When DNS is being installed during ipa-{server,dns,replica}-install,
forward and reverse zone is created. However, reverse zone was always
created with default zonemgr even when a custom zonemgr was passed
to the installer as this functionality was missing in function
creating reverse zone.
Consolidate functions creating forward and reverse zones to avoid
code duplication and errors like this one. Reverse zones are now
created with custom zonemgr (when entered by user).
https://fedorahosted.org/freeipa/ticket/2790
From c7fdd0874a59c3bac8ac609c49da586d2129db46 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Tue, 25 Sep 2012 10:36:01 +0200
Subject: [PATCH] Use custom zonemgr for reverse zones
When DNS is being installed during ipa-{server,dns,replica}-install,
forward and reverse zone is created. However, reverse zone was always
created with default zonemgr even when a custom zonemgr was passed
to the installer as this functionality was missing in function
creating reverse zone.
Consolidate functions creating forward and reverse zones to avoid
code duplication and errors like this one. Reverse zones are now
created with custom zonemgr (when entered by user).
https://fedorahosted.org/freeipa/ticket/2790
---
install/tools/ipa-replica-prepare | 4 +--
ipalib/plugins/dns.py | 25 ++++------------
ipalib/util.py | 13 +++++++++
ipaserver/install/bindinstance.py | 61 ++++++++-------------------------------
4 files changed, 33 insertions(+), 70 deletions(-)
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 56f132a380fc344ca069d554cc1e9ce8653aedb9..dea52ea1e1e88f22083152e326d34ccfc7037842 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -28,7 +28,7 @@ import krbV
from ipapython import ipautil
from ipaserver.install import bindinstance, dsinstance, installutils, certs
-from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr, dns_container_exists
+from ipaserver.install.bindinstance import add_zone, add_fwd_rr, add_ptr_rr, dns_container_exists
from ipaserver.install.replication import enable_replication_version_checking
from ipaserver.install.installutils import resolve_host, BadHostError, HostLookupError
from ipaserver.plugins.ldap2 import ldap2
@@ -466,7 +466,7 @@ def main():
if reverse_zone is not None:
print "Using reverse zone %s" % reverse_zone
- add_reverse_zone(reverse_zone)
+ add_zone(reverse_zone)
add_ptr_rr(reverse_zone, ip_address, replica_fqdn)
try:
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 8c269c0a038515b9d635db7f591f82dee3189439..febd4d17c06e46291715d1ecdcded2d5bdea5aea 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -34,7 +34,7 @@ from ipalib import _, ngettext
from ipalib.util import (validate_zonemgr, normalize_zonemgr,
validate_hostname, validate_dns_label, validate_domain_name,
get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy,
- get_reverse_zone_default)
+ get_reverse_zone_default, zone_is_reverse, REVERSE_DNS_ZONES)
from ipapython.ipautil import valid_ip, CheckedIPAddress, is_host_resolvable
__doc__ = _("""
@@ -1499,19 +1499,6 @@ _dns_record_options = tuple(__dns_record_options_iter())
_dns_supported_record_types = tuple(record.rrtype for record in _dns_records \
if record.supported)
-# dictionary of valid reverse zone -> number of address components
-_valid_reverse_zones = {
- '.in-addr.arpa.' : 4,
- '.ip6.arpa.' : 32,
-}
-
-def zone_is_reverse(zone_name):
- for rev_zone_name in _valid_reverse_zones.keys():
- if zone_name.endswith(rev_zone_name):
- return True
-
- return False
-
def check_ns_rec_resolvable(zone, name):
if not name.endswith('.'):
# this is a DNS name relative to the zone
@@ -1842,7 +1829,7 @@ class dnszone_find(LDAPSearch):
assert isinstance(base_dn, DN)
if options.get('forward_only', False):
search_kw = {}
- search_kw['idnsname'] = _valid_reverse_zones.keys()
+ search_kw['idnsname'] = REVERSE_DNS_ZONES.keys()
rev_zone_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_NONE, exact=False,
trailing_wildcard=False)
filter = ldap.combine_filters((rev_zone_filter, filter), rules=ldap.MATCH_ALL)
@@ -2027,14 +2014,14 @@ class dnsrecord(LDAPObject):
else:
addr = keys[-1]
zone_len = 0
- for valid_zone in _valid_reverse_zones:
- if zone.find(valid_zone) != -1:
+ for valid_zone in REVERSE_DNS_ZONES:
+ if zone.endswith(valid_zone):
zone = zone.replace(valid_zone,'')
zone_name = valid_zone
- zone_len = _valid_reverse_zones[valid_zone]
+ zone_len = REVERSE_DNS_ZONES[valid_zone]
if not zone_len:
- allowed_zones = ', '.join(_valid_reverse_zones)
+ allowed_zones = ', '.join(REVERSE_DNS_ZONES)
raise errors.ValidationError(name='ptrrecord',
error=unicode(_('Reverse zone for PTR record should be a sub-zone of one the following fully qualified domains: %s') % allowed_zones))
diff --git a/ipalib/util.py b/ipalib/util.py
index df8791ba0b2fda818100f8869774ded767fb1777..53b6c80c5dbb4017536a1012771b37a0006e4d6d 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -494,6 +494,19 @@ def get_dns_reverse_zone_update_policy(realm, reverse_zone, rrtypes=('PTR',)):
return policy
+# dictionary of valid reverse zone -> number of address components
+REVERSE_DNS_ZONES = {
+ '.in-addr.arpa.' : 4,
+ '.ip6.arpa.' : 32,
+}
+
+def zone_is_reverse(zone_name):
+ zone_name = normalize_zone(zone_name)
+ if any(zone_name.endswith(name) for name in REVERSE_DNS_ZONES):
+ return True
+
+ return False
+
def get_reverse_zone_default(ip_address):
ip = netaddr.IPAddress(ip_address)
items = ip.reverse_dns.split('.')
