diff options
-rw-r--r-- | ipalib/plugins/dns.py | 3 | ||||
-rw-r--r-- | ipapython/dnsutil.py | 35 | ||||
-rw-r--r-- | ipapython/ipautil.py | 35 | ||||
-rw-r--r-- | ipaserver/install/bindinstance.py | 7 | ||||
-rw-r--r-- | ipaserver/install/dns.py | 4 | ||||
-rw-r--r-- | ipaserver/install/server/common.py | 2 |
6 files changed, 44 insertions, 42 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 51f5099b7..72be52469 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -64,7 +64,8 @@ from ipalib.util import (normalize_zonemgr, validate_dnssec_zone_forwarder_step2, verify_host_resolvable) from ipapython.dn import DN -from ipapython.ipautil import CheckedIPAddress, check_zone_overlap +from ipapython.ipautil import CheckedIPAddress +from ipapython.dnsutil import check_zone_overlap from ipapython.dnsutil import DNSName from ipapython.dnsutil import related_to_auto_empty_zone diff --git a/ipapython/dnsutil.py b/ipapython/dnsutil.py index 240b7c9cd..6287e3eef 100644 --- a/ipapython/dnsutil.py +++ b/ipapython/dnsutil.py @@ -19,6 +19,7 @@ import dns.name import dns.exception +import dns.resolver import copy import six @@ -228,3 +229,37 @@ def inside_auto_empty_zone(name): if name.is_subdomain(aez): return True return False + + +def check_zone_overlap(zone, raise_on_error=True): + root_logger.info("Checking DNS domain %s, please wait ..." % zone) + if not isinstance(zone, DNSName): + zone = DNSName(zone).make_absolute() + + # automatic empty zones always exist so checking them is pointless, + # do not report them to avoid meaningless error messages + if is_auto_empty_zone(zone): + return + + try: + containing_zone = dns.resolver.zone_for_name(zone) + except dns.exception.DNSException as e: + msg = ("DNS check for domain %s failed: %s." % (zone, e)) + if raise_on_error: + raise ValueError(msg) + else: + root_logger.warning(msg) + return + + if containing_zone == zone: + try: + ns = [ans.to_text() for ans in dns.resolver.query(zone, 'NS')] + except dns.exception.DNSException as e: + root_logger.debug("Failed to resolve nameserver(s) for domain" + " {0}: {1}".format(zone, e)) + ns = [] + + msg = u"DNS zone {0} already exists in DNS".format(zone) + if ns: + msg += u" and is handled by server(s): {0}".format(', '.join(ns)) + raise ValueError(msg) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index d4c8e8b82..34e05d366 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -53,7 +53,6 @@ from ipapython.ipa_log_manager import root_logger from ipapython import config from ipaplatform.paths import paths from ipapython.dn import DN -from ipapython.dnsutil import DNSName, is_auto_empty_zone SHARE_DIR = paths.USR_SHARE_IPA_DIR PLUGINS_SHARE_DIR = paths.IPA_PLUGINS @@ -1018,40 +1017,6 @@ def reverse_record_exists(ip_address): return True -def check_zone_overlap(zone, raise_on_error=True): - root_logger.info("Checking DNS domain %s, please wait ..." % zone) - if not isinstance(zone, DNSName): - zone = DNSName(zone).make_absolute() - - # automatic empty zones always exist so checking them is pointless, - # do not report them to avoid meaningless error messages - if is_auto_empty_zone(zone): - return - - try: - containing_zone = resolver.zone_for_name(zone) - except DNSException as e: - msg = ("DNS check for domain %s failed: %s." % (zone, e)) - if raise_on_error: - raise ValueError(msg) - else: - root_logger.warning(msg) - return - - if containing_zone == zone: - try: - ns = [ans.to_text() for ans in resolver.query(zone, 'NS')] - except DNSException as e: - root_logger.debug("Failed to resolve nameserver(s) for domain" - " {0}: {1}".format(zone, e)) - ns = [] - - msg = u"DNS zone {0} already exists in DNS".format(zone) - if ns: - msg += u" and is handled by server(s): {0}".format(', '.join(ns)) - raise ValueError(msg) - - def config_replace_variables(filepath, replacevars=dict(), appendvars=dict()): """ Take a key=value based configuration file, and write new version diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 0cc8d2589..0a988562f 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -34,6 +34,7 @@ from ipaserver.install import installutils from ipaserver.install import service from ipaserver.install.cainstance import IPA_CA_RECORD from ipapython import sysrestore, ipautil, ipaldap +from ipapython import dnsutil from ipapython.ipa_log_manager import root_logger from ipapython.dn import DN import ipalib @@ -293,7 +294,7 @@ def read_reverse_zone(default, ip_address, allow_zone_overlap=False): continue if not allow_zone_overlap: try: - ipautil.check_zone_overlap(zone, raise_on_error=False) + dnsutil.check_zone_overlap(zone, raise_on_error=False) except ValueError as e: root_logger.error("Reverse zone %s will not be used: %s" % (zone, e)) @@ -313,7 +314,7 @@ def get_auto_reverse_zones(ip_addresses): continue default_reverse = get_reverse_zone_default(ip) try: - ipautil.check_zone_overlap(default_reverse) + dnsutil.check_zone_overlap(default_reverse) except ValueError: root_logger.info("Reverse zone %s for IP address %s already exists" % (default_reverse, ip)) @@ -460,7 +461,7 @@ def check_reverse_zones(ip_addresses, reverse_zones, options, unattended, # isn't the zone managed by someone else if not options.allow_zone_overlap: try: - ipautil.check_zone_overlap(rz) + dnsutil.check_zone_overlap(rz) except ValueError as e: msg = "Reverse zone %s will not be used: %s" % (rz, e) if unattended: diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index ccb7760e3..0fb869a7b 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -118,7 +118,7 @@ def install_check(standalone, api, replica, options, hostname): domain = dnsutil.DNSName(util.normalize_zone(api.env.domain)) print("Checking DNS domain %s, please wait ..." % domain) try: - ipautil.check_zone_overlap(domain, raise_on_error=False) + dnsutil.check_zone_overlap(domain, raise_on_error=False) except ValueError as e: if options.force or options.allow_zone_overlap: root_logger.warning("%s Please make sure that the domain is " @@ -129,7 +129,7 @@ def install_check(standalone, api, replica, options, hostname): for reverse_zone in options.reverse_zones: try: - ipautil.check_zone_overlap(reverse_zone) + dnsutil.check_zone_overlap(reverse_zone) except ValueError as e: if options.force or options.allow_zone_overlap: root_logger.warning(e.message) diff --git a/ipaserver/install/server/common.py b/ipaserver/install/server/common.py index ecddc6143..45fb2dc17 100644 --- a/ipaserver/install/server/common.py +++ b/ipaserver/install/server/common.py @@ -14,7 +14,7 @@ from ipapython.install import common, core from ipapython.install.core import Knob from ipalib.util import validate_domain_name from ipaserver.install import bindinstance -from ipapython.ipautil import check_zone_overlap +from ipapython.dnsutil import check_zone_overlap if six.PY3: unicode = str |