diff options
| -rwxr-xr-x | install/tools/ipa-replica-prepare | 4 | ||||
| -rw-r--r-- | ipalib/plugins/dns.py | 25 | ||||
| -rw-r--r-- | ipalib/util.py | 13 | ||||
| -rw-r--r-- | ipaserver/install/bindinstance.py | 61 |
4 files changed, 33 insertions, 70 deletions
diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index 56f132a38..dea52ea1e 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -28,7 +28,7 @@ import krbV from ipapython import ipautil from ipaserver.install import bindinstance, dsinstance, installutils, certs -from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr, dns_container_exists +from ipaserver.install.bindinstance import add_zone, add_fwd_rr, add_ptr_rr, dns_container_exists from ipaserver.install.replication import enable_replication_version_checking from ipaserver.install.installutils import resolve_host, BadHostError, HostLookupError from ipaserver.plugins.ldap2 import ldap2 @@ -466,7 +466,7 @@ def main(): if reverse_zone is not None: print "Using reverse zone %s" % reverse_zone - add_reverse_zone(reverse_zone) + add_zone(reverse_zone) add_ptr_rr(reverse_zone, ip_address, replica_fqdn) try: diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index 8c269c0a0..febd4d17c 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -34,7 +34,7 @@ from ipalib import _, ngettext from ipalib.util import (validate_zonemgr, normalize_zonemgr, validate_hostname, validate_dns_label, validate_domain_name, get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy, - get_reverse_zone_default) + get_reverse_zone_default, zone_is_reverse, REVERSE_DNS_ZONES) from ipapython.ipautil import valid_ip, CheckedIPAddress, is_host_resolvable __doc__ = _(""" @@ -1499,19 +1499,6 @@ _dns_record_options = tuple(__dns_record_options_iter()) _dns_supported_record_types = tuple(record.rrtype for record in _dns_records \ if record.supported) -# dictionary of valid reverse zone -> number of address components -_valid_reverse_zones = { - '.in-addr.arpa.' : 4, - '.ip6.arpa.' : 32, -} - -def zone_is_reverse(zone_name): - for rev_zone_name in _valid_reverse_zones.keys(): - if zone_name.endswith(rev_zone_name): - return True - - return False - def check_ns_rec_resolvable(zone, name): if not name.endswith('.'): # this is a DNS name relative to the zone @@ -1842,7 +1829,7 @@ class dnszone_find(LDAPSearch): assert isinstance(base_dn, DN) if options.get('forward_only', False): search_kw = {} - search_kw['idnsname'] = _valid_reverse_zones.keys() + search_kw['idnsname'] = REVERSE_DNS_ZONES.keys() rev_zone_filter = ldap.make_filter(search_kw, rules=ldap.MATCH_NONE, exact=False, trailing_wildcard=False) filter = ldap.combine_filters((rev_zone_filter, filter), rules=ldap.MATCH_ALL) @@ -2027,14 +2014,14 @@ class dnsrecord(LDAPObject): else: addr = keys[-1] zone_len = 0 - for valid_zone in _valid_reverse_zones: - if zone.find(valid_zone) != -1: + for valid_zone in REVERSE_DNS_ZONES: + if zone.endswith(valid_zone): zone = zone.replace(valid_zone,'') zone_name = valid_zone - zone_len = _valid_reverse_zones[valid_zone] + zone_len = REVERSE_DNS_ZONES[valid_zone] if not zone_len: - allowed_zones = ', '.join(_valid_reverse_zones) + allowed_zones = ', '.join(REVERSE_DNS_ZONES) raise errors.ValidationError(name='ptrrecord', error=unicode(_('Reverse zone for PTR record should be a sub-zone of one the following fully qualified domains: %s') % allowed_zones)) diff --git a/ipalib/util.py b/ipalib/util.py index df8791ba0..53b6c80c5 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -494,6 +494,19 @@ def get_dns_reverse_zone_update_policy(realm, reverse_zone, rrtypes=('PTR',)): return policy +# dictionary of valid reverse zone -> number of address components +REVERSE_DNS_ZONES = { + '.in-addr.arpa.' : 4, + '.ip6.arpa.' : 