Fine tuning DNS options

Add pointer to self to /etc/hosts to avoid chicken/egg problems when
restarting DNS.

On servers set both dns_lookup_realm and dns_lookup_kdc to false so we don't
attempt to do any resolving. Leave it to true on clients.

Set rdns to false on both server and client.

https://fedorahosted.org/freeipa/ticket/931

4 files changed, 27 insertions, 6 deletions

diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template
index 9cf4ee84..93d88dbb 100644
--- a/install/share/krb5.conf.template
+++ b/install/share/krb5.conf.template
@@ -5,8 +5,9 @@
 
 [libdefaults]
  default_realm = $REALM
- dns_lookup_realm = true
- dns_lookup_kdc = true
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ rdns = false
  ticket_lifetime = 24h
  forwardable = yes
 
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 5012c657..32a9aef1 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -408,6 +408,7 @@ def configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
     else:
         libopts.append({'name':'dns_lookup_realm', 'type':'option', 'value':'true'})
         libopts.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'true'})
+    libopts.append({'name':'rdns', 'type':'option', 'value':'false'})
     libopts.append({'name':'ticket_lifetime', 'type':'option', 'value':'24h'})
     libopts.append({'name':'forwardable', 'type':'option', 'value':'yes'})
 
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 8790427c..ea9280b3 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -297,6 +297,9 @@ class BindInstance(service.Service):
         # get a connection to the DS
         self.ldap_connect()
 
+        if not installutils.record_in_hosts(self.ip_address, self.fqdn):
+            installutils.add_record_to_hosts(self.ip_address, self.fqdn)
+
         if not dns_container_exists(self.fqdn, self.suffix):
             self.step("adding DNS container", self.__setup_dns_container)
         if not dns_zone_exists(self.domain):
diff --git a/ipaserver/install/installutils.py b/ipaserver/install/installutils.py
index 99d1582e..563333bd 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -156,6 +156,25 @@ def verify_ip_address(ip):
             is_ok = False
     return is_ok
 
+def record_in_hosts(ip, host_name, file="/etc/hosts"):
+    hosts = open(file, 'r').readlines()
+    for line in hosts:
+        hosts_ip = line.split()[0]
+        if hosts_ip != ip:
+            continue
+
+        names = line.split()[1:]
+        if host_name in names:
+            return True
+
+    return False
+
+def add_record_to_hosts(ip, host_name, file="/etc/hosts"):
+    hosts_fd = open(file, 'r+')
+    hosts_fd.seek(0, 2)
+    hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n')
+    hosts_fd.close()
+
 def read_ip_address(host_name, fstore):
     while True:
         ip = ipautil.user_input("Please provide the IP address to be used for this host name", allow_empty = False)
@@ -169,10 +188,7 @@ def read_ip_address(host_name, fstore):
 
     print "Adding ["+ip+" "+host_name+"] to your /etc/hosts file"
     fstore.backup_file("/etc/hosts")
-    hosts_fd = open('/etc/hosts', 'r+')
-    hosts_fd.seek(0, 2)
-    hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n')
-    hosts_fd.close()
+    add_record_to_hosts(ip, host_name)
 
     return ip