summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--install/share/bind.named.conf.template3
-rwxr-xr-xinstall/tools/ipa-server-install46
-rw-r--r--install/tools/man/ipa-server-install.112
-rw-r--r--ipaserver/install/bindinstance.py13
4 files changed, 71 insertions, 3 deletions
diff --git a/install/share/bind.named.conf.template b/install/share/bind.named.conf.template
index 69bd86b0..8b5fac2a 100644
--- a/install/share/bind.named.conf.template
+++ b/install/share/bind.named.conf.template
@@ -5,6 +5,9 @@ options {
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
+ forward first;
+ forwarders {$FORWARDERS};
+
tkey-gssapi-credential "DNS/$FQDN";
tkey-domain "$REALM";
};
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index d0e93979..2c890b4e 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -84,6 +84,10 @@ def parse_options():
default=False, help="configure bind with our zone file")
parser.add_option("--setup-dns", dest="setup_dns", action="store_true",
default=False, help="configure bind with our zone")
+ parser.add_option("--forwarder", dest="forwarders", action="append",
+ help="Add a DNS forwarder")
+ parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
+ default=False, help="Do not add any DNS forwarders, use root servers instead")
parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
default=False, help="unattended installation never prompts the user")
parser.add_option("", "--uninstall", dest="uninstall", action="store_true",
@@ -108,6 +112,14 @@ def parse_options():
help="The starting gid value (default random)")
options, args = parser.parse_args()
+ if not options.setup_dns:
+ if options.forwarders:
+ parser.error("You cannot specify a --forwarder option without the --setup-dns option")
+ if options.no_forwarders:
+ parser.error("You cannot specify a --no-forwarders option without the --setup-dns option")
+ elif options.forwarders and options.no_forwarders:
+ parser.error("You cannot specify a --forwarder option together with --no-forwarders")
+
if options.uninstall:
if (options.ds_user or options.realm_name or
options.dm_password or options.admin_password or
@@ -117,6 +129,9 @@ def parse_options():
if (not options.ds_user or not options.realm_name or
not options.dm_password or not options.admin_password):
parser.error("error: In unattended mode you need to provide at least -u, -r, -p and -a options")
+ if options.setup_dns:
+ if not options.forwarders and not options.no_forwarders:
+ parser.error("You must specify at least one --forwarder option or --no-forwarders option")
# If any of the PKCS#12 options are selected, all are required. Create a
# list of the options and count it to enforce that all are required without
@@ -210,6 +225,27 @@ def read_ip_address(host_name):
return ip
+def read_dns_forwarders():
+ addrs = []
+ while True:
+ ip = user_input("Enter IP address for a DNS forwarder (empty to stop)", allow_empty=True)
+
+ if not ip:
+ break
+ if ip == "127.0.0.1" or ip == "::1":
+ print "You cannot use localhost as a DNS forwarder"
+ continue
+ if not verify_ip_address(ip):
+ continue
+
+ print "DNS forwarder %s added" % ip
+ addrs.append(ip)
+
+ if not addrs:
+ print "No DNS forwarders configured"
+
+ return addrs
+
def read_ds_user():
print "The server must run as a specific user in a specific group."
print "It is strongly recommended that this user should have no privileges"
@@ -504,6 +540,14 @@ def main():
else:
admin_password = options.admin_password
+ if options.setup_dns:
+ if options.no_forwarders:
+ dns_forwarders = ()
+ elif options.forwarders:
+ dns_forwarders = options.forwarders
+ else:
+ dns_forwarders = read_dns_forwarders()
+
if not options.unattended:
print ""
print "The following operations may take some minutes to complete."
@@ -591,7 +635,7 @@ def main():
# Create a BIND instance
bind = bindinstance.BindInstance(fstore, dm_password)
- bind.setup(host_name, ip_address, realm_name, domain_name)
+ bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders)
if options.setup_dns:
bind.create_instance()
else:
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index df977c2f..5b0df3dc 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -56,8 +56,18 @@ The IP address of this server
An unattended installation that will never prompt for user input
.TP
\fB\-\-setup\-dns\fR
-Generate a DNS zone if it does not exist already and configure the DNS server
+Generate a DNS zone if it does not exist already and configure the DNS server.
+This option requires that you either specify at least one DNS forwarder through
+the \fB\-\-forwarder\fR option or use the \fB\-\-no\-forwarders\fR option.
.TP
+\fB\-\-forwarder\fR=\fIIP_ADDRESS\fR
+Add a DNS forwarder to the DNS configuration. You can use this option multiple
+times to specify more forwarders, but at least one must be provided, unless
+the \fB\-\-no\-forwarders\fR option is specified.
+.TP
+\fB\-\-no\-forwarders\fR
+Do not add any DNS forwarders. Root DNS servers will be used instead.
+.TP
\fB\-n\fR, \fB\-\-no\-ntp\fR
Do not configure NTP
\fB\-U\fR, \fB\-\-uninstall\fR
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index f5a70461..e2c91f37 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -52,6 +52,7 @@ class BindInstance(service.Service):
self.host = None
self.ip_address = None
self.realm = None
+ self.forwarders = None
self.sub_dict = None
if fstore:
@@ -59,12 +60,13 @@ class BindInstance(service.Service):
else:
self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
- def setup(self, fqdn, ip_address, realm_name, domain_name, named_user="named"):
+ def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, named_user="named"):
self.named_user = named_user
self.fqdn = fqdn
self.ip_address = ip_address
self.realm = realm_name
self.domain = domain_name
+ self.forwarders = forwarders
self.host = fqdn.split(".")[0]
self.suffix = util.realm_to_suffix(self.realm)
@@ -146,11 +148,20 @@ class BindInstance(service.Service):
self.chkconfig_on()
def __setup_sub_dict(self):
+ if self.forwarders:
+ fwds = "\n"
+ for forwarder in self.forwarders:
+ fwds += "\t\t%s;\n" % forwarder
+ fwds += "\t"
+ else:
+ fwds = " "
+
self.sub_dict = dict(FQDN=self.fqdn,
IP=self.ip_address,
DOMAIN=self.domain,
HOST=self.host,
REALM=self.realm,
+ FORWARDERS=fwds,
SUFFIX=self.suffix,
REVERSE_HOST=self.reverse_host,
REVERSE_SUBNET=self.reverse_subnet)