From 97cc951056746c2f0d6bd964f57056fa156037e7 Mon Sep 17 00:00:00 2001
From: redshiftzero <jen@freedom.press>
Date: Mon, 27 Nov 2017 14:53:47 -0800
Subject: [PATCH] testing fix for #2591

will repush with actually informative commit message when this is working
---
 .../validate/tasks/validate_ossec_info.yml    | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/install_files/ansible-base/roles/validate/tasks/validate_ossec_info.yml b/install_files/ansible-base/roles/validate/tasks/validate_ossec_info.yml
index 2d7c74d1b41..51f533f717b 100644
--- a/install_files/ansible-base/roles/validate/tasks/validate_ossec_info.yml
+++ b/install_files/ansible-base/roles/validate/tasks/validate_ossec_info.yml
@@ -49,23 +49,25 @@
   set_fact:
     _smtp_hostname_query_command: >-
       {% if ansible_lsb.id == "Tails" -%}torify {% endif %}
-      nslookup -vc -retry=3 -timeout=10 -fail {{ smtp_relay }} 8.8.8.8
+      host {{ smtp_relay }} 8.8.8.8
     _sasl_hostname_query_command: >-
       {% if ansible_lsb.id == "Tails" %}torify {% endif %}
-      nslookup -vc -retry=3 -timeout=10 -fail {{ sasl_domain }} 8.8.8.8
+      host {{ sasl_domain }} 8.8.8.8
 
 - name: Perform SMTP lookup check.
   command: "{{ _smtp_hostname_query_command }}"
   changed_when: false
   register: smtp_validate_result
-  # We'll inspect return code in subsequent task to provide an informative
-  # failure message.
+  # We'll inspect the output of this command in the next task to see if
+  # an address was found.
   ignore_errors: yes
+  retries: 3
+  timeout: 10
 
 - name: Validate SMTP relay connection.
   assert:
     that:
-      - "{{ smtp_validate_result.rc == 0 }}"
+      - "'has address' not in smtp_validate_result.stdout"
     msg: >-
       The SMTP relay domain failed during lookup. This domain
       is the server contacted for authentication in order to send
@@ -77,14 +79,16 @@
   command: "{{ _sasl_hostname_query_command }}"
   register: sasl_validate_result
   changed_when: false
-  # We'll inspect return code in subsequent task to provide an informative
-  # failure message.
+  # We'll inspect the output of this command in the next task to see if
+  # an address was found.
   ignore_errors: yes
+  retries: 3
+  timeout: 10
 
 - name: Validate SASL domain.
   assert:
     that:
-      - "{{ sasl_validate_result.rc == 0 }}"
+      - "'has address' not in sasl_validate_result.stdout"
     msg: >-
       The SASL domain failed during lookup. This is typically the
       portion of the email address after the '@' symbol, although