diff options
author | Petr Spacek <pspacek@redhat.com> | 2016-05-04 10:30:18 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-05-30 20:14:32 +0200 |
commit | da71e7e9de233bc0e40a90adb2db6d0944a1356a (patch) | |
tree | ca3a9d0f9b0d1d7c921275079c00ba0c9a27c796 /ipatests/test_xmlrpc | |
parent | 037eae26d0cd8467d3a559bb4cc585c61b626734 (diff) | |
download | freeipa-da71e7e9de233bc0e40a90adb2db6d0944a1356a.tar.gz freeipa-da71e7e9de233bc0e40a90adb2db6d0944a1356a.tar.xz freeipa-da71e7e9de233bc0e40a90adb2db6d0944a1356a.zip |
DNS: Warn if forwarding policy conflicts with automatic empty zones
Forwarding policy "first" or "none" may conflicts with some automatic empty
zones. Queries for zones specified by RFC 6303 will ignore
forwarding and recursion and always result in NXDOMAIN answers.
This is not detected and warned about. Global forwarding is equivalent
to forward zone ".".
Example:
Forward zone 1.10.in-addr.arpa with policy "first"
will not forward anything because BIND will automatically prefer
automatic empty zone "10.in-addr.arpa." which is authoritative.
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipatests/test_xmlrpc')
-rw-r--r-- | ipatests/test_xmlrpc/test_dns_plugin.py | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/ipatests/test_xmlrpc/test_dns_plugin.py b/ipatests/test_xmlrpc/test_dns_plugin.py index 0953de8b5..7351d0b1d 100644 --- a/ipatests/test_xmlrpc/test_dns_plugin.py +++ b/ipatests/test_xmlrpc/test_dns_plugin.py @@ -1763,6 +1763,13 @@ class test_dns(Declarative): 'summary': None, u'messages': ( {u'message': lambda x: x.startswith( + u"Forwarding policy conflicts with some " + "automatic empty zones."), + u'code': 13021, + u'type': u'warning', + u'name': u'DNSForwardPolicyConflictWithEmptyZone', + u'data': {}}, + {u'message': lambda x: x.startswith( u"DNS server %s: query '. SOA':" % fwd_ip), u'code': 13006, u'type':u'warning', @@ -3438,6 +3445,13 @@ class test_forward_zones(Declarative): 'summary': None, u'messages': ( {u'message': lambda x: x.startswith( + u"Forwarding policy conflicts with some " + "automatic empty zones."), + u'code': 13021, + u'type': u'warning', + u'name': u'DNSForwardPolicyConflictWithEmptyZone', + u'data': {}}, + {u'message': lambda x: x.startswith( u"DNS server %s: query '%s SOA':" % (forwarder1, fwzone2)), u'code': 13006, |