summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/dns.py
Commit message (Collapse)AuthorAgeFilesLines
* DNS: Do not traceback if DNS is not installedMartin Basti2015-07-011-2/+11
| | | | | | | | | Instead of internal error show 'DNS is not configured' message, when a dns* command is executed. https://fedorahosted.org/freeipa/ticket/5017 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* DNS: add UnknownRecord to schemaMartin Basti2015-06-181-2/+2
| | | | | | | | defintion of UnknownRecord attributetype https://fedorahosted.org/freeipa/ticket/4939 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNSSEC: validate forward zone forwardersMartin Basti2015-06-111-1/+112
| | | | | | | | | | Show warning messages if DNSSEC validation is failing for particular FW zone or if the specified forwarders do not work https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNSSEC: Improve global forwarders validationMartin Basti2015-06-111-27/+36
| | | | | | | | | | Validation now provides more detailed information and less false positives failures. https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS: remove NSEC3PARAM from recordsMartin Basti2015-03-091-7/+1
| | | | | | | | NSEC3PARAM is configurable only from zone commands. This patch removes this record type from DNS records. Ticket: https://fedorahosted.org/freeipa/ticket/4930 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS fix: do not show part options for unsupported recordsMartin Basti2015-03-091-1/+2
| | | | | | | Do not show parts options in help output, if record is marked as unsupported. Ticket: https://fedorahosted.org/freeipa/ticket/4930 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS fix: do not traceback if unsupported records are in LDAPMartin Basti2015-03-091-32/+32
| | | | | | | | | | Show records which are unsupported, if they are in LDAP. Those records are not editable, and web UI doesnt show them. Fixes traceback caused by --structured option Ticket: https://fedorahosted.org/freeipa/ticket/4930 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Always return absolute idnsname in dnszone commandsMartin Basti2015-01-261-2/+34
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4722 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Detect and warn about invalid DNS forward zone configurationMartin Basti2015-01-151-11/+319
| | | | | | | | | Shows warning if forward and parent authoritative zone do not have proper NS record delegation, which can cause the forward zone will be ineffective and forwarding will not work. Ticket: https://fedorahosted.org/freeipa/ticket/4721 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Show SSHFP record containing space in fingerprintMartin Basti2014-12-101-0/+8
| | | | | | | | | SSHFP records added by nsupdate contains extra space (valid), framework couldn't handle it. Ticket: https://fedorahosted.org/freeipa/ticket/4790 Ticket: https://fedorahosted.org/freeipa/ticket/4789 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix warning message should not contain CLI commandsMartin Basti2014-11-191-5/+4
| | | | | | | Message is now universal for both CLI and WebUI Ticket: https://fedorahosted.org/freeipa/ticket/4647 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* fix forwarder validation errorsMartin Basti2014-10-211-6/+8
| | | | | | Fix tests, validation in dnsconfig mod, wuser warning Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNSSEC: change link to ipa pageMartin Basti2014-10-211-3/+1
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* DNSSEC: ACIMartin Basti2014-10-211-0/+53
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* DNSSEC: validate forwardersMartin Basti2014-10-211-1/+33
| | | | | | | | | | | | Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
* Remove --ip-address, --name-server otpions from DNS helpMartin Basti2014-09-261-5/+2
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* DNS: autofill admin emailMartin Basti2014-09-251-6/+5
| | | | | | | | | Admins email (SOA RNAME) is autofilled with value 'hostmaster'. Bind will automaticaly append zone part. Part of ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Deprecation of --name-server and --ip-address option in DNSMartin Basti2014-09-251-81/+73
| | | | | | | | | | | | | Option --name-server is changing only SOA MNAME, this option has no more effect to NS records Option --ip-addres is just ignored A warning message is sent after use these options Part of ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix DNS plugin to allow to add root zoneMartin Basti2014-09-251-24/+32
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4149 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS: remove --class optionMartin Basti2014-09-251-4/+5
| | | | | | | | This option haven't been working, it is time to remove it. Ticket: https://fedorahosted.org/freeipa/ticket/3414 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
* dnszone-remove-permission should raise errorMartin Basti2014-09-251-4/+1
| | | | | | | dnszone-remove-permission should raise NotFound error if permission was not found (regression of 21c829ff). Reviewed-By: Martin Kosek <mkosek@redhat.com>
* FIX DNS wildcard records (RFC4592)Martin Basti2014-09-051-0/+22
| | | | | | | | | | Make validation more strict * DS, NS, DNAME owners should not be a wildcard domanin name * zone name should not be a wildcard domain name Ticket: https://fedorahosted.org/freeipa/ticket/4488 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* DNS fix NS record coexistence validatorMartin Basti2014-09-051-6/+17
