diff options
| author | Petr Spacek <pspacek@redhat.com> | 2016-03-07 12:00:21 +0100 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2016-04-28 18:46:06 +0200 |
| commit | bd32b48eb0180b73c3bd769b7ea2b369a095c000 (patch) | |
| tree | 273e564a568d2bb4d547f4671394678c57417334 /ipapython | |
| parent | 89974548891baa6dbbab401913359e398a2cbc57 (diff) | |
| download | freeipa-bd32b48eb0180b73c3bd769b7ea2b369a095c000.tar.gz freeipa-bd32b48eb0180b73c3bd769b7ea2b369a095c000.tar.xz freeipa-bd32b48eb0180b73c3bd769b7ea2b369a095c000.zip | |
Move automatic empty zone list into ipapython.dnsutil and make it reusable
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipapython')
| -rw-r--r-- | ipapython/dnsutil.py | 57 | ||||
| -rw-r--r-- | ipapython/ipautil.py | 56 |
2 files changed, 60 insertions, 53 deletions
diff --git a/ipapython/dnsutil.py b/ipapython/dnsutil.py index 18141fa09..0cab0f497 100644 --- a/ipapython/dnsutil.py +++ b/ipapython/dnsutil.py @@ -109,3 +109,60 @@ DNSName.root = DNSName(dns.name.root) # '.' DNSName.empty = DNSName(dns.name.empty) # '@' DNSName.ip4_rev_zone = DNSName(('in-addr', 'arpa', '')) DNSName.ip6_rev_zone = DNSName(('ip6', 'arpa', '')) + +# Empty zones are defined in various RFCs. BIND is by default serving them. +# This constat should contain everything listed in +# IANA registry "Locally-Served DNS Zones" +# URL: http://www.iana.org/assignments/locally-served-dns-zones +# + AS112 zone defined in RFC 7534. It is not in the registry for some +# reason but BIND 9.10 is serving it as automatic empty zones. +EMPTY_ZONES = [DNSName(aez).make_absolute() for aez in [ + # RFC 1918 + "10.IN-ADDR.ARPA", "16.172.IN-ADDR.ARPA", "17.172.IN-ADDR.ARPA", + "18.172.IN-ADDR.ARPA", "19.172.IN-ADDR.ARPA", "20.172.IN-ADDR.ARPA", + "21.172.IN-ADDR.ARPA", "22.172.IN-ADDR.ARPA", "23.172.IN-ADDR.ARPA", + "24.172.IN-ADDR.ARPA", "25.172.IN-ADDR.ARPA", "26.172.IN-ADDR.ARPA", + "27.172.IN-ADDR.ARPA", "28.172.IN-ADDR.ARPA", "29.172.IN-ADDR.ARPA", + "30.172.IN-ADDR.ARPA", "31.172.IN-ADDR.ARPA", "168.192.IN-ADDR.ARPA", + # RFC 6598 + "64.100.IN-ADDR.ARPA", "65.100.IN-ADDR.ARPA", "66.100.IN-ADDR.ARPA", + "67.100.IN-ADDR.ARPA", "68.100.IN-ADDR.ARPA", "69.100.IN-ADDR.ARPA", + "70.100.IN-ADDR.ARPA", "71.100.IN-ADDR.ARPA", "72.100.IN-ADDR.ARPA", + "73.100.IN-ADDR.ARPA", "74.100.IN-ADDR.ARPA", "75.100.IN-ADDR.ARPA", + "76.100.IN-ADDR.ARPA", "77.100.IN-ADDR.ARPA", "78.100.IN-ADDR.ARPA", + "79.100.IN-ADDR.ARPA", "80.100.IN-ADDR.ARPA", "81.100.IN-ADDR.ARPA", + "82.100.IN-ADDR.ARPA", "83.100.IN-ADDR.ARPA", "84.100.IN-ADDR.ARPA", + "85.100.IN-ADDR.ARPA", "86.100.IN-ADDR.ARPA", "87.100.IN-ADDR.ARPA", + "88.100.IN-ADDR.ARPA", "89.100.IN-ADDR.ARPA", "90.100.IN-ADDR.ARPA", + "91.100.IN-ADDR.ARPA", "92.100.IN-ADDR.ARPA", "93.100.IN-ADDR.ARPA", + "94.100.IN-ADDR.ARPA", "95.100.IN-ADDR.ARPA", "96.100.IN-ADDR.ARPA", + "97.100.IN-ADDR.ARPA", "98.100.IN-ADDR.ARPA", "99.100.IN-ADDR.ARPA", + "100.100.IN-ADDR.ARPA", "101.100.IN-ADDR.ARPA", + "102.100.IN-ADDR.ARPA", "103.100.IN-ADDR.ARPA", + "104.100.IN-ADDR.ARPA", "105.100.IN-ADDR.ARPA", + "106.100.IN-ADDR.ARPA", "107.100.IN-ADDR.ARPA", + "108.100.IN-ADDR.ARPA", "109.100.IN-ADDR.ARPA", + "110.100.IN-ADDR.ARPA", "111.100.IN-ADDR.ARPA", + "112.100.IN-ADDR.ARPA", "113.100.IN-ADDR.ARPA", + "114.100.IN-ADDR.ARPA", "115.100.IN-ADDR.ARPA", + "116.100.IN-ADDR.ARPA", "117.100.IN-ADDR.ARPA", + "118.100.IN-ADDR.ARPA", "119.100.IN-ADDR.ARPA", + "120.100.IN-ADDR.ARPA", "121.100.IN-ADDR.ARPA", + "122.100.IN-ADDR.ARPA", "123.100.IN-ADDR.ARPA", + "124.100.IN-ADDR.ARPA", "125.100.IN-ADDR.ARPA", + "126.100.IN-ADDR.ARPA", "127.100.IN-ADDR.ARPA", + # RFC 5735 and RFC 5737 + "0.IN-ADDR.ARPA", "127.IN-ADDR.ARPA", "254.169.IN-ADDR.ARPA", + "2.0.192.IN-ADDR.ARPA", "100.51.198.IN-ADDR.ARPA", + "113.0.203.IN-ADDR.ARPA", "255.255.255.255.IN-ADDR.ARPA", + # Local IPv6 Unicast Addresses + "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", + "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", + # LOCALLY ASSIGNED LOCAL ADDRESS SCOPE + "D.F.IP6.ARPA", "8.E.F.IP6.ARPA", "9.E.F.IP6.ARPA", "A.E.F.IP6.ARPA", + "B.E.F.IP6.ARPA", + # Example Prefix, RFC 3849. + "8.B.D.0.1.0.0.2.IP6.ARPA", + # RFC 7534 + "EMPTY.AS112.ARPA", + ]] diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 582311e99..4c9693368 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -52,7 +52,7 @@ from ipapython.ipa_log_manager import root_logger from ipapython import config from ipaplatform.paths import paths from ipapython.dn import DN -from ipapython.dnsutil import DNSName +from ipapython.dnsutil import DNSName, EMPTY_ZONES SHARE_DIR = paths.USR_SHARE_IPA_DIR PLUGINS_SHARE_DIR = paths.IPA_PLUGINS @@ -1066,59 +1066,9 @@ def check_zone_overlap(zone, raise_on_error=True): def is_auto_empty_zone(zone): + """True if specified zone name exactly matches an automatic empty zone.""" assert isinstance(zone, DNSName) - - automatic_empty_zones = [DNSName(aez).make_absolute() for aez in [ - # RFC 1918 - "10.IN-ADDR.ARPA", "16.172.IN-ADDR.ARPA", "17.172.IN-ADDR.ARPA", - "18.172.IN-ADDR.ARPA", "19.172.IN-ADDR.ARPA", "20.172.IN-ADDR.ARPA", - "21.172.IN-ADDR.ARPA", "22.172.IN-ADDR.ARPA", "23.172.IN-ADDR.ARPA", - "24.172.IN-ADDR.ARPA", "25.172.IN-ADDR.ARPA", "26.172.IN-ADDR.ARPA", - "27.172.IN-ADDR.ARPA", "28.172.IN-ADDR.ARPA", "29.172.IN-ADDR.ARPA", - "30.172.IN-ADDR.ARPA", "31.172.IN-ADDR.ARPA", "168.192.IN-ADDR.ARPA", - # RFC 6598 - "64.100.IN-ADDR.ARPA", "65.100.IN-ADDR.ARPA", "66.100.IN-ADDR.ARPA", - "67.100.IN-ADDR.ARPA", "68.100.IN-ADDR.ARPA", "69.100.IN-ADDR.ARPA", - "70.100.IN-ADDR.ARPA", "71.100.IN-ADDR.ARPA", "72.100.IN-ADDR.ARPA", - "73.100.IN-ADDR.ARPA", "74.100.IN-ADDR.ARPA", "75.100.IN-ADDR.ARPA", - "76.100.IN-ADDR.ARPA", "77.100.IN-ADDR.ARPA", "78.100.IN-ADDR.ARPA", - "79.100.IN-ADDR.ARPA", "80.100.IN-ADDR.ARPA", "81.100.IN-ADDR.ARPA", - "82.100.IN-ADDR.ARPA", "83.100.IN-ADDR.ARPA", "84.100.IN-ADDR.ARPA", - "85.100.IN-ADDR.ARPA", "86.100.IN-ADDR.ARPA", "87.100.IN-ADDR.ARPA", - "88.100.IN-ADDR.ARPA", "89.100.IN-ADDR.ARPA", "90.100.IN-ADDR.ARPA", - "91.100.IN-ADDR.ARPA", "92.100.IN-ADDR.ARPA", "93.100.IN-ADDR.ARPA", - "94.100.IN-ADDR.ARPA", "95.100.IN-ADDR.ARPA", "96.100.IN-ADDR.ARPA", - "97.100.IN-ADDR.ARPA", "98.100.IN-ADDR.ARPA", "99.100.IN-ADDR.ARPA", - "100.100.IN-ADDR.ARPA", "101.100.IN-ADDR.ARPA", - "102.100.IN-ADDR.ARPA", "103.100.IN-ADDR.ARPA", - "104.100.IN-ADDR.ARPA", "105.100.IN-ADDR.ARPA", - "106.100.IN-ADDR.ARPA", "107.100.IN-ADDR.ARPA", - "108.100.IN-ADDR.ARPA", "109.100.IN-ADDR.ARPA", - "110.100.IN-ADDR.ARPA", "111.100.IN-ADDR.ARPA", - "112.100.IN-ADDR.ARPA", "113.100.IN-ADDR.ARPA", - "114.100.IN-ADDR.ARPA", "115.100.IN-ADDR.ARPA", - "116.100.IN-ADDR.ARPA", "117.100.IN-ADDR.ARPA", - "118.100.IN-ADDR.ARPA", "119.100.IN-ADDR.ARPA", - "120.100.IN-ADDR.ARPA", "121.100.IN-ADDR.ARPA", - "122.100.IN-ADDR.ARPA", "123.100.IN-ADDR.ARPA", - "124.100.IN-ADDR.ARPA", "125.100.IN-ADDR.ARPA", - "126.100.IN-ADDR.ARPA", "127.100.IN-ADDR.ARPA", - # RFC 5735 and RFC 5737 - "0.IN-ADDR.ARPA", "127.IN-ADDR.ARPA", "254.169.IN-ADDR.ARPA", - "2.0.192.IN-ADDR.ARPA", "100.51.198.IN-ADDR.ARPA", - "113.0.203.IN-ADDR.ARPA", "255.255.255.255.IN-ADDR.ARPA", - # Local IPv6 Unicast Addresses - "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", - "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA", - # LOCALLY ASSIGNED LOCAL ADDRESS SCOPE - "D.F.IP6.ARPA", "8.E.F.IP6.ARPA", "9.E.F.IP6.ARPA", "A.E.F.IP6.ARPA", - "B.E.F.IP6.ARPA", - # Example Prefix, RFC 3849. - "8.B.D.0.1.0.0.2.IP6.ARPA", - # RFC 7534 - "EMPTY.AS112.ARPA", - ]] - return zone in automatic_empty_zones + return zone in EMPTY_ZONES def config_replace_variables(filepath, replacevars=dict(), appendvars=dict()): |