Require that hosts be resolvable in DNS. Use --force to ignore warnings.

This also requires a resolvable hostname on services as well. I want
people to think long and hard about adding things that aren't resolvable.

The cert plugin can automatically create services on the user's behalf when
issuing a cert. It will always set the force flag to True.

We use a lot of made-up host names in the test system, all of which require
the force flag now.

ticket #25

1 files changed, 16 insertions, 0 deletions

diff --git a/ipalib/util.py b/ipalib/util.py
index 76be9a6d7..570d66e00 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -28,6 +28,7 @@ import time
 import krbV
 import socket
 from ipalib import errors
+from ipapython import dnsclient
 
 
 def get_current_principal():
@@ -113,3 +114,18 @@ def realm_to_suffix(realm_name):
     s = realm_name.split(".")
     terms = ["dc=" + x.lower() for x in s]
     return ",".join(terms)
+
+def validate_host_dns(log, fqdn):
+    """
+    See if the hostname has a DNS A record.
+    """
+    rs = dnsclient.query(fqdn + '.', dnsclient.DNS_C_IN, dnsclient.DNS_T_A)
+    if len(rs) == 0:
+        log.debug(
+            'IPA: DNS A record lookup failed for %s' % fqdn
+        )
+        raise errors.DNSNotARecordError()
+    else:
+        log.debug(
+            'IPA: found %d records for %s' % (len(rs), fqdn)
+        )