On 04.05.2016 10:43, Petr Spacek wrote:
Hello,

DNS: Warn if forwarding policy conflicts with automatic empty zones

Forwarding policy "first" or "none" may conflicts with some automatic empty
zones. Queries for zones specified by RFC 6303 will ignore
forwarding and recursion and always result in NXDOMAIN answers.

This is not detected and warned about. Global forwarding is equivalent
to forward zone ".".

Example:
Forward zone 1.10.in-addr.arpa with policy "first"
will not forward anything because BIND will automatically prefer
automatic empty zone "10.in-addr.arpa." which is authoritative.

https://fedorahosted.org/freeipa/ticket/5710


This is last patch in the series so the ticket can be closed when all relevant
patches are pushed.





You forgot to update tests

_____________________________________________________________________ test_dns.test_command[0087: dnsconfig_mod: Update global DNS settings] ______________________________________________________________________

self = <ipatests.test_xmlrpc.test_dns_plugin.test_dns object at 0x7fcef3ef2510>, index = 87 declarative_test_definition = {'command': ('dnsconfig_mod', [], {'idnsforwarders': ['172.16.31.80'], 'version': '2.166'}), 'desc': 'Update global DN...arders': ['172.16.31.80']}, 'summary': None, 'value': None}, 'nice': '0087: dnsconfig_mod: Update global DNS settings'}

    def test_command(self, index, declarative_test_definition):
        """Run an individual test

            The arguments are provided by the pytest plugin.
            """
        if callable(declarative_test_definition):
            declarative_test_definition(self)
        else:
>           self.check(**declarative_test_definition)

test_xmlrpc/xmlrpc_test.py:313:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
test_xmlrpc/xmlrpc_test.py:325: in check
    self.check_output(nice, cmd, args, options, expected, extra_check)
test_xmlrpc/xmlrpc_test.py:368: in check_output
    assert_deepequal(expected, got, nice)
util.py:361: in assert_deepequal
    assert_deepequal(e_sub, g_sub, doc, stack + (key,))
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

expected = [{'code': 13006, 'message': <function <lambda> at 0x7fcef426c758>, 'name': 'DNSServerValidationWarning', 'type': 'warning'}] got = [{'code': 13021, 'message': "Forwarding policy conflicts with some automatic empty zones. Queries for zones specified ...': The DNS operation timed out after 10.0008428097 seconds.", 'name': 'DNSServerValidationWarning', 'type': 'warning'}] doc = '0087: dnsconfig_mod: Update global DNS settings', stack = ('messages',)

    def assert_deepequal(expected, got, doc='', stack=tuple()):
        """
        Recursively check for type and equality.

If a value in expected is callable then it will used as a callback to
        test for equality on the got value. The callback is passed the got
        value and returns True if equal, False otherwise.

If the tests fails, it will raise an ``AssertionError`` with detailed information, including the path to the offending value. For example:

        >>> expected = [u'Hello', dict(world=u'how are you?')]
        >>> got = [u'Hello', dict(world='how are you?')]
        >>> expected == got
        True
        >>> assert_deepequal(expected, got, doc='Testing my nested data')
        Traceback (most recent call last):
          ...
        AssertionError: assert_deepequal: type(expected) is not type(got).
          Testing my nested data
          type(expected) = <type 'unicode'>
          type(got) = <type 'str'>
          expected = u'how are you?'
          got = 'how are you?'
          path = (0, 'world')

Note that lists and tuples are considered equivalent, and the order of
        their elements does not matter.
        """
        if isinstance(expected, tuple):
            expected = list(expected)
        if isinstance(got, tuple):
            got = list(got)
        if isinstance(expected, DN):
            if isinstance(got, six.string_types):
                got = DN(got)
if not (isinstance(expected, Fuzzy) or callable(expected) or type(expected) is type(got)):
            raise AssertionError(
TYPE % (doc, type(expected), type(got), expected, got, stack)
            )
        if isinstance(expected, (list, tuple)):
            if len(expected) != len(got):
                raise AssertionError(
> LEN % (doc, len(expected), len(got), expected, got, stack)
                )
E               AssertionError: assert_deepequal: list length mismatch.
E                 0087: dnsconfig_mod: Update global DNS settings
E                 len(expected) = 1
E                 len(got) = 2
E expected = [{u'message': <function <lambda> at 0x7fcef426c758>, u'code': 13006, u'type': u'warning', u'name': u'DNSServerValidationWarning'}] E got = [{u'message': u"Forwarding policy conflicts with some automatic empty zones. Queries for zones specified by RFC 6303 will ignore forwarding and recursion and always result in NXDOMAIN answers. To override this behavior use forward policy 'only'.", u'code': 13021, u'type': u'warning', u'name': u'DNSForwardPolicyConflictWithEmptyZone'}, {u'message': u"DNS server 172.16.31.80: query '. SOA': The DNS operation timed out after 10.0008428097 seconds.", u'code': 13006, u'type': u'warning', u'name': u'DNSServerValidationWarning'}]
E                 path = (u'messages',)

util.py:332: AssertionError

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to