diff options
-rw-r--r-- | install/share/bind.named.conf.template | 3 | ||||
-rwxr-xr-x | install/tools/ipa-server-install | 46 | ||||
-rw-r--r-- | install/tools/man/ipa-server-install.1 | 12 | ||||
-rw-r--r-- | ipaserver/install/bindinstance.py | 13 |
4 files changed, 71 insertions, 3 deletions
diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template index 69bd86b00..8b5fac2a6 100644 --- a/install/share/bind.named.conf.template +++ b/install/share/bind.named.conf.template @@ -5,6 +5,9 @@ options { statistics-file "data/named_stats.txt"; memstatistics-file "data/named_mem_stats.txt"; + forward first; + forwarders {$FORWARDERS}; + tkey-gssapi-credential "DNS/$FQDN"; tkey-domain "$REALM"; }; diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index d0e939796..2c890b4e8 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -84,6 +84,10 @@ def parse_options(): default=False, help="configure bind with our zone file") parser.add_option("--setup-dns", dest="setup_dns", action="store_true", default=False, help="configure bind with our zone") + parser.add_option("--forwarder", dest="forwarders", action="append", + help="Add a DNS forwarder") + parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", + default=False, help="Do not add any DNS forwarders, use root servers instead") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", default=False, help="unattended installation never prompts the user") parser.add_option("", "--uninstall", dest="uninstall", action="store_true", @@ -108,6 +112,14 @@ def parse_options(): help="The starting gid value (default random)") options, args = parser.parse_args() + if not options.setup_dns: + if options.forwarders: + parser.error("You cannot specify a --forwarder option without the --setup-dns option") + if options.no_forwarders: + parser.error("You cannot specify a --no-forwarders option without the --setup-dns option") + elif options.forwarders and options.no_forwarders: + parser.error("You cannot specify a --forwarder option together with --no-forwarders") + if options.uninstall: if (options.ds_user or options.realm_name or options.dm_password or options.admin_password or @@ -117,6 +129,9 @@ def parse_options(): if (not options.ds_user or not options.realm_name or not options.dm_password or not options.admin_password): parser.error("error: In unattended mode you need to provide at least -u, -r, -p and -a options") + if options.setup_dns: + if not options.forwarders and not options.no_forwarders: + parser.error("You must specify at least one --forwarder option or --no-forwarders option") # If any of the PKCS#12 options are selected, all are required. Create a # list of the options and count it to enforce that all are required without @@ -210,6 +225,27 @@ def read_ip_address(host_name): return ip +def read_dns_forwarders(): + addrs = [] + while True: + ip = user_input("Enter IP address for a DNS forwarder (empty to stop)", allow_empty=True) + + if not ip: + break + if ip == "127.0.0.1" or ip == "::1": + print "You cannot use localhost as a DNS forwarder" + continue + if not verify_ip_address(ip): + continue + + print "DNS forwarder %s added" % ip + addrs.append(ip) + + if not addrs: + print "No DNS forwarders configured" + + return addrs + def read_ds_user(): print "The server must run as a specific user in a specific group." print "It is strongly recommended that this user should have no privileges" @@ -504,6 +540,14 @@ def main(): else: admin_password = options.admin_password + if options.setup_dns: + if options.no_forwarders: + dns_forwarders = () + elif options.forwarders: + dns_forwarders = options.forwarders + else: + dns_forwarders = read_dns_forwarders() + if not options.unattended: print "" print "The following operations may take some minutes to complete." @@ -591,7 +635,7 @@ def main(): # Create a BIND instance bind = bindinstance.BindInstance(fstore, dm_password) - bind.setup(host_name, ip_address, realm_name, domain_name) + bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders) if options.setup_dns: bind.create_instance() else: diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index df977c2f6..5b0df3dc9 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -56,8 +56,18 @@ The IP address of this server An unattended installation that will never prompt for user input .TP \fB\-\-setup\-dns\fR -Generate a DNS zone if it does not exist already and configure the DNS server +Generate a DNS zone if it does not exist already and configure the DNS server. +This option requires that you either specify at least one DNS forwarder through +the \fB\-\-forwarder\fR option or use the \fB\-\-no\-forwarders\fR option. .TP +\fB\-\-forwarder\fR=\fIIP_ADDRESS\fR +Add a DNS forwarder to the DNS configuration. You can use this option multiple +times to specify more forwarders, but at least one must be provided, unless +the \fB\-\-no\-forwarders\fR option is specified. +.TP +\fB\-\-no\-forwarders\fR +Do not add any DNS forwarders. Root DNS servers will be used instead. +.TP \fB\-n\fR, \fB\-\-no\-ntp\fR Do not configure NTP \fB\-U\fR, \fB\-\-uninstall\fR diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index f5a704614..e2c91f379 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -52,6 +52,7 @@ class BindInstance(service.Service): self.host = None self.ip_address = None self.realm = None + self.forwarders = None self.sub_dict = None if fstore: @@ -59,12 +60,13 @@ class BindInstance(service.Service): else: self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') - def setup(self, fqdn, ip_address, realm_name, domain_name, named_user="named"): + def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, named_user="named"): self.named_user = named_user self.fqdn = fqdn self.ip_address = ip_address self.realm = realm_name self.domain = domain_name + self.forwarders = forwarders self.host = fqdn.split(".")[0] self.suffix = util.realm_to_suffix(self.realm) @@ -146,11 +148,20 @@ class BindInstance(service.Service): self.chkconfig_on() def __setup_sub_dict(self): + if self.forwarders: + fwds = "\n" + for forwarder in self.forwarders: + fwds += "\t\t%s;\n" % forwarder + fwds += "\t" + else: + fwds = " " + self.sub_dict = dict(FQDN=self.fqdn, IP=self.ip_address, DOMAIN=self.domain, HOST=self.host, REALM=self.realm, + FORWARDERS=fwds, SUFFIX=self.suffix, REVERSE_HOST=self.reverse_host, REVERSE_SUBNET=self.reverse_subnet) |