Add a reverse zone with server's PTR record

Also, small cosmetic change in dns.ldif.

3 files changed, 43 insertions, 7 deletions

diff --git a/install/share/dns.ldif b/install/share/dns.ldif
index 6c3a8b1c6..8ce9d69aa 100644
--- a/install/share/dns.ldif
+++ b/install/share/dns.ldif
@@ -14,8 +14,8 @@ idnsName: $DOMAIN
 idnsZoneActive: TRUE
 idnsAllowDynUpdate: TRUE
 idnsUpdatePolicy: grant $REALM krb5-self * A;
-idnsSOAmName: $HOST.$DOMAIN.
-idnsSOArName: root.$HOST.$DOMAIN.
+idnsSOAmName: $FQDN.
+idnsSOArName: root.$FQDN.
 idnsSOAserial: 1
 idnsSOArefresh: 10800
 idnsSOAretry: 900
diff --git a/install/share/dns_reverse.ldif b/install/share/dns_reverse.ldif
new file mode 100644
index 000000000..02d45a472
--- /dev/null
+++ b/install/share/dns_reverse.ldif
@@ -0,0 +1,24 @@
+dn: idnsName=$REVERSE_SUBNET.in-addr.arpa,cn=dns,$SUFFIX
+changetype: add
+objectClass: top
+objectClass: idnsZone
+objectClass: idnsRecord
+idnsName: $REVERSE_SUBNET.in-addr.arpa
+idnsZoneActive: TRUE
+idnsAllowDynUpdate: TRUE
+idnsUpdatePolicy: grant $REALM krb5-subdomain $REVERSE_SUBNET.in-addr.arpa. PTR;
+idnsSOAmName: $FQDN.
+idnsSOArName: root.$FQDN.
+idnsSOAserial: 1
+idnsSOArefresh: 10800
+idnsSOAretry: 900
+idnsSOAexpire: 604800
+idnsSOAminimum: 86400
+NSRecord: $FQDN.
+
+dn: idnsName=$REVERSE_HOST,idnsName=$REVERSE_SUBNET.in-addr.arpa,cn=dns,$SUFFIX
+changetype: add
+objectClass: idnsRecord
+objectClass: top
+idnsName: $REVERSE_HOST
+PTRRecord: $FQDN.
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index d62fce12f..f8fc2a980 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -71,6 +71,12 @@ class BindInstance(service.Service):
         self.host = fqdn.split(".")[0]
         self.suffix = util.realm_to_suffix(self.realm)
 
+        tmp = ip_address.split(".")
+        tmp.reverse()
+        
+        self.reverse_host = tmp.pop(0)
+        self.reverse_subnet = ".".join(tmp)
+
         self.__setup_sub_dict()
 
     def create_sample_bind_zone(self):
@@ -90,15 +96,16 @@ class BindInstance(service.Service):
         # FIXME: this need to be split off, as only the first server can do
         # this operation
         self.step("Setting up our zone", self.__setup_zone)
+        self.step("setting up reverse zone", self.__setup_reverse_zone)
 
-        self.step("Setting up kerberos principal", self.__setup_principal)
-        self.step("Setting up named.conf", self.__setup_named_conf)
+        self.step("setting up kerberos principal", self.__setup_principal)
+        self.step("setting up named.conf", self.__setup_named_conf)
 
         self.step("restarting named", self.__start)
         self.step("configuring named to start on boot", self.__enable)
 
-        self.step("Changing resolv.conf to point to ourselves", self.__setup_resolv_conf)
-        self.start_creation("Configuring bind:")
+        self.step("changing resolv.conf to point to ourselves", self.__setup_resolv_conf)
+        self.start_creation("Configuring named:")
 
     def __start(self):
         try:
@@ -117,12 +124,17 @@ class BindInstance(service.Service):
                              DOMAIN=self.domain,
                              HOST=self.host,
                              REALM=self.realm,
-                             SUFFIX=self.suffix)
+                             SUFFIX=self.suffix,
+                             REVERSE_HOST=self.reverse_host,
+                             REVERSE_SUBNET=self.reverse_subnet)
 
     def __setup_zone(self):
         self.backup_state("domain", self.domain)
         self._ldap_mod("dns.ldif", self.sub_dict)
 
+    def __setup_reverse_zone(self):
+        self._ldap_mod("dns_reverse.ldif", self.sub_dict)
+
     def __setup_principal(self):
         dns_principal = "DNS/" + self.fqdn + "@" + self.realm
         installutils.kadmin_addprinc(dns_principal)