From 6301914941a355f0d0e1010199716d4c0bbbd867 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 3 Mar 2008 16:10:06 -0500
Subject: Require that the hostname is a DNS A record and that the forward and
 reverse match.

433515
---
 ipa-server/ipaserver/installutils.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'ipa-server')

diff --git a/ipa-server/ipaserver/installutils.py b/ipa-server/ipaserver/installutils.py
index 2c018271c..eeefae50e 100644
--- a/ipa-server/ipaserver/installutils.py
+++ b/ipa-server/ipaserver/installutils.py
@@ -26,8 +26,10 @@ import re
 import fileinput
 import sys
 import time
+import struct
 
 from ipa import ipautil
+from ipa import dnsclient
 
 def get_fqdn():
     fqdn = ""
@@ -44,6 +46,25 @@ def verify_fqdn(host_name):
     if len(host_name.split(".")) < 2 or host_name == "localhost.localdomain":
         raise RuntimeError("Invalid hostname: " + host_name)
 
+    # Verify that it is a DNS A record
+    rs = dnsclient.query(host_name+".", dnsclient.DNS_C_IN, dnsclient.DNS_T_A)
+    if len(rs) == 0:
+        raise RuntimeError("hostname %s is not found or is not a DNS A record" % host_name)
+
+    # Compare the forward and reverse
+    forward = rs[0].dns_name
+
+    addr = socket.inet_ntoa(struct.pack('L',rs[0].rdata.address))
+    addr = addr + ".in-addr.arpa."
+
+    rs = dnsclient.query(addr, dnsclient.DNS_C_IN, dnsclient.DNS_T_PTR)
+    if len(rs) == 0:
+        raise RuntimeError("Cannot find PTR record for %s" % addr)
+    reverse = rs[0].rdata.ptrdname
+
+    if forward != reverse:
+        raise RuntimeError("The DNS forward record %s does not match the reverse lookup %s" % (forward, reverse))
+
 def port_available(port):
     """Try to bind to a port on the wildcard host
        Return 1 if the port is available
-- 
cgit