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index c2c4a86b4b49ec044969cf4a748a062874031f2b..9f6dca5253c4efcd3c9abcb6aa082e3986cab90a 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -34,7 +34,7 @@ from ipapython import ipautil
from ipalib.parameters import IA5Str
from ipalib.util import (validate_zonemgr, normalize_zonemgr,
get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy,
- normalize_zone, get_reverse_zone_default)
+ normalize_zone, get_reverse_zone_default, zone_is_reverse)
from ipapython.ipa_log_manager import *
from ipalib.text import _
@@ -252,8 +252,15 @@ def read_reverse_zone(default, ip_address):
def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_address=None,
update_policy=None):
+ if zone_is_reverse(name):
+ # always normalize reverse zones
+ name = normalize_zone(name)
+
if update_policy is None:
- update_policy = get_dns_forward_zone_update_policy(api.env.realm)
+ if zone_is_reverse(name):
+ update_policy = get_dns_reverse_zone_update_policy(api.env.realm, name)
+ else:
+ update_policy = get_dns_forward_zone_update_policy(api.env.realm)
if zonemgr is None:
zonemgr = 'hostmaster.%s' % name
@@ -276,13 +283,14 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres
else:
ns_main = ns_hostname
ns_replicas = []
+ ns_main = normalize_zone(ns_main)
if ns_ip_address is not None:
ns_ip_address = unicode(ns_ip_address)
try:
api.Command.dnszone_add(unicode(name),
- idnssoamname=unicode(ns_main+'.'),
+ idnssoamname=unicode(ns_main),
idnssoarname=unicode(zonemgr),
ip_address=ns_ip_address,
idnsallowdynupdate=True,
@@ -296,51 +304,6 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres
for hostname in nameservers:
add_ns_rr(name, hostname, dns_backup=None, force=True)
-
-def add_reverse_zone(zone, ns_hostname=None, ns_ip_address=None,
- ns_replicas=[], update_policy=None, dns_backup=None):
- zone = normalize_zone(zone)
- if update_policy is None:
- update_policy = get_dns_reverse_zone_update_policy(api.env.realm, zone)
-
- if ns_hostname is None:
- # automatically retrieve list of DNS masters
- dns_masters = api.Object.dnsrecord.get_dns_masters()
- if not dns_masters:
- raise installutils.ScriptError(
- "No IPA server with DNS support found!")
- ns_main = dns_masters.pop(0)
- ns_replicas = dns_masters
- addresses = resolve_host(ns_main)
-
- if len(addresses) > 0:
- # use the first address
- ns_ip_address = addresses[0]
- else:
- ns_ip_address = None
- else:
- ns_main = ns_hostname
- ns_replicas = []
-
- if ns_ip_address is not None:
- ns_ip_address = unicode(ns_ip_address)
-
- try:
- api.Command.dnszone_add(unicode(zone),
- idnssoamname=unicode(ns_main+'.'),
- idnsallowdynupdate=True,
- ip_address=ns_ip_address,
- idnsupdatepolicy=unicode(update_policy),
- idnsallowquery=u'any',
- idnsallowtransfer=u'none',)
- except (errors.DuplicateEntry, errors.EmptyModlist):
- pass
-
- nameservers = ns_replicas + [ns_main]
- for hostname in nameservers:
- add_ns_rr(zone, hostname, dns_backup=None, force=True)
-
-
def add_rr(zone, name, type, rdata, dns_backup=None, **kwargs):
addkw = { '%srecord' % str(type.lower()) : unicode(rdata) }
addkw.update(kwargs)
@@ -639,7 +602,7 @@ class BindInstance(service.Service):
add_ptr_rr(self.reverse_zone, self.ip_address, self.fqdn)
def __setup_reverse_zone(self):
- add_reverse_zone(self.reverse_zone, ns_hostname=api.env.host,
+ add_zone(self.reverse_zone, self.zonemgr, ns_hostname=api.env.host,
ns_ip_address=self.ip_address, dns_backup=self.dns_backup)
def __setup_principal(self):
--
1.7.11.4
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
