Hi,
This patch adds options --forwarder and --no-forwarders. At least one of
them must be used if you are doing a setup with DNS server. They are
also mutually exclusive. The --forwarder option can be used more than
once to specify more servers. If the installer runs in interactive mode,
it will prompt the user if none of these option was given at the command
MartinFrom 2dbd272bdbd366c4e1fc9a1b7456c5c6d12377ab Mon Sep 17 00:00:00 2001
From: Martin Nagy mn...@redhat.com
Date: Tue, 1 Sep 2009 23:28:52 +0200
Subject: [PATCH] Use DNS forwarders in /etc/named.conf
This patch adds options --forwarder and --no-forwarders. At least one of
them must be used if you are doing a setup with DNS server. They are
also mutually exclusive. The --forwarder option can be used more than
once to specify more servers. If the installer runs in interactive mode,
it will prompt the user if none of these option was given at the command
line.
---
install/share/bind.named.conf.template |3 ++
install/tools/ipa-server-install | 46 +++-
install/tools/man/ipa-server-install.1 | 12 +++-
ipaserver/install/bindinstance.py | 13 -
4 files changed, 71 insertions(+), 3 deletions(-)
diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index 69bd86b..8b5fac2 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -5,6 +5,9 @@ options {
statistics-file data/named_stats.txt;
memstatistics-file data/named_mem_stats.txt;
+ forward first;
+ forwarders {$FORWARDERS};
+
tkey-gssapi-credential DNS/$FQDN;
tkey-domain $REALM;
};
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index d0e9397..2c890b4 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -84,6 +84,10 @@ def parse_options():
default=False, help=configure bind with our zone file)
parser.add_option(--setup-dns, dest=setup_dns, action=store_true,
default=False, help=configure bind with our zone)
+parser.add_option(--forwarder, dest=forwarders, action=append,
+ help=Add a DNS forwarder)
+parser.add_option(--no-forwarders, dest=no_forwarders, action=store_true,
+ default=False, help=Do not add any DNS forwarders, use root servers instead)
parser.add_option(-U, --unattended, dest=unattended, action=store_true,
default=False, help=unattended installation never prompts the user)
parser.add_option(, --uninstall, dest=uninstall, action=store_true,
@@ -108,6 +112,14 @@ def parse_options():
help=The starting gid value (default random))
options, args = parser.parse_args()
+if not options.setup_dns:
+if options.forwarders:
+parser.error(You cannot specify a --forwarder option without the --setup-dns option)
+if options.no_forwarders:
+parser.error(You cannot specify a --no-forwarders option without the --setup-dns option)
+elif options.forwarders and options.no_forwarders:
+parser.error(You cannot specify a --forwarder option together with --no-forwarders)
+
if options.uninstall:
if (options.ds_user or options.realm_name or
options.dm_password or options.admin_password or
@@ -117,6 +129,9 @@ def parse_options():
if (not options.ds_user or not options.realm_name or
not options.dm_password or not options.admin_password):
parser.error(error: In unattended mode you need to provide at least -u, -r, -p and -a options)
+if options.setup_dns:
+if not options.forwarders and not options.no_forwarders:
+parser.error(You must specify at least one --forwarder option or --no-forwarders option)
# If any of the PKCS#12 options are selected, all are required. Create a
# list of the options and count it to enforce that all are required without
@@ -210,6 +225,27 @@ def read_ip_address(host_name):
return ip
+def read_dns_forwarders():
+addrs = []
+while True:
+ip = user_input(Enter IP address for a DNS forwarder (empty to stop), allow_empty=True)
+
+if not ip:
+break
+if ip == 127.0.0.1 or ip == ::1:
+print You cannot use localhost as a DNS forwarder
+continue
+if not verify_ip_address(ip):
+continue
+
+print DNS forwarder %s added % ip
+addrs.append(ip)
+
+if not addrs:
+print No DNS forwarders configured
+
+return addrs
+
def read_ds_user():
print The server must run as a specific user in a specific group.
print It is strongly recommended that this user should have no privileges
@@ -504,6 +540,14 @@ def main():
else:
admin_password = options.admin_password
+if options.setup_dns:
+if