diff options
author | Martin Kosek <mkosek@redhat.com> | 2012-10-25 08:47:34 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2012-11-06 17:42:09 +0100 |
commit | a00109585684fac520c48188298b75df816fbd23 (patch) | |
tree | c21fe71c0c0d611d0c04f1c4cd133a461c5d7847 /ipaserver/install/bindinstance.py | |
parent | 53a94211100d8622ccd2442140ff8db2ae05add9 (diff) | |
download | freeipa-a00109585684fac520c48188298b75df816fbd23.tar.gz freeipa-a00109585684fac520c48188298b75df816fbd23.tar.xz freeipa-a00109585684fac520c48188298b75df816fbd23.zip |
Process relative nameserver DNS record correctly
Nameserver hostname passed to dnszone_add command was always treated
as FQDN even though it was a relative DNS name to the new zone. All
relative names were being rejected as unresolvable.
Modify --name-server option processing in dnszone_add and dnszone_mod
to respect FQDN/relative DNS name and do the checks accordingly. With
this change, user can add a new zone "example.com" and let dnszone_add
to create NS record "ns" in it, when supplied with its IP address. IP
address check is more strict so that it is not entered when no forward
record is created. Places misusing the option were fixed.
Nameserver option now also accepts zone name, which means that NS and A
record is placed to DNS zone itself. Also "@" is accepted as a nameserver
name, BIND understand it also as a zone name. As a side-effect of this
change, other records with hostname part (MX, KX, NS, SRV) accept "@"
as valid hostname. BIND replaces it with respective zone name as well.
Unit tests were updated to test the new format.
https://fedorahosted.org/freeipa/ticket/3204
Diffstat (limited to 'ipaserver/install/bindinstance.py')
-rw-r--r-- | ipaserver/install/bindinstance.py | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 39063294d..ecd697d42 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -251,7 +251,7 @@ def read_reverse_zone(default, ip_address): return normalize_zone(zone) def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_address=None, - update_policy=None): + update_policy=None, force=False): if zone_is_reverse(name): # always normalize reverse zones name = normalize_zone(name) @@ -273,13 +273,6 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres "No IPA server with DNS support found!") ns_main = dns_masters.pop(0) ns_replicas = dns_masters - addresses = resolve_host(ns_main) - - if len(addresses) > 0: - # use the first address - ns_ip_address = addresses[0] - else: - ns_ip_address = None else: ns_main = ns_hostname ns_replicas = [] @@ -296,12 +289,14 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres idnsallowdynupdate=True, idnsupdatepolicy=unicode(update_policy), idnsallowquery=u'any', - idnsallowtransfer=u'none',) + idnsallowtransfer=u'none', + force=force) except (errors.DuplicateEntry, errors.EmptyModlist): pass nameservers = ns_replicas + [ns_main] for hostname in nameservers: + hostname = normalize_zone(hostname) add_ns_rr(name, hostname, dns_backup=None, force=True) def add_rr(zone, name, type, rdata, dns_backup=None, **kwargs): @@ -568,6 +563,8 @@ class BindInstance(service.Service): self._ldap_mod("dns.ldif", self.sub_dict) def __setup_zone(self): + nameserver_ip_address = self.ip_address + force = False if not self.host_in_default_domain(): # add DNS domain for host first root_logger.debug("Host domain (%s) is different from DNS domain (%s)!" \ @@ -576,8 +573,14 @@ class BindInstance(service.Service): add_zone(self.host_domain, self.zonemgr, dns_backup=self.dns_backup, ns_hostname=api.env.host, ns_ip_address=self.ip_address) + # Nameserver is in self.host_domain, no forward record added to self.domain + nameserver_ip_address = None + # Set force=True in case nameserver added in previous step + # is not resolvable yet + force = True add_zone(self.domain, self.zonemgr, dns_backup=self.dns_backup, - ns_hostname=api.env.host, ns_ip_address=self.ip_address) + ns_hostname=api.env.host, ns_ip_address=nameserver_ip_address, + force=force) def __add_self_ns(self): add_ns_rr(self.domain, api.env.host, self.dns_backup, force=True) @@ -610,7 +613,7 @@ class BindInstance(service.Service): def __setup_reverse_zone(self): add_zone(self.reverse_zone, self.zonemgr, ns_hostname=api.env.host, - ns_ip_address=self.ip_address, dns_backup=self.dns_backup) + dns_backup=self.dns_backup) def __setup_principal(self): dns_principal = "DNS/" + self.fqdn + "@" + self.realm |