Add DNS conditional forwarding

Add ability configure per-zone forwarder for DNS zones. Any data in such zone will then be considered as non-authoritative and all queries will be sent to specified forwarder. https://fedorahosted.org/freeipa/ticket/2108
author: Martin Kosek <mkosek@redhat.com> 2012-02-14 11:10:22 +0100
committer: Martin Kosek <mkosek@redhat.com> 2012-02-24 09:40:47 +0100
commit: 210d913eb19ee24e4a271fab8746e4ca5234c3d6 (patch)
tree: 08bc53542f2d3d378e15218e4d1a6b5d96d110d4 /ipalib/plugins/dns.py
parent: 860579022532ee4133fc74e8f916cb40dc3ea239 (diff)
download: freeipa-210d913eb19ee24e4a271fab8746e4ca5234c3d6.tar.gz
freeipa-210d913eb19ee24e4a271fab8746e4ca5234c3d6.tar.xz
freeipa-210d913eb19ee24e4a271fab8746e4ca5234c3d6.zip
1 files changed, 21 insertions, 1 deletions
diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 0b54aae04..79e7407af 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -144,6 +144,13 @@ EXAMPLES:
  Show records for resource www in zone example.com
    ipa dnsrecord-show example.com www
 
+ Forward all request for a zone external.com to another nameserver using
+ a "first" policy (it will send the queries to the selected forwarder and if
+ not answered it will use global resolvers):
+   ipa dnszone-add external.com
+   ipa dnszone-mod external.com --forwarder=10.20.0.1 \\
+                                --forward-policy=first
+
  Delete zone example.com with all resource records:
    ipa dnszone-del example.com
 
@@ -1215,7 +1222,8 @@ class dnszone(LDAPObject):
     default_attributes = [
         'idnsname', 'idnszoneactive', 'idnssoamname', 'idnssoarname',
         'idnssoaserial', 'idnssoarefresh', 'idnssoaretry', 'idnssoaexpire',
-        'idnssoaminimum', 'idnsallowquery', 'idnsallowtransfer'
+        'idnssoaminimum', 'idnsallowquery', 'idnsallowtransfer',
+        'idnsforwarders', 'idnsforwardpolicy'
     ] + _record_attributes
     label = _('DNS Zones')
     label_singular = _('DNS Zone')
@@ -1337,6 +1345,18 @@ class dnszone(LDAPObject):
             default=u'none;',  # no one can issue queries by default
             autofill=True,
         ),
+        Str('idnsforwarders*',
+            _validate_ipaddr,
+            cli_name='forwarder',
+            label=_('Zone forwarders'),
+            doc=_('A list of zone forwarders'),
+            csv=True,
+        ),
+        StrEnum('idnsforwardpolicy?',
+            cli_name='forward_policy',
+            label=_('Forward policy'),
+            values=(u'only', u'first',),
+        ),
     )
 
 api.register(dnszone)
author	Martin Kosek <mkosek@redhat.com>	2012-02-14 11:10:22 +0100
committer	Martin Kosek <mkosek@redhat.com>	2012-02-24 09:40:47 +0100
commit	210d913eb19ee24e4a271fab8746e4ca5234c3d6 (patch)
tree	08bc53542f2d3d378e15218e4d1a6b5d96d110d4 /ipalib/plugins/dns.py
parent	860579022532ee4133fc74e8f916cb40dc3ea239 (diff)
download	freeipa-210d913eb19ee24e4a271fab8746e4ca5234c3d6.tar.gz freeipa-210d913eb19ee24e4a271fab8746e4ca5234c3d6.tar.xz freeipa-210d913eb19ee24e4a271fab8746e4ca5234c3d6.zip