32, +} + +def zone_is_reverse(zone_name): + zone_name = normalize_zone(zone_name) + if any(zone_name.endswith(name) for name in REVERSE_DNS_ZONES): + return True + + return False + def get_reverse_zone_default(ip_address): ip = netaddr.IPAddress(ip_address) items = ip.reverse_dns.split('.') diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index c2c4a86b4..9f6dca525 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -34,7 +34,7 @@ from ipapython import ipautil from ipalib.parameters import IA5Str from ipalib.util import (validate_zonemgr, normalize_zonemgr, get_dns_forward_zone_update_policy, get_dns_reverse_zone_update_policy, - normalize_zone, get_reverse_zone_default) + normalize_zone, get_reverse_zone_default, zone_is_reverse) from ipapython.ipa_log_manager import * from ipalib.text import _ @@ -252,8 +252,15 @@ def read_reverse_zone(default, ip_address): def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_address=None, update_policy=None): + if zone_is_reverse(name): + # always normalize reverse zones + name = normalize_zone(name) + if update_policy is None: - update_policy = get_dns_forward_zone_update_policy(api.env.realm) + if zone_is_reverse(name): + update_policy = get_dns_reverse_zone_update_policy(api.env.realm, name) + else: + update_policy = get_dns_forward_zone_update_policy(api.env.realm) if zonemgr is None: zonemgr = 'hostmaster.%s' % name @@ -276,13 +283,14 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres else: ns_main = ns_hostname ns_replicas = [] + ns_main = normalize_zone(ns_main) if ns_ip_address is not None: ns_ip_address = unicode(ns_ip_address) try: api.Command.dnszone_add(unicode(name), - idnssoamname=unicode(ns_main+'.'), + idnssoamname=unicode(ns_main), idnssoarname=unicode(zonemgr), ip_address=ns_ip_address, idnsallowdynupdate=True, @@ -296,51 +304,6 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres for hostname in nameservers: add_ns_rr(name, hostname, dns_backup=None, force=True) - -def add_reverse_zone(zone, ns_hostname=None, ns_ip_address=None, - ns_replicas=[], update_policy=None, dns_backup=None): - zone = normalize_zone(zone) - if update_policy is None: - update_policy = get_dns_reverse_zone_update_policy(api.env.realm, zone) - - if ns_hostname is None: - # automatically retrieve list of DNS masters - dns_masters = api.Object.dnsrecord.get_dns_masters() - if not dns_masters: - raise installutils.ScriptError( - "No IPA server with DNS support found!") - ns_main = dns_masters.pop(0) - ns_replicas = dns_masters - addresses = resolve_host(ns_main) - - if len(addresses) > 0: - # use the first address - ns_ip_address = addresses[0] - else: - ns_ip_address = None - else: - ns_main = ns_hostname - ns_replicas = [] - - if ns_ip_address is not None: - ns_ip_address = unicode(ns_ip_address) - - try: - api.Command.dnszone_add(unicode(zone), - idnssoamname=unicode(ns_main+'.'), - idnsallowdynupdate=True, - ip_address=ns_ip_address, - idnsupdatepolicy=unicode(update_policy), - idnsallowquery=u'any', - idnsallowtransfer=u'none',) - except (errors.DuplicateEntry, errors.EmptyModlist): - pass - - nameservers = ns_replicas + [ns_main] - for hostname in nameservers: - add_ns_rr(zone, hostname, dns_backup=None, force=True) - - def add_rr(zone, name, type, rdata, dns_backup=None, **kwargs): addkw = { '%srecord' % str(type.lower()) : unicode(rdata) } addkw.update(kwargs) @@ -639,7 +602,7 @@ class BindInstance(service.Service): add_ptr_rr(self.reverse_zone, self.ip_address, self.fqdn) def __setup_reverse_zone(self): - add_reverse_zone(self.reverse_zone, ns_hostname=api.env.host, + add_zone(self.reverse_zone, self.zonemgr, ns_hostname=api.env.host, ns_ip_address=self.ip_address, dns_backup=self.dns_backup) def __setup_principal(self): |