DNS: Warn if forwarding policy conflicts with automatic empty zones

Forwarding policy "first" or "none" may conflicts with some automatic empty zones. Queries for zones specified by RFC 6303 will ignore forwarding and recursion and always result in NXDOMAIN answers. This is not detected and warned about. Global forwarding is equivalent to forward zone ".". Example: Forward zone 1.10.in-addr.arpa with policy "first" will not forward anything because BIND will automatically prefer automatic empty zone "10.in-addr.arpa." which is authoritative. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com>
author: Petr Spacek <pspacek@redhat.com> 2016-05-04 10:30:18 +0200
committer: Martin Basti <mbasti@redhat.com> 2016-05-30 20:14:32 +0200
commit: da71e7e9de233bc0e40a90adb2db6d0944a1356a (patch)
tree: ca3a9d0f9b0d1d7c921275079c00ba0c9a27c796 /ipatests/test_xmlrpc
parent: 037eae26d0cd8467d3a559bb4cc585c61b626734 (diff)
download: freeipa-da71e7e9de233bc0e40a90adb2db6d0944a1356a.tar.gz
freeipa-da71e7e9de233bc0e40a90adb2db6d0944a1356a.tar.xz
freeipa-da71e7e9de233bc0e40a90adb2db6d0944a1356a.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py
index 0953de8b5..7351d0b1d 100644
--- a/ipatests/test_xmlrpc/test_dns_plugin.py
+++ b/ipatests/test_xmlrpc/test_dns_plugin.py
@@ -1763,6 +1763,13 @@ class test_dns(Declarative):
                 'summary': None,
                 u'messages': (
                     {u'message': lambda x: x.startswith(
+                        u"Forwarding policy conflicts with some "
+                        "automatic empty zones."),
+                     u'code': 13021,
+                     u'type': u'warning',
+                     u'name': u'DNSForwardPolicyConflictWithEmptyZone',
+                     u'data': {}},
+                    {u'message': lambda x: x.startswith(
                         u"DNS server %s: query '. SOA':" % fwd_ip),
                      u'code': 13006,
                      u'type':u'warning',
@@ -3438,6 +3445,13 @@ class test_forward_zones(Declarative):
                 'summary': None,
                 u'messages': (
                     {u'message': lambda x: x.startswith(
+                        u"Forwarding policy conflicts with some "
+                        "automatic empty zones."),
+                     u'code': 13021,
+                     u'type': u'warning',
+                     u'name': u'DNSForwardPolicyConflictWithEmptyZone',
+                     u'data': {}},
+                    {u'message': lambda x: x.startswith(
                         u"DNS server %s: query '%s SOA':" %
                         (forwarder1, fwzone2)),
                      u'code': 13006,
author	Petr Spacek <pspacek@redhat.com>	2016-05-04 10:30:18 +0200
committer	Martin Basti <mbasti@redhat.com>	2016-05-30 20:14:32 +0200
commit	da71e7e9de233bc0e40a90adb2db6d0944a1356a (patch)
tree	ca3a9d0f9b0d1d7c921275079c00ba0c9a27c796 /ipatests/test_xmlrpc
parent	037eae26d0cd8467d3a559bb4cc585c61b626734 (diff)
download	freeipa-da71e7e9de233bc0e40a90adb2db6d0944a1356a.tar.gz freeipa-da71e7e9de233bc0e40a90adb2db6d0944a1356a.tar.xz freeipa-da71e7e9de233bc0e40a90adb2db6d0944a1356a.zip