Fix DNS SOA serial parameters boundaries

Set correct boundaries for DNS SOA serial parameters (see RFC 1035,
2181).

https://fedorahosted.org/freeipa/ticket/2568

1 files changed, 7 insertions, 1 deletions

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index e9f8b0cc..8e297099 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -1585,6 +1585,7 @@ class dnszone(LDAPObject):
             label=_('SOA serial'),
             doc=_('SOA record serial number'),
             minvalue=1,
+            maxvalue=4294967295,
             default_from=_create_zone_serial,
             autofill=True,
         ),
@@ -1593,6 +1594,7 @@ class dnszone(LDAPObject):
             label=_('SOA refresh'),
             doc=_('SOA record refresh time'),
             minvalue=0,
+            maxvalue=2147483647,
             default=3600,
             autofill=True,
         ),
@@ -1601,6 +1603,7 @@ class dnszone(LDAPObject):
             label=_('SOA retry'),
             doc=_('SOA record retry time'),
             minvalue=0,
+            maxvalue=2147483647,
             default=900,
             autofill=True,
         ),
@@ -1610,6 +1613,7 @@ class dnszone(LDAPObject):
             doc=_('SOA record expire time'),
             default=1209600,
             minvalue=0,
+            maxvalue=2147483647,
             autofill=True,
         ),
         Int('idnssoaminimum',
@@ -1618,13 +1622,15 @@ class dnszone(LDAPObject):
             doc=_('How long should negative responses be cached'),
             default=3600,
             minvalue=0,
-            maxvalue=10800,
+            maxvalue=2147483647,
             autofill=True,
         ),
         Int('dnsttl?',
             cli_name='ttl',
             label=_('SOA time to live'),
             doc=_('SOA record time to live'),
+            minvalue=0,
+            maxvalue=2147483647, # see RFC 2181
         ),
         StrEnum('dnsclass?',
             cli_name='class',