diff options
author | Petr Spacek <pspacek@redhat.com> | 2016-04-27 15:24:01 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-05-30 20:14:32 +0200 |
commit | e45a80308c947a58c0fb5266d75eedc1d9aef321 (patch) | |
tree | 0ef882cf1a1cd6db11e754c897a97624a6eb41f1 /ipapython | |
parent | f750d42b6f2d7f792ce56b6832d2bd1ae1f333a0 (diff) | |
download | freeipa-e45a80308c947a58c0fb5266d75eedc1d9aef321.tar.gz freeipa-e45a80308c947a58c0fb5266d75eedc1d9aef321.tar.xz freeipa-e45a80308c947a58c0fb5266d75eedc1d9aef321.zip |
DNS upgrade: change global forwarding policy in LDAP to "only" if private IPs are used
This change is necessary to override automatic empty zone configuration
in latest BIND and bind-dyndb-ldap 9.0+.
This procedure is still not complete because we need to handle global
forwarders in named.conf too (independently on each server).
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipapython')
-rw-r--r-- | ipapython/dnsutil.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/ipapython/dnsutil.py b/ipapython/dnsutil.py index 98fcc1bfc..f68d3c410 100644 --- a/ipapython/dnsutil.py +++ b/ipapython/dnsutil.py @@ -264,6 +264,24 @@ def related_to_auto_empty_zone(name): for aez in EMPTY_ZONES) +def has_empty_zone_addresses(hostname): + """Detect if given host is using IP address belonging to + an automatic empty zone. + + Information from --ip-address option used in installed is lost by + the time when upgrade is run. Use IP addresses from DNS as best + approximation. + + This is brain-dead and duplicates logic from DNS installer + but I did not find other way around. + """ + ip_addresses = resolve_ip_addresses(hostname) + return any( + inside_auto_empty_zone(DNSName(ip.reverse_dns)) + for ip in ip_addresses + ) + + def resolve_rrsets(fqdn, rdtypes): """ Get Resource Record sets for given FQDN. |