diff options
authorMartin Kosek <>2011-10-07 14:23:20 +0200
committerRob Crittenden <>2011-10-13 00:54:37 -0400
commit9bff6cb8a955c3f4b167e05856b40f6e2ee5dca8 (patch)
parent93ddfd008af6cd720c6f8c6902e8d24b06d59e72 (diff)
Check hostname resolution sanity
Always check (even with --setup-dns or --no-host-dns) that if the host name or ip address resolves, it resolves to sane value. Otherwise report an error. Misconfigured /etc/hosts causing these errors could harm the installation later.
2 files changed, 12 insertions, 4 deletions
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare
index 924fd9b..031c7b9 100755
--- a/install/tools/ipa-replica-prepare
+++ b/install/tools/ipa-replica-prepare
@@ -267,7 +267,7 @@ def main():
sys.exit("\nUnable to connect to LDAP server %s" %
- installutils.verify_fqdn(replica_fqdn, system_name_check=False)
+ installutils.verify_fqdn(replica_fqdn, local_hostname=False)
except BadHostError, e:
msg = str(e)
if isinstance(e, HostLookupError):
diff --git a/ipaserver/install/ b/ipaserver/install/
index bc68ffa..14c43fe 100644
--- a/ipaserver/install/
+++ b/ipaserver/install/
@@ -129,7 +129,7 @@ def verify_dns_records(host_name, responses, resaddr, family):
raise RuntimeError("The DNS forward record %s does not match the reverse address %s" % (rec.dns_name, rev.rdata.ptrdname))
-def verify_fqdn(host_name, no_host_dns=False, system_name_check=True):
+def verify_fqdn(host_name, no_host_dns=False, local_hostname=True):
Run fqdn checks for given host:
- test hostname format
@@ -140,7 +140,7 @@ def verify_fqdn(host_name, no_host_dns=False, system_name_check=True):
:param host_name: The host name to verify.
:param no_host_dns: If true, skip DNS resolution tests of the host name.
- :param system_name_check: If true, check if the host name matches the system host name.
+ :param local_hostname: If true, run additional checks for local hostnames
if len(host_name.split(".")) < 2 or host_name == "localhost.localdomain":
raise BadHostError("Invalid hostname '%s', must be fully-qualified." % host_name)
@@ -151,7 +151,15 @@ def verify_fqdn(host_name, no_host_dns=False, system_name_check=True):
if ipautil.valid_ip(host_name):
raise BadHostError("IP address not allowed as a hostname")
- if system_name_check:
+ if local_hostname:
+ try:
+ ex_name = socket.gethostbyaddr(host_name)
+ if host_name != ex_name[0]:
+ raise HostLookupError("The host name %s does not match the primary host name %s. "\
+ "Please check /etc/hosts or DNS name resolution" % (host_name, ex_name[0]))
+ except socket.gaierror:
+ pass
system_host_name = socket.gethostname()
if not (host_name + '.').startswith(system_host_name + '.'):
print "Warning: The host name '%s' does not match the system host name '%s'." % (host_name, system_host_name)