From a00109585684fac520c48188298b75df816fbd23 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mkosek@redhat.com>
Date: Thu, 25 Oct 2012 08:47:34 +0200
Subject: Process relative nameserver DNS record correctly

Nameserver hostname passed to dnszone_add command was always treated
as FQDN even though it was a relative DNS name to the new zone. All
relative names were being rejected as unresolvable.

Modify --name-server option processing in dnszone_add and dnszone_mod
to respect FQDN/relative DNS name and do the checks accordingly. With
this change, user can add a new zone "example.com" and let dnszone_add
to create NS record "ns" in it, when supplied with its IP address. IP
address check is more strict so that it is not entered when no forward
record is created. Places misusing the option were fixed.

Nameserver option now also accepts zone name, which means that NS and A
record is placed to DNS zone itself. Also "@" is accepted as a nameserver
name, BIND understand it also as a zone name. As a side-effect of this
change, other records with hostname part (MX, KX, NS, SRV) accept "@"
as valid hostname. BIND replaces it with respective zone name as well.

Unit tests were updated to test the new format.

https://fedorahosted.org/freeipa/ticket/3204
---
 ipaserver/install/bindinstance.py | 25 ++++++++++++++-----------
 1 file changed, 14 insertions(+), 11 deletions(-)

(limited to 'ipaserver/install/bindinstance.py')

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 39063294..ecd697d4 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -251,7 +251,7 @@ def read_reverse_zone(default, ip_address):
     return normalize_zone(zone)
 
 def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_address=None,
-       update_policy=None):
+       update_policy=None, force=False):
     if zone_is_reverse(name):
         # always normalize reverse zones
         name = normalize_zone(name)
@@ -273,13 +273,6 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres
                 "No IPA server with DNS support found!")
         ns_main = dns_masters.pop(0)
         ns_replicas = dns_masters
-        addresses = resolve_host(ns_main)
-
-        if len(addresses) > 0:
-            # use the first address
-            ns_ip_address = addresses[0]
-        else:
-            ns_ip_address = None
     else:
         ns_main = ns_hostname
         ns_replicas = []
@@ -296,12 +289,14 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres
                                 idnsallowdynupdate=True,
                                 idnsupdatepolicy=unicode(update_policy),
                                 idnsallowquery=u'any',
-                                idnsallowtransfer=u'none',)
+                                idnsallowtransfer=u'none',
+                                force=force)
     except (errors.DuplicateEntry, errors.EmptyModlist):
         pass
 
     nameservers = ns_replicas + [ns_main]
     for hostname in nameservers:
+        hostname = normalize_zone(hostname)
         add_ns_rr(name, hostname, dns_backup=None, force=True)
 
 def add_rr(zone, name, type, rdata, dns_backup=None, **kwargs):
@@ -568,6 +563,8 @@ class BindInstance(service.Service):
         self._ldap_mod("dns.ldif", self.sub_dict)
 
     def __setup_zone(self):
+        nameserver_ip_address = self.ip_address
+        force = False
         if not self.host_in_default_domain():
             # add DNS domain for host first
             root_logger.debug("Host domain (%s) is different from DNS domain (%s)!" \
@@ -576,8 +573,14 @@ class BindInstance(service.Service):
 
             add_zone(self.host_domain, self.zonemgr, dns_backup=self.dns_backup,
                     ns_hostname=api.env.host, ns_ip_address=self.ip_address)
+            # Nameserver is in self.host_domain, no forward record added to self.domain
+            nameserver_ip_address = None
+            # Set force=True in case nameserver added in previous step
+            # is not resolvable yet
+            force = True
         add_zone(self.domain, self.zonemgr, dns_backup=self.dns_backup,
-                ns_hostname=api.env.host, ns_ip_address=self.ip_address)
+                ns_hostname=api.env.host, ns_ip_address=nameserver_ip_address,
+                force=force)
 
     def __add_self_ns(self):
         add_ns_rr(self.domain, api.env.host, self.dns_backup, force=True)
@@ -610,7 +613,7 @@ class BindInstance(service.Service):
 
     def __setup_reverse_zone(self):
         add_zone(self.reverse_zone, self.zonemgr, ns_hostname=api.env.host,
-                ns_ip_address=self.ip_address, dns_backup=self.dns_backup)
+                dns_backup=self.dns_backup)
 
     def __setup_principal(self):
         dns_principal = "DNS/" + self.fqdn + "@" + self.realm
-- 
cgit