diff options
author | Martin Basti <mbasti@redhat.com> | 2014-10-16 16:27:00 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-10-21 12:23:03 +0200 |
commit | ca030a089f9e45a5dae5f6fb5993f4cc714f1ab2 (patch) | |
tree | f99b61a736b118ce42773cc1d9ab8769b28a6a79 /ipalib/plugins/dns.py | |
parent | 30bc3a55cf816cc5114ddbd102afa8b52f598dec (diff) | |
download | freeipa-ca030a089f9e45a5dae5f6fb5993f4cc714f1ab2.tar.gz freeipa-ca030a089f9e45a5dae5f6fb5993f4cc714f1ab2.tar.xz freeipa-ca030a089f9e45a5dae5f6fb5993f4cc714f1ab2.zip |
DNSSEC: validate forwarders
Tickets:
https://fedorahosted.org/freeipa/ticket/3801
https://fedorahosted.org/freeipa/ticket/4417
Design:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'ipalib/plugins/dns.py')
-rw-r--r-- | ipalib/plugins/dns.py | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index df42c6bfe..7fafd0d26 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -43,7 +43,7 @@ from ipalib.util import (normalize_zonemgr, get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy, get_reverse_zone_default, REVERSE_DNS_ZONES, - normalize_zone) + normalize_zone, validate_dnssec_forwarder) from ipapython.ipautil import CheckedIPAddress, is_host_resolvable from ipapython.dnsutil import DNSName @@ -3882,9 +3882,41 @@ class dnsconfig(LDAPObject): class dnsconfig_mod(LDAPUpdate): __doc__ = _('Modify global DNS configuration.') + def interactive_prompt_callback(self, kw): + if kw.get('idnsforwarders', False): + self.Backend.textui.print_plain("Server will check forwarder(s).") + self.Backend.textui.print_plain("This may take some time, please wait ...") + def execute(self, *keys, **options): + # test dnssec forwarders + non_dnssec_forwarders = [] + not_responding_forwarders = [] + for forwarder in options.get('idnsforwarders', []): + dnssec_status = validate_dnssec_forwarder(forwarder) + if dnssec_status is None: + not_responding_forwarders.append(forwarder) + elif dnssec_status is False: + non_dnssec_forwarders.append(forwarder) + result = super(dnsconfig_mod, self).execute(*keys, **options) self.obj.postprocess_result(result) + + # add messages + for forwarder in not_responding_forwarders: + messages.add_message( + options['version'], + result, messages.DNSServerNotRespondingWarning( + server=forwarder, + ) + ) + for forwarder in non_dnssec_forwarders: + messages.add_message( + options['version'], + result, messages.DNSServerDoesNotSupportDNSSECWarning( + server=forwarder, + ) + ) + return result |