From 51907d5bb8fce9e5358fed50c0ec7074ef7f0c69 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspacek@redhat.com>
Date: Mon, 7 Mar 2016 14:37:31 +0100
Subject: Auto-detect default value for --forward-policy option in installers

Forward policy defaults to 'first' if no IP address belonging to a private
or reserved ranges is detected on local interfaces (RFC 6303).
Defaults to only if a private IP address is detected.

This prevents problems with BIND automatic empty zones because
conflicting zones cannot be disabled unless forwarding policy == only.

https://fedorahosted.org/freeipa/ticket/5710

Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 install/tools/ipa-dns-install           | 2 +-
 install/tools/man/ipa-dns-install.1     | 5 ++++-
 install/tools/man/ipa-replica-install.1 | 5 ++++-
 install/tools/man/ipa-server-install.1  | 5 ++++-
 4 files changed, 13 insertions(+), 4 deletions(-)

(limited to 'install/tools')

diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install
index 53afd714d..d8b2eb0fe 100755
--- a/install/tools/ipa-dns-install
+++ b/install/tools/ipa-dns-install
@@ -58,7 +58,7 @@ def parse_options():
                       action="store_true", default=False,
                       help="Use DNS forwarders configured in /etc/resolv.conf")
     parser.add_option("--forward-policy", dest="forward_policy",
-                      choices=("first", "only"), default="first",
+                      choices=("first", "only"), default=None,
                       help="DNS forwarding policy for global forwarders")
     parser.add_option("--reverse-zone", dest="reverse_zones",
                       default=[], action="append", metavar="REVERSE_ZONE",
diff --git a/install/tools/man/ipa-dns-install.1 b/install/tools/man/ipa-dns-install.1
index e3739e2bb..ad937cc59 100644
--- a/install/tools/man/ipa-dns-install.1
+++ b/install/tools/man/ipa-dns-install.1
@@ -42,7 +42,10 @@ Do not add any DNS forwarders, send non\-resolvable addresses to the DNS root se
 Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS.
 .TP
 \fB\-\-forward\-policy\fR=\fIfirst|only\fR
-DNS forwarding policy for global forwarders specified using other options. Defaults to first.
+DNS forwarding policy for global forwarders specified using other options.
+Defaults to first if no IP address belonging to a private or reserved ranges is
+detected on local interfaces (RFC 6303). Defaults to only if a private
+IP address is detected.
 .TP
 \fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
 The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1
index 6875f4e41..0e9f51a64 100644
--- a/install/tools/man/ipa-replica-install.1
+++ b/install/tools/man/ipa-replica-install.1
@@ -150,7 +150,10 @@ Do not add any DNS forwarders. Root DNS servers will be used instead.
 Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS.
 .TP
 \fB\-\-forward\-policy\fR=\fIfirst|only\fR
-DNS forwarding policy for global forwarders specified using other options. Defaults to first.
+DNS forwarding policy for global forwarders specified using other options.
+Defaults to first if no IP address belonging to a private or reserved ranges is
+detected on local interfaces (RFC 6303). Defaults to only if a private
+IP address is detected.
 .TP
 \fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
 The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index e5f6f760b..55b49449e 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -159,7 +159,10 @@ Do not add any DNS forwarders. Root DNS servers will be used instead.
 Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS.
 .TP
 \fB\-\-forward\-policy\fR=\fIfirst|only\fR
-DNS forwarding policy for global forwarders specified using other options. Defaults to first.
+DNS forwarding policy for global forwarders specified using other options.
+Defaults to first if no IP address belonging to a private or reserved ranges is
+detected on local interfaces (RFC 6303). Defaults to only if a private
+IP address is detected.
 .TP
 \fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
 The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
-- 
cgit