From e45a80308c947a58c0fb5266d75eedc1d9aef321 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspacek@redhat.com>
Date: Wed, 27 Apr 2016 15:24:01 +0200
Subject: DNS upgrade: change global forwarding policy in LDAP to "only" if
 private IPs are used

This change is necessary to override automatic empty zone configuration
in latest BIND and bind-dyndb-ldap 9.0+.

This procedure is still not complete because we need to handle global
forwarders in named.conf too (independently on each server).

https://fedorahosted.org/freeipa/ticket/5710

Reviewed-By: Martin Basti <mbasti@redhat.com>
---
 ipapython/dnsutil.py | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'ipapython')

diff --git a/ipapython/dnsutil.py b/ipapython/dnsutil.py
index 98fcc1bfc..f68d3c410 100644
--- a/ipapython/dnsutil.py
+++ b/ipapython/dnsutil.py
@@ -264,6 +264,24 @@ def related_to_auto_empty_zone(name):
                for aez in EMPTY_ZONES)
 
 
+def has_empty_zone_addresses(hostname):
+    """Detect if given host is using IP address belonging to
+    an automatic empty zone.
+
+    Information from --ip-address option used in installed is lost by
+    the time when upgrade is run. Use IP addresses from DNS as best
+    approximation.
+
+    This is brain-dead and duplicates logic from DNS installer
+    but I did not find other way around.
+    """
+    ip_addresses = resolve_ip_addresses(hostname)
+    return any(
+        inside_auto_empty_zone(DNSName(ip.reverse_dns))
+        for ip in ip_addresses
+    )
+
+
 def resolve_rrsets(fqdn, rdtypes):
     """
     Get Resource Record sets for given FQDN.
-- 
cgit