diff options
| -rw-r--r-- | install/share/bind.zone.db.template | 2 | ||||
| -rwxr-xr-x | install/tools/ipa-dns-install | 4 | ||||
| -rwxr-xr-x | install/tools/ipa-server-install | 4 | ||||
| -rw-r--r-- | install/tools/man/ipa-dns-install.1 | 3 | ||||
| -rw-r--r-- | install/tools/man/ipa-server-install.1 | 7 | ||||
| -rw-r--r-- | ipaserver/install/bindinstance.py | 15 |
6 files changed, 26 insertions, 9 deletions
diff --git a/install/share/bind.zone.db.template b/install/share/bind.zone.db.template index 71fa10bd3..157d05e55 100644 --- a/install/share/bind.zone.db.template +++ b/install/share/bind.zone.db.template @@ -1,6 +1,6 @@ $$ORIGIN $DOMAIN. $$TTL 86400 -@ IN SOA $DOMAIN. root.$HOST.$DOMAIN. ( +@ IN SOA $DOMAIN. $ZONEMGR. ( 01 ; serial 3H ; refresh 15M ; retry diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index 3413312ae..8fc503e4e 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -40,6 +40,8 @@ def parse_options(): help="Add a DNS forwarder") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") + parser.add_option("--zonemgr", dest="zonemgr", + help="DNS zone manager e-mail address. Defaults to root") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", default=False, help="unattended installation never prompts the user") @@ -153,7 +155,7 @@ def main(): # Create a BIND instance bind = bindinstance.BindInstance(fstore, dm_password) - bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp) + bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, zonemgr=options.zonemgr) api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) bind.create_instance() diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index a62f8af4e..d949f44ad 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -96,6 +96,8 @@ def parse_options(): help="Add a DNS forwarder") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") + parser.add_option("--zonemgr", dest="zonemgr", + help="DNS zone manager e-mail address. Defaults to root") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", default=False, help="unattended installation never prompts the user") parser.add_option("", "--uninstall", dest="uninstall", action="store_true", @@ -769,7 +771,7 @@ def main(): # Create a BIND instance bind = bindinstance.BindInstance(fstore, dm_password) - bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, options.conf_ntp) + bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, options.conf_ntp, zonemgr=options.zonemgr) if options.setup_dns: api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) diff --git a/install/tools/man/ipa-dns-install.1 b/install/tools/man/ipa-dns-install.1 index 4159625d0..7aa032235 100644 --- a/install/tools/man/ipa-dns-install.1 +++ b/install/tools/man/ipa-dns-install.1 @@ -37,6 +37,9 @@ A forwarder is a DNS server where queries for a specific non\-resolvable address \fB\-\-noforwarders\fR Do not add any DNS forwarders, send non\-resolvable addresses to the DNS root servers. .TP +\fB\-\-zonemgr\fR +The e\-mail address of the DNS zone manager. Defaults too root@host.domain +.TP \fB\-d\fR, \fB\-\-debug\fR Enable debug logging when more verbose output is needed .TP diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 2a69643d0..6a9487541 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -22,7 +22,7 @@ ipa\-server\-install \- Configure an IPA server .SH "SYNOPSIS" ipa\-server\-install [\fIOPTION\fR]... .SH "DESCRIPTION" -Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) with an LDAP back\-end, configuring Apache, configuring NTP and starting some IPA\-provided services: ipa_kpasswd and ipa_webgui. By default a dogtag-based CA will be configured to issue server certificates. +Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) with an LDAP back\-end, configuring Apache, configuring NTP and starting some IPA\-provided services: ipa_kpasswd and ipa_webgui. By default a dogtag\-based CA will be configured to issue server certificates. .SH "OPTIONS" .TP \fB\-u\fR, \fB\-\-user\fR=\fIDS_USER\fR @@ -47,7 +47,7 @@ The password for the IPA admin user Enable debug logging when more verbose output is needed .TP \fB\-\-selfsign\fR -Configure a self-signed CA instance for issuing server certificates instead of using dogtag for certificates +Configure a self\-signed CA instance for issuing server certificates instead of using dogtag for certificates .TP \fB\-\-hostname\fR=\fIHOST_NAME\fR The fully\-qualified DNS name of this server @@ -71,6 +71,9 @@ the \fB\-\-no\-forwarders\fR option is specified. \fB\-\-no\-forwarders\fR Do not add any DNS forwarders. Root DNS servers will be used instead. .TP +\fB\-\-zonemgr\fR +The e\-mail address of the DNS zone manager. Defaults too root@host.domain +.TP \fB\-\-no\-host\-dns\fR Do not use DNS for hostname lookup during installation .TP diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index a144193b7..a6b490036 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -91,13 +91,14 @@ def get_reverse_zone(ip_address): return zone, name -def add_zone(name, update_policy=None, dns_backup=None): +def add_zone(name, update_policy=None, zonemgr=None, dns_backup=None): if not update_policy: update_policy = "grant %s krb5-self * A;" % api.env.realm try: api.Command.dns_add(unicode(name), idnssoamname=unicode(api.env.host+"."), + idnssoarname=unicode(zonemgr), idnsallowdynupdate=True, idnsupdatepolicy=unicode(update_policy)) except (errors.DuplicateEntry, errors.EmptyModlist): @@ -202,7 +203,7 @@ class BindInstance(service.Service): else: self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') - def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp, named_user="named"): + def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp, named_user="named", zonemgr=None): self.named_user = named_user self.fqdn = fqdn self.ip_address = ip_address @@ -213,6 +214,11 @@ class BindInstance(service.Service): self.suffix = util.realm_to_suffix(self.realm) self.ntp = ntp + if zonemgr: + self.zonemgr = zonemgr.replace('@','.') + else: + self.zonemgr = 'root.%s.%s' % (self.host, self.domain) + tmp = ip_address.split(".") tmp.reverse() @@ -283,7 +289,8 @@ class BindInstance(service.Service): SERVER_ID=realm_to_serverid(self.realm), FORWARDERS=fwds, SUFFIX=self.suffix, - OPTIONAL_NTP=optional_ntp) + OPTIONAL_NTP=optional_ntp, + ZONEMGR=self.zonemgr) def __setup_dns_container(self): self._ldap_mod("dns.ldif", self.sub_dict) @@ -301,7 +308,7 @@ class BindInstance(service.Service): ("_kpasswd._udp", "SRV", "0 100 464 %s" % self.host), ) - zone = add_zone(self.domain, dns_backup=self.dns_backup) + zone = add_zone(self.domain, zonemgr=self.zonemgr, dns_backup=self.dns_backup) for (host, type, rdata) in resource_records: if type == "SRV": |