DNS upgrade: change global forwarding policy in named.conf to "only" if private IPs are used

This change is necessary to override automatic empty zone configuration
in latest BIND and bind-dyndb-ldap 9.0+.

This upgrade has to be done on each IPA DNS server independently.

https://fedorahosted.org/freeipa/ticket/5710

Reviewed-By: Martin Basti <mbasti@redhat.com>

1 files changed, 4 insertions, 3 deletions

diff --git a/ipaserver/install/plugins/dns.py b/ipaserver/install/plugins/dns.py
index 3c1d4e9a4..d2a9bd8f8 100644
--- a/ipaserver/install/plugins/dns.py
+++ b/ipaserver/install/plugins/dns.py
@@ -267,7 +267,8 @@ class update_master_to_dnsforwardzones(DNSUpdater):
     than none, will be tranformed to forward zones.
     Original masters zone will be backed up to ldif file.
 
-    This should be applied only once, and only if original version was lower than 4.0
+    This should be applied only once,
+    and only if original version was lower than 4.0
     """
     backup_filename = u'dns-master-to-forward-zones-%Y-%m-%d-%H-%M-%S.ldif'
 
@@ -480,8 +481,8 @@ class update_dnsforward_emptyzones(DNSUpdater):
             # forwardzones already use new semantics, no upgrade is required
             return False, []
 
-        self.log.debug('Updating forwarding policies to avoid conflicts '
-                       'with automatic empty zones')
+        self.log.debug('Updating forwarding policies in LDAP '
+                       'to avoid conflicts with automatic empty zones')
         # update the DNSVersion, following upgrade can be executed only once
         self.api.Command['dnsconfig_mod'](ipadnsversion=2)