[Freeipa-devel] [PATCH 0083] perform an unlimited search for reverse zones when adding DNS records
Petr Spacek
pspacek at redhat.com
Tue Oct 13 07:36:38 UTC 2015
On 12.10.2015 16:35, Martin Babinsky wrote:
> https://fedorahosted.org/freeipa/ticket/5200
> ---
> ipalib/plugins/dns.py | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
> index 84086f4c77d02922f237937d58031cc42d55410e..c36345faecfb9db7abced1c6bd72ddcf93473a74 100644
> --- a/ipalib/plugins/dns.py
> +++ b/ipalib/plugins/dns.py
> @@ -537,7 +537,8 @@ def get_reverse_zone(ipaddr, prefixlen=None):
> if prefixlen is None:
> revzone = None
>
> - result = api.Command['dnszone_find']()['result']
> + result = api.Command['dnszone_find'](sizelimit=0)['result']
> +
NACK, this just increases the limit because LDAP server will enforce a
per-user limit.
> for zone in result:
> zonename = zone['idnsname'][0]
> if (revdns.is_subdomain(zonename.make_absolute()) and
Generic solution should use dns.resolver.zone_for_name() to find DNS zone
matching the reverse name. This should also implicitly cover CNAME/DNAME
redirections per RFC2317.
Using DNS implicitly means that a zone will always be found (at least the root
zone :-). For this reason I would change final error message
> reason=_('DNS reverse zone for IP address %(addr)s not found')
to something like:
reason=_('DNS reverse zone %(zone)s for IP address %(addr)s is not managed
by this server')
These changes should fix it without adding other artificial limitation.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list