From a09d2c34988275178bec1c3b7d15f00e9d0c8db4 Mon Sep 17 00:00:00 2001 From: Martin Nagy Date: Sat, 27 Jun 2009 07:53:45 +0200 Subject: Add a reverse zone with server's PTR record Also, small cosmetic change in dns.ldif. --- install/share/dns.ldif | 4 ++-- install/share/dns_reverse.ldif | 24 ++++++++++++++++++++++++ ipaserver/install/bindinstance.py | 22 +++++++++++++++++----- 3 files changed, 43 insertions(+), 7 deletions(-) create mode 100644 install/share/dns_reverse.ldif diff --git a/install/share/dns.ldif b/install/share/dns.ldif index 6c3a8b1c6..8ce9d69aa 100644 --- a/install/share/dns.ldif +++ b/install/share/dns.ldif @@ -14,8 +14,8 @@ idnsName: $DOMAIN idnsZoneActive: TRUE idnsAllowDynUpdate: TRUE idnsUpdatePolicy: grant $REALM krb5-self * A; -idnsSOAmName: $HOST.$DOMAIN. -idnsSOArName: root.$HOST.$DOMAIN. +idnsSOAmName: $FQDN. +idnsSOArName: root.$FQDN. idnsSOAserial: 1 idnsSOArefresh: 10800 idnsSOAretry: 900 diff --git a/install/share/dns_reverse.ldif b/install/share/dns_reverse.ldif new file mode 100644 index 000000000..02d45a472 --- /dev/null +++ b/install/share/dns_reverse.ldif @@ -0,0 +1,24 @@ +dn: idnsName=$REVERSE_SUBNET.in-addr.arpa,cn=dns,$SUFFIX +changetype: add +objectClass: top +objectClass: idnsZone +objectClass: idnsRecord +idnsName: $REVERSE_SUBNET.in-addr.arpa +idnsZoneActive: TRUE +idnsAllowDynUpdate: TRUE +idnsUpdatePolicy: grant $REALM krb5-subdomain $REVERSE_SUBNET.in-addr.arpa. PTR; +idnsSOAmName: $FQDN. +idnsSOArName: root.$FQDN. +idnsSOAserial: 1 +idnsSOArefresh: 10800 +idnsSOAretry: 900 +idnsSOAexpire: 604800 +idnsSOAminimum: 86400 +NSRecord: $FQDN. + +dn: idnsName=$REVERSE_HOST,idnsName=$REVERSE_SUBNET.in-addr.arpa,cn=dns,$SUFFIX +changetype: add +objectClass: idnsRecord +objectClass: top +idnsName: $REVERSE_HOST +PTRRecord: $FQDN. diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index d62fce12f..f8fc2a980 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -71,6 +71,12 @@ class BindInstance(service.Service): self.host = fqdn.split(".")[0] self.suffix = util.realm_to_suffix(self.realm) + tmp = ip_address.split(".") + tmp.reverse() + + self.reverse_host = tmp.pop(0) + self.reverse_subnet = ".".join(tmp) + self.__setup_sub_dict() def create_sample_bind_zone(self): @@ -90,15 +96,16 @@ class BindInstance(service.Service): # FIXME: this need to be split off, as only the first server can do # this operation self.step("Setting up our zone", self.__setup_zone) + self.step("setting up reverse zone", self.__setup_reverse_zone) - self.step("Setting up kerberos principal", self.__setup_principal) - self.step("Setting up named.conf", self.__setup_named_conf) + self.step("setting up kerberos principal", self.__setup_principal) + self.step("setting up named.conf", self.__setup_named_conf) self.step("restarting named", self.__start) self.step("configuring named to start on boot", self.__enable) - self.step("Changing resolv.conf to point to ourselves", self.__setup_resolv_conf) - self.start_creation("Configuring bind:") + self.step("changing resolv.conf to point to ourselves", self.__setup_resolv_conf) + self.start_creation("Configuring named:") def __start(self): try: @@ -117,12 +124,17 @@ class BindInstance(service.Service): DOMAIN=self.domain, HOST=self.host, REALM=self.realm, - SUFFIX=self.suffix) + SUFFIX=self.suffix, + REVERSE_HOST=self.reverse_host, + REVERSE_SUBNET=self.reverse_subnet) def __setup_zone(self): self.backup_state("domain", self.domain) self._ldap_mod("dns.ldif", self.sub_dict) + def __setup_reverse_zone(self): + self._ldap_mod("dns_reverse.ldif", self.sub_dict) + def __setup_principal(self): dns_principal = "DNS/" + self.fqdn + "@" + self.realm installutils.kadmin_addprinc(dns_principal) -- cgit