- (* map (fn (_, FirewallNode n, r) => (n, r)) (List.filter (fn (User u, _, _) => u = uname) rules) *)
- ["broken"]
+ map (fn (_, _, r) => formatQueryRule r)
+ (List.filter (fn (User u, FirewallNode n, _) => u = uname andalso n = node) rules)
+ end
+
+fun dnsExists dnsRR dnsRecord =
+ let
+ val dnsRR_string = case dnsRR of
+ FwIPv6 => "AAAA"
+ | FwIPv4 => "A"
+ in
+ (* timeout chosen arbitrarilty, shorter is better if it's reliable *)
+ (* dig outputs true even if the lookup fails, but no output in short mode should work *)
+ case Slave.runOutput (Config.Firewall.dig, ["+short", "+timeout=3", "-t", dnsRR_string, dnsRecord]) of
+ (_, SOME s) => (case Domain.validDomain (substring (s, 0, size s - 2)) of (* delete trailing . from cname *)
+ true => dnsExists dnsRR s (* dig will return CNAME, must recurse *)
+ | false => true) (* maybe also double check ip? use size s - 1 if so! *)
+
+ | (_, NONE) => false