| | | | | | | NS can coexistent only with A, AAAA, DS, NS record Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
* DNSSEC: fix DS record validationMartin Basti2014-09-051-36/+63
| | | | | | | Part of: https://fedorahosted.org/freeipa/ticket/3801 Reviewed-By: Petr Spacek <pspacek@redhat.com> Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix dnsrecord-mod raise error if last record attr is removedMartin Basti2014-09-051-0/+7
| | | | | | Removing last record attribute causes output type validation error Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Fix typos in dns.pyGabe2014-07-181-3/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4429 Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Non IDNA zonename should be normalized to lowercaseMartin Basti2014-07-041-0/+10
| | | | | | Before IDNA support zone was normalized. Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Fix incompatible permission name *zone-delMartin Basti2014-07-031-14/+19
| | | | | | Fixes ticket: https://fedorahosted.org/freeipa/ticket/4383 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Split dns docstringMartin Basti2014-07-031-47/+47
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Help for forward zonesMartin Basti2014-07-031-12/+51
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Use documentation addresses in dns helpMartin Basti2014-07-031-15/+15
| | | | Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add DNSSEC experimental support warning messageMartin Basti2014-07-031-0/+19
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4408 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add warning about semantic change for zonesMartin Basti2014-07-031-0/+23
| | | | | | | | | --forwarder have different semantic since forward zones support. Add warning if zone contains forwarders. Ticket: https://fedorahosted.org/freeipa/ticket/3210#comment:16 Reviewed-By: Petr Spacek <pspacek@redhat.com>
* Add NSEC3PARAM to zone settingsMartin Basti2014-07-021-3/+47
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Remove NSEC3PARAM recordMartin Basti2014-07-021-45/+3
| | | | | | | Revert 5b95be802c6aa12b9464813441f85eaee3e3e82b Ticket: https://fedorahosted.org/freeipa/ticket/4413 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix ACI in DNSMartin Basti2014-07-011-2/+2
| | | | | | | Added ACI for idnssecinlinesigning, dlvrecord, nsec3paramrecord, tlsarecord Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* DNSSEC: add TLSA record typeMartin Basti2014-07-011-15/+44
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Fix incompatible DNS permissionMartin Basti2014-06-251-1/+30
| | | | | | | | | dns(forward)zone-add/remove-permission can work with permissions with relative zone name Ticket:https://fedorahosted.org/freeipa/ticket/4383 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Digest part in DLV/DS records allows only heaxadecimal charactersMartin Basti2014-06-201-0/+2
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* DNSSEC: DLVRecord type addedMartin Basti2014-06-201-15/+17
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* DNSSEC: added NSEC3PARAM record typeMartin Basti2014-06-201-5/+49
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* DNSSEC: remove unsuported recordsMartin Basti2014-06-201-97/+4
| | | | | | | Removed SIG, NSEC, KEy, RRSIG records Ticket: https://fedorahosted.org/freeipa/ticket/4328 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Create BASE zone classMartin Basti2014-06-201-528/+333
| | | | | | | | | | | Zones and forward zones have a lot of common code, this patch remove duplications by creating a DNSBase class and its subclasses design: http://www.freeipa.org/page/V4/Forward_zones Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Prevent commands to modify different type of a zoneMartin Basti2014-06-201-16/+128
| | | | | | | | | | | Commands dnsforwardzone-* can modify only forward zones Commands dnszone-* can modify only (master) zones Commands dnsrecord-* can work only with master zones design: http://www.freeipa.org/page/V4/Forward_zones Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Separate master and forward DNS zonesMartin Basti2014-06-201-0/+328
| | | | | | | | | Forward zones are stored in idnsforwadzone objectclasses. design: http://www.freeipa.org/page/V4/Forward_zones Ticket: https://fedorahosted.org/freeipa/ticket/3210 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Convert DNS default permissions to managedPetr Viktorin2014-06-181-0/+101
| | | | | | | | | | | Convert the existing default permissions. The Read permission is split between Read DNS Entries and Read DNS Configuration. Part of the work for: https://fedorahosted.org/freeipa/ticket/4346 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix --ttl description for DNS zonesPetr Spacek2014-06-121-2/+2
| | | | | | | TTL specified in idnsZone object class affects all records at zone apex, not only SOA record. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Update all remaining plugins to the new Registry APINathaniel McCallum2014-06-111-22/+25
| | | | Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* PTR record target can be relativeMartin Basti2014-06-031-2/+1
| | | | Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* _domain_name_validatord moved from DNS to realmdomainsMartin Basti2014-06-031-11/+0
| | | | | | | | | | Validator is no more used in dns plugin Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
generated by cgit (git 2.34.1) at 2024-06-20 13:45:09 +0000