[Freeipa-devel] [PATCH 0083] perform an unlimited search for reverse zones when adding DNS records
Martin Babinsky
mbabinsk at redhat.com
Tue Oct 13 11:37:47 UTC 2015
On 10/13/2015 09:36 AM, Petr Spacek wrote:
> On 12.10.2015 16:35, Martin Babinsky wrote:
>> https://fedorahosted.org/freeipa/ticket/5200
>> ---
>> ipalib/plugins/dns.py | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
>> index 84086f4c77d02922f237937d58031cc42d55410e..c36345faecfb9db7abced1c6bd72ddcf93473a74 100644
>> --- a/ipalib/plugins/dns.py
>> +++ b/ipalib/plugins/dns.py
>> @@ -537,7 +537,8 @@ def get_reverse_zone(ipaddr, prefixlen=None):
>> if prefixlen is None:
>> revzone = None
>>
>> - result = api.Command['dnszone_find']()['result']
>> + result = api.Command['dnszone_find'](sizelimit=0)['result']
>> +
>
> NACK, this just increases the limit because LDAP server will enforce a
> per-user limit.
>
>> for zone in result:
>> zonename = zone['idnsname'][0]
>> if (revdns.is_subdomain(zonename.make_absolute()) and
>
> Generic solution should use dns.resolver.zone_for_name() to find DNS zone
> matching the reverse name. This should also implicitly cover CNAME/DNAME
> redirections per RFC2317.
>
> Using DNS implicitly means that a zone will always be found (at least the root
> zone :-). For this reason I would change final error message
>> reason=_('DNS reverse zone for IP address %(addr)s not found')
> to something like:
> reason=_('DNS reverse zone %(zone)s for IP address %(addr)s is not managed
> by this server')
>
>
> These changes should fix it without adding other artificial limitation.
>
Thank you for clarification Petr.
Attaching the reworked patch.
--
Martin^3 Babinsky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0083.1-perform-more-robust-search-for-reverse-zones-when-ad.patch
Type: text/x-patch
Size: 2777 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151013/10b1f1e8/attachment.bin>
More information about the Freeipa-devel
mailing list