On 10/13/2015 09:36 AM, Petr Spacek wrote:
On 12.10.2015 16:35, Martin Babinsky wrote:
https://fedorahosted.org/freeipa/ticket/5200
---
  ipalib/plugins/dns.py | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 
84086f4c77d02922f237937d58031cc42d55410e..c36345faecfb9db7abced1c6bd72ddcf93473a74
 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -537,7 +537,8 @@ def get_reverse_zone(ipaddr, prefixlen=None):
      if prefixlen is None:
          revzone = None

-        result = api.Command['dnszone_find']()['result']
+        result = api.Command['dnszone_find'](sizelimit=0)['result']
+

NACK, this just increases the limit because LDAP server will enforce a
per-user limit.

          for zone in result:
              zonename = zone['idnsname'][0]
              if (revdns.is_subdomain(zonename.make_absolute()) and

Generic solution should use dns.resolver.zone_for_name() to find DNS zone
matching the reverse name. This should also implicitly cover CNAME/DNAME
redirections per RFC2317.

Using DNS implicitly means that a zone will always be found (at least the root
zone :-). For this reason I would change final error message
reason=_('DNS reverse zone for IP address %(addr)s not found')
to something like:
   reason=_('DNS reverse zone %(zone)s for IP address %(addr)s is not managed
by this server')


These changes should fix it without adding other artificial limitation.


Thank you for clarification Petr.

Attaching the reworked patch.

--
Martin^3 Babinsky
From 463903f4ea4f74efeb02dbb705ca0a54fab81366 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Mon, 12 Oct 2015 16:24:50 +0200
Subject: [PATCH 1/3] perform more robust search for reverse zones when adding
 DNS record

Instead of searching for all zones to identify the correct reverse zone, we
will first ask the resolver to return the name of zone that should contain the
desired record and then see if IPA manages this zone.

https://fedorahosted.org/freeipa/ticket/5200
---
 ipalib/plugins/dns.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 84086f4c77d02922f237937d58031cc42d55410e..e3c6ce46168f8b6af607a61af1e3e431cfee32c8 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -531,25 +531,35 @@ def add_forward_record(zone, name, str_address):
         pass # the entry already exists and matches
 
 def get_reverse_zone(ipaddr, prefixlen=None):
+    """
+    resolve the reverse zone for IP address and see if it is managed by IPA
+    server
+    :param ipaddr: host IP address
+    :param prefixlen: network prefix length
+    :return: tuple containing name of the reverse zone and the name of the
+    record
+    """
     ip = netaddr.IPAddress(str(ipaddr))
     revdns = DNSName(unicode(ip.reverse_dns))
+    resolved_zone = unicode(dns.resolver.zone_for_name(revdns))
 
     if prefixlen is None:
         revzone = None
+        result = api.Command['dnszone_find'](resolved_zone)['result']
 
-        result = api.Command['dnszone_find']()['result']
         for zone in result:
             zonename = zone['idnsname'][0]
             if (revdns.is_subdomain(zonename.make_absolute()) and
                (revzone is None or zonename.is_subdomain(revzone))):
                 revzone = zonename
     else:
+        # if prefixlen is specified, determine the zone name for the network
+        # prefix
         if ip.version == 4:
             pos = 4 - prefixlen / 8
         elif ip.version == 6:
             pos = 32 - prefixlen / 4
-        items = ip.reverse_dns.split('.')
-        revzone = DNSName(items[pos:])
+        revzone = revdns[pos:]
 
         try:
             api.Command['dnszone_show'](revzone)
@@ -558,7 +568,10 @@ def get_reverse_zone(ipaddr, prefixlen=None):
 
     if revzone is None:
         raise errors.NotFound(
-            reason=_('DNS reverse zone for IP address %(addr)s not found') % dict(addr=ipaddr)
+            reason=_(
+                'DNS reverse zone %(resolved_zone)s for IP address '
+                '%(addr)s is not manager by this server') % dict(
+                addr=ipaddr, resolved_zone=resolved_zone)
         )
 
     revname = revdns.relativize(revzone)
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to