6 files changed, 44 insertions, 42 deletions

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 51f5099b7..72be52469 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -64,7 +64,8 @@ from ipalib.util import (normalize_zonemgr,
                          validate_dnssec_zone_forwarder_step2,
                          verify_host_resolvable)
 from ipapython.dn import DN
-from ipapython.ipautil import CheckedIPAddress, check_zone_overlap
+from ipapython.ipautil import CheckedIPAddress
+from ipapython.dnsutil import check_zone_overlap
 from ipapython.dnsutil import DNSName
 from ipapython.dnsutil import related_to_auto_empty_zone
 
diff --git a/ipapython/dnsutil.py b/ipapython/dnsutil.py
index 240b7c9cd..6287e3eef 100644
--- a/ipapython/dnsutil.py
+++ b/ipapython/dnsutil.py
@@ -19,6 +19,7 @@
 
 import dns.name
 import dns.exception
+import dns.resolver
 import copy
 
 import six
@@ -228,3 +229,37 @@ def inside_auto_empty_zone(name):
         if name.is_subdomain(aez):
             return True
     return False
+
+
+def check_zone_overlap(zone, raise_on_error=True):
+    root_logger.info("Checking DNS domain %s, please wait ..." % zone)
+    if not isinstance(zone, DNSName):
+        zone = DNSName(zone).make_absolute()
+
+    # automatic empty zones always exist so checking them is pointless,
+    # do not report them to avoid meaningless error messages
+    if is_auto_empty_zone(zone):
+        return
+
+    try:
+        containing_zone = dns.resolver.zone_for_name(zone)
+    except dns.exception.DNSException as e:
+        msg = ("DNS check for domain %s failed: %s." % (zone, e))
+        if raise_on_error:
+            raise ValueError(msg)
+        else:
+            root_logger.warning(msg)
+            return
+
+    if containing_zone == zone:
+        try:
+            ns = [ans.to_text() for ans in dns.resolver.query(zone, 'NS')]
+        except dns.exception.DNSException as e:
+            root_logger.debug("Failed to resolve nameserver(s) for domain"
+                              " {0}: {1}".format(zone, e))
+            ns = []
+
+        msg = u"DNS zone {0} already exists in DNS".format(zone)
+        if ns:
+            msg += u" and is handled by server(s): {0}".format(', '.join(ns))
+        raise ValueError(msg)
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index d4c8e8b82..34e05d366 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -53,7 +53,6 @@ from ipapython.ipa_log_manager import root_logger
 from ipapython import config
 from ipaplatform.paths import paths
 from ipapython.dn import DN
-from ipapython.dnsutil import DNSName, is_auto_empty_zone
 
 SHARE_DIR = paths.USR_SHARE_IPA_DIR
 PLUGINS_SHARE_DIR = paths.IPA_PLUGINS
@@ -1018,40 +1017,6 @@ def reverse_record_exists(ip_address):
     return True
 
 
-def check_zone_overlap(zone, raise_on_error=True):
-    root_logger.info("Checking DNS domain %s, please wait ..." % zone)
-    if not isinstance(zone, DNSName):
-        zone = DNSName(zone).make_absolute()
-
-    # automatic empty zones always exist so checking them is pointless,
-    # do not report them to avoid meaningless error messages
-    if is_auto_empty_zone(zone):
-        return
-
-    try:
-        containing_zone = resolver.zone_for_name(zone)
-    except DNSException as e:
-        msg = ("DNS check for domain %s failed: %s." % (zone, e))
-        if raise_on_error:
-            raise ValueError(msg)
-        else:
-            root_logger.warning(msg)
-            return
-
-    if containing_zone == zone:
-        try:
-            ns = [ans.to_text() for ans in resolver.query(zone, 'NS')]
-        except DNSException as e:
-            root_logger.debug("Failed to resolve nameserver(s) for domain"
-                              " {0}: {1}".format(zone, e))
-            ns = []
-
-        msg = u"DNS zone {0} already exists in DNS".format(zone)
-        if ns:
-            msg += u" and is handled by server(s): {0}".format(', '.join(ns))
-        raise ValueError(msg)
-
-
 def config_replace_variables(filepath, replacevars=dict(), appendvars=dict()):
     """
     Take a key=value based configuration file, and write new version
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 0cc8d2589..0a988562f 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -34,6 +34,7 @@ from ipaserver.install import installutils
 from ipaserver.install import service
 from ipaserver.install.cainstance import IPA_CA_RECORD
 from ipapython import sysrestore, ipautil, ipaldap
+from ipapython import dnsutil
 from ipapython.ipa_log_manager import root_logger
 from ipapython.dn import DN
 import ipalib
@@ -293,7 +294,7 @@ def read_reverse_zone(default, ip_address, allow_zone_overlap=False):
             continue
         if not allow_zone_overlap:
             try:
-                ipautil.check_zone_overlap(zone, raise_on_error=False)
+                dnsutil.check_zone_overlap(zone, raise_on_error=False)
             except ValueError as e:
                 root_logger.error("Reverse zone %s will not be used: %s"
                                   % (zone, e))
@@ -313,7 +314,7 @@ def get_auto_reverse_zones(ip_addresses):
             continue
         default_reverse = get_reverse_zone_default(ip)
         try:
-            ipautil.check_zone_overlap(default_reverse)
+            dnsutil.check_zone_overlap(default_reverse)
         except ValueError:
             root_logger.info("Reverse zone %s for IP address %s already exists"
                              % (default_reverse, ip))
@@ -460,7 +461,7 @@ def check_reverse_zones(ip_addresses, reverse_zones, options, unattended,
         # isn't the zone managed by someone else
         if not options.allow_zone_overlap:
             try:
-                ipautil.check_zone_overlap(rz)
+                dnsutil.check_zone_overlap(rz)
             except ValueError as e:
                 msg = "Reverse zone %s will not be used: %s" % (rz, e)
                 if unattended:
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
index ccb7760e3..0fb869a7b 100644
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@@ -118,7 +118,7 @@ def install_check(standalone, api, replica, options, hostname):
         domain = dnsutil.DNSName(util.normalize_zone(api.env.domain))
         print("Checking DNS domain %s, please wait ..." % domain)
         try:
-            ipautil.check_zone_overlap(domain, raise_on_error=False)
+            dnsutil.check_zone_overlap(domain, raise_on_error=False)
         except ValueError as e:
             if options.force or options.allow_zone_overlap:
                 root_logger.warning("%s Please make sure that the domain is "
@@ -129,7 +129,7 @@ def install_check(standalone, api, replica, options, hostname):
 
     for reverse_zone in options.reverse_zones:
         try:
-            ipautil.check_zone_overlap(reverse_zone)
+            dnsutil.check_zone_overlap(reverse_zone)
         except ValueError as e:
             if options.force or options.allow_zone_overlap:
                 root_logger.warning(e.message)
diff --git a/ipaserver/install/server/common.py b/ipaserver/install/server/common.py
index ecddc6143..45fb2dc17 100644
--- a/ipaserver/install/server/common.py
+++ b/ipaserver/install/server/common.py
@@ -14,7 +14,7 @@ from ipapython.install import common, core
 from ipapython.install.core import Knob
 from ipalib.util import validate_domain_name
 from ipaserver.install import bindinstance
-from ipapython.ipautil import check_zone_overlap
+from ipapython.dnsutil import check_zone_overlap
 
 if six.PY3:
     unicode = str