Hi,
This patch adds options --forwarder and --no-forwarders. At least one of
them must be used if you are doing a setup with DNS server. They are
also mutually exclusive. The --forwarder option can be used more than
once to specify more servers. If the installer runs in interactive mode,
it will prompt the user if none of these option was given at the command

Martin
>From 2dbd272bdbd366c4e1fc9a1b7456c5c6d12377ab Mon Sep 17 00:00:00 2001
From: Martin Nagy <mn...@redhat.com>
Date: Tue, 1 Sep 2009 23:28:52 +0200
Subject: [PATCH] Use DNS forwarders in /etc/named.conf

This patch adds options --forwarder and --no-forwarders. At least one of
them must be used if you are doing a setup with DNS server. They are
also mutually exclusive. The --forwarder option can be used more than
once to specify more servers. If the installer runs in interactive mode,
it will prompt the user if none of these option was given at the command
line.
---
 install/share/bind.named.conf.template |    3 ++
 install/tools/ipa-server-install       |   46 +++++++++++++++++++++++++++++++-
 install/tools/man/ipa-server-install.1 |   12 +++++++-
 ipaserver/install/bindinstance.py      |   13 ++++++++-
 4 files changed, 71 insertions(+), 3 deletions(-)

diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index 69bd86b..8b5fac2 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -5,6 +5,9 @@ options {
 	statistics-file		"data/named_stats.txt";
 	memstatistics-file	"data/named_mem_stats.txt";
 
+	forward first;
+	forwarders {$FORWARDERS};
+
 	tkey-gssapi-credential "DNS/$FQDN";
 	tkey-domain "$REALM";
 };
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index d0e9397..2c890b4 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -84,6 +84,10 @@ def parse_options():
                       default=False, help="configure bind with our zone file")
     parser.add_option("--setup-dns", dest="setup_dns", action="store_true",
                       default=False, help="configure bind with our zone")
+    parser.add_option("--forwarder", dest="forwarders", action="append",
+                      help="Add a DNS forwarder")
+    parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
+                      default=False, help="Do not add any DNS forwarders, use root servers instead")
     parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
                       default=False, help="unattended installation never prompts the user")
     parser.add_option("", "--uninstall", dest="uninstall", action="store_true",
@@ -108,6 +112,14 @@ def parse_options():
                       help="The starting gid value (default random)")
     options, args = parser.parse_args()
 
+    if not options.setup_dns:
+        if options.forwarders:
+            parser.error("You cannot specify a --forwarder option without the --setup-dns option")
+        if options.no_forwarders:
+            parser.error("You cannot specify a --no-forwarders option without the --setup-dns option")
+    elif options.forwarders and options.no_forwarders:
+        parser.error("You cannot specify a --forwarder option together with --no-forwarders")
+
     if options.uninstall:
         if (options.ds_user or options.realm_name or
             options.dm_password or options.admin_password or
@@ -117,6 +129,9 @@ def parse_options():
         if (not options.ds_user or not options.realm_name or
             not options.dm_password or not options.admin_password):
             parser.error("error: In unattended mode you need to provide at least -u, -r, -p and -a options")
+        if options.setup_dns:
+            if not options.forwarders and not options.no_forwarders:
+                parser.error("You must specify at least one --forwarder option or --no-forwarders option")
 
     # If any of the PKCS#12 options are selected, all are required. Create a
     # list of the options and count it to enforce that all are required without
@@ -210,6 +225,27 @@ def read_ip_address(host_name):
 
         return ip
 
+def read_dns_forwarders():
+    addrs = []
+    while True:
+        ip = user_input("Enter IP address for a DNS forwarder (empty to stop)", allow_empty=True)
+
+        if not ip:
+            break
+        if ip == "127.0.0.1" or ip == "::1":
+            print "You cannot use localhost as a DNS forwarder"
+            continue
+        if not verify_ip_address(ip):
+            continue
+
+        print "DNS forwarder %s added" % ip
+        addrs.append(ip)
+
+    if not addrs:
+        print "No DNS forwarders configured"
+
+    return addrs
+
 def read_ds_user():
     print "The server must run as a specific user in a specific group."
     print "It is strongly recommended that this user should have no privileges"
@@ -504,6 +540,14 @@ def main():
     else:
         admin_password = options.admin_password
 
+    if options.setup_dns:
+        if options.no_forwarders:
+            dns_forwarders = ()
+        elif options.forwarders:
+            dns_forwarders = options.forwarders
+        else:
+            dns_forwarders = read_dns_forwarders()
+
     if not options.unattended:
         print ""
         print "The following operations may take some minutes to complete."
@@ -591,7 +635,7 @@ def main():
 
     # Create a BIND instance
     bind = bindinstance.BindInstance(fstore, dm_password)
-    bind.setup(host_name, ip_address, realm_name, domain_name)
+    bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders)
     if options.setup_dns:
         bind.create_instance()
     else:
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index df977c2..5b0df3d 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -56,8 +56,18 @@ The IP address of this server
 An unattended installation that will never prompt for user input
 .TP
 \fB\-\-setup\-dns\fR
-Generate a DNS zone if it does not exist already and configure the DNS server
+Generate a DNS zone if it does not exist already and configure the DNS server.
+This option requires that you either specify at least one DNS forwarder through
+the \fB\-\-forwarder\fR option or use the \fB\-\-no\-forwarders\fR option.
 .TP 
+\fB\-\-forwarder\fR=\fIIP_ADDRESS\fR
+Add a DNS forwarder to the DNS configuration. You can use this option multiple
+times to specify more forwarders, but at least one must be provided, unless
+the \fB\-\-no\-forwarders\fR option is specified.
+.TP
+\fB\-\-no\-forwarders\fR
+Do not add any DNS forwarders. Root DNS servers will be used instead.
+.TP
 \fB\-n\fR, \fB\-\-no\-ntp\fR
 Do not configure NTP
 \fB\-U\fR, \fB\-\-uninstall\fR
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index f5a7046..e2c91f3 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -52,6 +52,7 @@ class BindInstance(service.Service):
         self.host = None
         self.ip_address = None
         self.realm = None
+        self.forwarders = None
         self.sub_dict = None
 
         if fstore:
@@ -59,12 +60,13 @@ class BindInstance(service.Service):
         else:
             self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
 
-    def setup(self, fqdn, ip_address, realm_name, domain_name, named_user="named"):
+    def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, named_user="named"):
         self.named_user = named_user
         self.fqdn = fqdn
         self.ip_address = ip_address
         self.realm = realm_name
         self.domain = domain_name
+        self.forwarders = forwarders
         self.host = fqdn.split(".")[0]
         self.suffix = util.realm_to_suffix(self.realm)
 
@@ -146,11 +148,20 @@ class BindInstance(service.Service):
         self.chkconfig_on()
 
     def __setup_sub_dict(self):
+        if self.forwarders:
+            fwds = "\n"
+            for forwarder in self.forwarders:
+                fwds += "\t\t%s;\n" % forwarder
+            fwds += "\t"
+        else:
+            fwds = " "
+
         self.sub_dict = dict(FQDN=self.fqdn,
                              IP=self.ip_address,
                              DOMAIN=self.domain,
                              HOST=self.host,
                              REALM=self.realm,
+                             FORWARDERS=fwds,
                              SUFFIX=self.suffix,
                              REVERSE_HOST=self.reverse_host,
                              REVERSE_SUBNET=self.reverse_subnet)
-- 
1.6.0.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to