From 9aa6124b39267148c4c1b9a8ee4209fb859b9c42 Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Wed, 22 Apr 2015 15:29:21 +0200
Subject: DNSSEC: Improve global forwarders validation

Validation now provides more detailed information and less false
positives failures.

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
---
 ipalib/messages.py | 23 +++++++++++++++++++----
 1 file changed, 19 insertions(+), 4 deletions(-)

(limited to 'ipalib/messages.py')

diff --git a/ipalib/messages.py b/ipalib/messages.py
index b44beca72..236b683b3 100644
--- a/ipalib/messages.py
+++ b/ipalib/messages.py
@@ -179,14 +179,14 @@ class OptionSemanticChangedWarning(PublicMessage):
                u"%(hint)s")
 
 
-class DNSServerNotRespondingWarning(PublicMessage):
+class DNSServerValidationWarning(PublicMessage):
     """
-    **13006**  Used when a DNS server is not responding to queries
+    **13006**  Used when a DNS server is not to able to resolve query
     """
 
     errno = 13006
     type = "warning"
-    format = _(u"DNS server %(server)s not responding.")
+    format = _(u"DNS server %(server)s: %(error)s.")
 
 
 class DNSServerDoesNotSupportDNSSECWarning(PublicMessage):
@@ -196,10 +196,11 @@ class DNSServerDoesNotSupportDNSSECWarning(PublicMessage):
 
     errno = 13007
     type = "warning"
-    format = _(u"DNS server %(server)s does not support DNSSEC. "
+    format = _(u"DNS server %(server)s does not support DNSSEC: %(error)s.\n"
                u"If DNSSEC validation is enabled on IPA server(s), "
                u"please disable it.")
 
+
 class ForwardzoneIsNotEffectiveWarning(PublicMessage):
     """
     **13008** Forwardzone is not effective, forwarding will not work because
@@ -214,6 +215,20 @@ class ForwardzoneIsNotEffectiveWarning(PublicMessage):
                u"\"%(ns_rec)s\" to parent zone \"%(authzone)s\".")
 
 
+class DNSServerDoesNotSupportEDNS0Warning(PublicMessage):
+    """
+    **13009** Used when a DNS server does not support EDNS0, required for
+    DNSSEC support
+    """
+
+    errno = 13009
+    type = "warning"
+    format = _(u"DNS server %(server)s does not support EDNS0 (RFC 6891): "
+               u"%(error)s.\n"
+               u"If DNSSEC validation is enabled on IPA server(s), "
+               u"please disable it.")
+
+
 def iter_messages(variables, base):
     """Return a tuple with all subclasses
     """
-- 
cgit