diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2015-10-12 16:24:50 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2015-10-22 18:36:17 +0200 |
| commit | c43dce3a61e17791cc31f45498bae2d52edcf969 (patch) | |
| tree | 1a3376c39705d44c166f7238809afaf7ccf3b301 /ipalib | |
| parent | 6417931a9fd319166d1827d886843a4abb5c4820 (diff) | |
| download | freeipa-c43dce3a61e17791cc31f45498bae2d52edcf969.tar.gz freeipa-c43dce3a61e17791cc31f45498bae2d52edcf969.tar.xz freeipa-c43dce3a61e17791cc31f45498bae2d52edcf969.zip | |
always ask the resolver for the reverse zone when manipulating PTR records
Instead of searching for all zones to identify the correct reverse zone, we
will first ask the resolver to return the name of zone that should contain the
desired record and then see if IPA manages this zone.
This patch also removes a duplicate function in bindinstance.py that is not
used anywhere.
https://fedorahosted.org/freeipa/ticket/5200
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/plugins/dns.py | 51 |
1 files changed, 18 insertions, 33 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index aefdedca6..ef282c946 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -530,35 +530,26 @@ def add_forward_record(zone, name, str_address): except errors.EmptyModlist: pass # the entry already exists and matches -def get_reverse_zone(ipaddr, prefixlen=None): +def get_reverse_zone(ipaddr): + """ + resolve the reverse zone for IP address and see if it is managed by IPA + server + :param ipaddr: host IP address + :return: tuple containing name of the reverse zone and the name of the + record + """ ip = netaddr.IPAddress(str(ipaddr)) revdns = DNSName(unicode(ip.reverse_dns)) + revzone = DNSName(dns.resolver.zone_for_name(revdns)) - if prefixlen is None: - revzone = None - - result = api.Command['dnszone_find']()['result'] - for zone in result: - zonename = zone['idnsname'][0] - if (revdns.is_subdomain(zonename.make_absolute()) and - (revzone is None or zonename.is_subdomain(revzone))): - revzone = zonename - else: - if ip.version == 4: - pos = 4 - prefixlen / 8 - elif ip.version == 6: - pos = 32 - prefixlen / 4 - items = ip.reverse_dns.split('.') - revzone = DNSName(items[pos:]) - - try: - api.Command['dnszone_show'](revzone) - except errors.NotFound: - revzone = None - - if revzone is None: + try: + api.Command['dnszone_show'](revzone) + except errors.NotFound: raise errors.NotFound( - reason=_('DNS reverse zone for IP address %(addr)s not found') % dict(addr=ipaddr) + reason=_( + 'DNS reverse zone %(revzone)s for IP address ' + '%(addr)s is not managed by this server') % dict( + addr=ipaddr, revzone=revzone) ) revname = revdns.relativize(revzone) @@ -592,11 +583,8 @@ def add_records_for_host_validation(option_name, host, domain, ip_addresses, che if check_reverse: try: - prefixlen = None - if not ip.defaultnet: - prefixlen = ip.prefixlen # we prefer lookup of the IP through the reverse zone - revzone, revname = get_reverse_zone(ip, prefixlen) + revzone, revname = get_reverse_zone(ip) reverse = api.Command['dnsrecord_find'](revzone, idnsname=revname) if reverse['count'] > 0: raise errors.DuplicateEntry( @@ -621,10 +609,7 @@ def add_records_for_host(host, domain, ip_addresses, add_forward=True, add_rever if add_reverse: try: - prefixlen = None - if not ip.defaultnet: - prefixlen = ip.prefixlen - revzone, revname = get_reverse_zone(ip, prefixlen) + revzone, revname = get_reverse_zone(ip) addkw = {'ptrrecord': host.derelativize(domain).ToASCII()} api.Command['dnsrecord_add'](revzone, revname, **addkw) except errors.EmptyModlist: |