diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2011-02-10 21:47:45 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-02-14 14:45:22 -0500 |
commit | 22c3a681da7ec5c84e8822eb325c647a8e89942a (patch) | |
tree | 83813eacd9ee4050e4430101a048ad7cd416f1d5 | |
parent | c9431749a0078df8bdf13490daac5f3467cc1c02 (diff) | |
download | freeipa-22c3a681da7ec5c84e8822eb325c647a8e89942a.tar.gz freeipa-22c3a681da7ec5c84e8822eb325c647a8e89942a.tar.xz freeipa-22c3a681da7ec5c84e8822eb325c647a8e89942a.zip |
Fine tuning DNS options
Add pointer to self to /etc/hosts to avoid chicken/egg problems when
restarting DNS.
On servers set both dns_lookup_realm and dns_lookup_kdc to false so we don't
attempt to do any resolving. Leave it to true on clients.
Set rdns to false on both server and client.
https://fedorahosted.org/freeipa/ticket/931
-rw-r--r-- | install/share/krb5.conf.template | 5 | ||||
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 1 | ||||
-rw-r--r-- | ipaserver/install/bindinstance.py | 3 | ||||
-rw-r--r-- | ipaserver/install/installutils.py | 24 |
4 files changed, 27 insertions, 6 deletions
diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template index 9cf4ee84d..93d88dbb2 100644 --- a/install/share/krb5.conf.template +++ b/install/share/krb5.conf.template @@ -5,8 +5,9 @@ [libdefaults] default_realm = $REALM - dns_lookup_realm = true - dns_lookup_kdc = true + dns_lookup_realm = false + dns_lookup_kdc = false + rdns = false ticket_lifetime = 24h forwardable = yes diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 5012c657d..32a9aef17 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -408,6 +408,7 @@ def configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d else: libopts.append({'name':'dns_lookup_realm', 'type':'option', 'value':'true'}) libopts.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'true'}) + libopts.append({'name':'rdns', 'type':'option', 'value':'false'}) libopts.append({'name':'ticket_lifetime', 'type':'option', 'value':'24h'}) libopts.append({'name':'forwardable', 'type':'option', 'value':'yes'}) diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 8790427ca..ea9280b3c 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -297,6 +297,9 @@ class BindInstance(service.Service): # get a connection to the DS self.ldap_connect() + if not installutils.record_in_hosts(self.ip_address, self.fqdn): + installutils.add_record_to_hosts(self.ip_address, self.fqdn) + if not dns_container_exists(self.fqdn, self.suffix): self.step("adding DNS container", self.__setup_dns_container) if not dns_zone_exists(self.domain): diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py index 99d1582eb..563333bd2 100644 --- a/ipaserver/install/installutils.py +++ b/ipaserver/install/installutils.py @@ -156,6 +156,25 @@ def verify_ip_address(ip): is_ok = False return is_ok +def record_in_hosts(ip, host_name, file="/etc/hosts"): + hosts = open(file, 'r').readlines() + for line in hosts: + hosts_ip = line.split()[0] + if hosts_ip != ip: + continue + + names = line.split()[1:] + if host_name in names: + return True + + return False + +def add_record_to_hosts(ip, host_name, file="/etc/hosts"): + hosts_fd = open(file, 'r+') + hosts_fd.seek(0, 2) + hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n') + hosts_fd.close() + def read_ip_address(host_name, fstore): while True: ip = ipautil.user_input("Please provide the IP address to be used for this host name", allow_empty = False) @@ -169,10 +188,7 @@ def read_ip_address(host_name, fstore): print "Adding ["+ip+" "+host_name+"] to your /etc/hosts file" fstore.backup_file("/etc/hosts") - hosts_fd = open('/etc/hosts', 'r+') - hosts_fd.seek(0, 2) - hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n') - hosts_fd.close() + add_record_to_hosts(ip, host_name) return ip |