Process relative nameserver DNS record correctly

Nameserver hostname passed to dnszone_add command was always treated as FQDN even though it was a relative DNS name to the new zone. All relative names were being rejected as unresolvable. Modify --name-server option processing in dnszone_add and dnszone_mod to respect FQDN/relative DNS name and do the checks accordingly. With this change, user can add a new zone "example.com" and let dnszone_add to create NS record "ns" in it, when supplied with its IP address. IP address check is more strict so that it is not entered when no forward record is created. Places misusing the option were fixed. Nameserver option now also accepts zone name, which means that NS and A record is placed to DNS zone itself. Also "@" is accepted as a nameserver name, BIND understand it also as a zone name. As a side-effect of this change, other records with hostname part (MX, KX, NS, SRV) accept "@" as valid hostname. BIND replaces it with respective zone name as well. Unit tests were updated to test the new format. https://fedorahosted.org/freeipa/ticket/3204
author: Martin Kosek <mkosek@redhat.com> 2012-10-25 08:47:34 +0200
committer: Martin Kosek <mkosek@redhat.com> 2012-11-06 17:42:09 +0100
commit: a00109585684fac520c48188298b75df816fbd23 (patch)
tree: c21fe71c0c0d611d0c04f1c4cd133a461c5d7847 /ipaserver/install/bindinstance.py
parent: 53a94211100d8622ccd2442140ff8db2ae05add9 (diff)
download: freeipa-a00109585684fac520c48188298b75df816fbd23.tar.gz
freeipa-a00109585684fac520c48188298b75df816fbd23.tar.xz
freeipa-a00109585684fac520c48188298b75df816fbd23.zip
1 files changed, 14 insertions, 11 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 39063294d..ecd697d42 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -251,7 +251,7 @@ def read_reverse_zone(default, ip_address):
     return normalize_zone(zone)
 
 def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_address=None,
-       update_policy=None):
+       update_policy=None, force=False):
     if zone_is_reverse(name):
         # always normalize reverse zones
         name = normalize_zone(name)
@@ -273,13 +273,6 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres
                 "No IPA server with DNS support found!")
         ns_main = dns_masters.pop(0)
         ns_replicas = dns_masters
-        addresses = resolve_host(ns_main)
-
-        if len(addresses) > 0:
-            # use the first address
-            ns_ip_address = addresses[0]
-        else:
-            ns_ip_address = None
     else:
         ns_main = ns_hostname
         ns_replicas = []
@@ -296,12 +289,14 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres
                                 idnsallowdynupdate=True,
                                 idnsupdatepolicy=unicode(update_policy),
                                 idnsallowquery=u'any',
-                                idnsallowtransfer=u'none',)
+                                idnsallowtransfer=u'none',
+                                force=force)
     except (errors.DuplicateEntry, errors.EmptyModlist):
         pass
 
     nameservers = ns_replicas + [ns_main]
     for hostname in nameservers:
+        hostname = normalize_zone(hostname)
         add_ns_rr(name, hostname, dns_backup=None, force=True)
 
 def add_rr(zone, name, type, rdata, dns_backup=None, **kwargs):
@@ -568,6 +563,8 @@ class BindInstance(service.Service):
         self._ldap_mod("dns.ldif", self.sub_dict)
 
     def __setup_zone(self):
+        nameserver_ip_address = self.ip_address
+        force = False
         if not self.host_in_default_domain():
             # add DNS domain for host first
             root_logger.debug("Host domain (%s) is different from DNS domain (%s)!" \
@@ -576,8 +573,14 @@ class BindInstance(service.Service):
 
             add_zone(self.host_domain, self.zonemgr, dns_backup=self.dns_backup,
                     ns_hostname=api.env.host, ns_ip_address=self.ip_address)
+            # Nameserver is in self.host_domain, no forward record added to self.domain
+            nameserver_ip_address = None
+            # Set force=True in case nameserver added in previous step
+            # is not resolvable yet
+            force = True
         add_zone(self.domain, self.zonemgr, dns_backup=self.dns_backup,
-                ns_hostname=api.env.host, ns_ip_address=self.ip_address)
+                ns_hostname=api.env.host, ns_ip_address=nameserver_ip_address,
+                force=force)
 
     def __add_self_ns(self):
         add_ns_rr(self.domain, api.env.host, self.dns_backup, force=True)
@@ -610,7 +613,7 @@ class BindInstance(service.Service):
 
     def __setup_reverse_zone(self):
         add_zone(self.reverse_zone, self.zonemgr, ns_hostname=api.env.host,
-                ns_ip_address=self.ip_address, dns_backup=self.dns_backup)
+                dns_backup=self.dns_backup)
 
     def __setup_principal(self):
         dns_principal = "DNS/" + self.fqdn + "@" + self.realm
author	Martin Kosek <mkosek@redhat.com>	2012-10-25 08:47:34 +0200
committer	Martin Kosek <mkosek@redhat.com>	2012-11-06 17:42:09 +0100
commit	a00109585684fac520c48188298b75df816fbd23 (patch)
tree	c21fe71c0c0d611d0c04f1c4cd133a461c5d7847 /ipaserver/install/bindinstance.py
parent	53a94211100d8622ccd2442140ff8db2ae05add9 (diff)
download	freeipa-a00109585684fac520c48188298b75df816fbd23.tar.gz freeipa-a00109585684fac520c48188298b75df816fbd23.tar.xz freeipa-a00109585684fac520c48188298b75df816fbd23.zip