diff options
| author | Petr Spacek <pspacek@redhat.com> | 2016-03-07 14:37:31 +0100 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2016-04-28 18:46:06 +0200 |
| commit | 51907d5bb8fce9e5358fed50c0ec7074ef7f0c69 (patch) | |
| tree | 2579a2299ac93029092174bf2a95f501ac574bbf /ipaserver | |
| parent | c7ee765c4de086ac92922519d7065fc6b6796f10 (diff) | |
| download | freeipa-51907d5bb8fce9e5358fed50c0ec7074ef7f0c69.tar.gz freeipa-51907d5bb8fce9e5358fed50c0ec7074ef7f0c69.tar.xz freeipa-51907d5bb8fce9e5358fed50c0ec7074ef7f0c69.zip | |
Auto-detect default value for --forward-policy option in installers
Forward policy defaults to 'first' if no IP address belonging to a private
or reserved ranges is detected on local interfaces (RFC 6303).
Defaults to only if a private IP address is detected.
This prevents problems with BIND automatic empty zones because
conflicting zones cannot be disabled unless forwarding policy == only.
https://fedorahosted.org/freeipa/ticket/5710
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver')
| -rw-r--r-- | ipaserver/install/dns.py | 11 | ||||
| -rw-r--r-- | ipaserver/install/server/common.py | 2 |
2 files changed, 12 insertions, 1 deletions
diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py index cae8787a4..ccb7760e3 100644 --- a/ipaserver/install/dns.py +++ b/ipaserver/install/dns.py @@ -259,6 +259,17 @@ def install_check(standalone, api, replica, options, hostname): ip_addresses = get_server_ip_address(hostname, options.unattended, True, options.ip_addresses) + if not options.forward_policy: + # user did not specify policy, derive it: default is 'first' but + # if any of local IP addresses belongs to private ranges use 'only' + options.forward_policy = 'first' + for ip in ip_addresses: + if dnsutil.inside_auto_empty_zone(dnsutil.DNSName(ip.reverse_dns)): + options.forward_policy = 'only' + root_logger.debug('IP address %s belongs to a private range, ' + 'using forward policy only', ip) + break + if options.no_forwarders: options.forwarders = [] elif options.forwarders or options.auto_forwarders: diff --git a/ipaserver/install/server/common.py b/ipaserver/install/server/common.py index 84b176bc8..ecddc6143 100644 --- a/ipaserver/install/server/common.py +++ b/ipaserver/install/server/common.py @@ -170,7 +170,7 @@ class BaseServerDNS(common.Installable, core.Group, core.Composite): ) forward_policy = Knob( - {'only', 'first'}, 'first', + {'only', 'first'}, None, description=("DNS forwarding policy for global forwarders"), ) |