
     domain = '.'.join(reversed(remote_addr.split('.'))) + '.' + dnsbl
     exception = None
     log = logger.debug
     try:
-        answers = dns.resolver.query(domain, 'A', lifetime=1)
+        answers = _resolver_resolve(domain)
         result = any(answer.address for answer in answers)
     except dns.resolver.NXDOMAIN as e:
         exception = e
diff --git a/tests/test_utils_evaluate.py b/tests/test_utils_evaluate.py
index 15a2bea3..27c624f6 100644
--- a/tests/test_utils_evaluate.py
+++ b/tests/test_utils_evaluate.py
@@ -107,7 +107,9 @@ def test_http_headers(rf):
 def test_dnsbl_ok():
     from authentic2.utils.evaluate import dnsbl
 
-    with mock.patch('dns.resolver.resolve', return_value=[mock.Mock(address='127.0.0.2')]):
+    with mock.patch(
+        'authentic2.utils.evaluate._resolver_resolve', return_value=[mock.Mock(address='127.0.0.2')]
+    ):
         assert (
             evaluate_condition(
                 "remote_addr in dnsbl('example.com')", ctx={'dnsbl': dnsbl, 'remote_addr': '1.2.3.4'}
@@ -121,7 +123,7 @@ def test_dnsbl_nok():
 
     from authentic2.utils.evaluate import dnsbl
 
-    with mock.patch('dns.resolver.resolve', side_effect=NXDOMAIN):
+    with mock.patch('authentic2.utils.evaluate._resolver_resolve', side_effect=NXDOMAIN):
         assert (
             evaluate_condition(
                 "remote_addr in dnsbl('example.com')", ctx={'dnsbl': dnsbl, 'remote_addr': '1.2.3.4'}
diff --git a/tox.ini b/tox.ini
index 73333cf0..510eccc5 100644
--- a/tox.ini
+++ b/tox.ini
@@ -52,8 +52,10 @@ deps =
   buster: django<2.3
   buster: django-model-utils<4
   buster: django-select2>=5,<6
+  buster: dnspython==1.16.0
   bullseye: django<2.3
   bullseye: django-model-utils<4
+  bullseye: dnspython==2.0.0
   bullseye: django-select2>=5,<6
   stable-backports: django>=3.2.12,<3.3
   stable-backports: django-model-utils>=4.2,<4.3
@@ -172,6 +174,7 @@ commands =
 filterwarnings =
   ignore
   once:::authentic2.*
+  error:.*please use dns.resolver.resolve:DeprecationWarning:
 junit_family=xunit2
 
 [coverage:run]
-- 
2.37.2