[Freeipa-devel] [PATCH 0110] DNS: Warn if forwarding policy conflicts with automatic empty zone
Petr Spacek
pspacek at redhat.com
Fri May 27 12:13:09 UTC 2016
On 25.5.2016 12:30, Martin Basti wrote:
>
>
> On 04.05.2016 10:43, Petr Spacek wrote:
>> Hello,
>>
>> DNS: Warn if forwarding policy conflicts with automatic empty zones
>>
>> Forwarding policy "first" or "none" may conflicts with some automatic empty
>> zones. Queries for zones specified by RFC 6303 will ignore
>> forwarding and recursion and always result in NXDOMAIN answers.
>>
>> This is not detected and warned about. Global forwarding is equivalent
>> to forward zone ".".
>>
>> Example:
>> Forward zone 1.10.in-addr.arpa with policy "first"
>> will not forward anything because BIND will automatically prefer
>> automatic empty zone "10.in-addr.arpa." which is authoritative.
>>
>> https://fedorahosted.org/freeipa/ticket/5710
>>
>>
>> This is last patch in the series so the ticket can be closed when all relevant
>> patches are pushed.
>>
>>
>>
>
>
> You forgot to update tests
>
> _____________________________________________________________________
> test_dns.test_command[0087: dnsconfig_mod: Update global DNS settings]
> ______________________________________________________________________
>
> self = <ipatests.test_xmlrpc.test_dns_plugin.test_dns object at
> 0x7fcef3ef2510>, index = 87
> declarative_test_definition = {'command': ('dnsconfig_mod', [],
> {'idnsforwarders': ['172.16.31.80'], 'version': '2.166'}), 'desc': 'Update
> global DN...arders': ['172.16.31.80']}, 'summary': None, 'value': None},
> 'nice': '0087: dnsconfig_mod: Update global DNS settings'}
>
> def test_command(self, index, declarative_test_definition):
> """Run an individual test
>
> The arguments are provided by the pytest plugin.
> """
> if callable(declarative_test_definition):
> declarative_test_definition(self)
> else:
>> self.check(**declarative_test_definition)
>
> test_xmlrpc/xmlrpc_test.py:313:
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> test_xmlrpc/xmlrpc_test.py:325: in check
> self.check_output(nice, cmd, args, options, expected, extra_check)
> test_xmlrpc/xmlrpc_test.py:368: in check_output
> assert_deepequal(expected, got, nice)
> util.py:361: in assert_deepequal
> assert_deepequal(e_sub, g_sub, doc, stack + (key,))
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>
> expected = [{'code': 13006, 'message': <function <lambda> at 0x7fcef426c758>,
> 'name': 'DNSServerValidationWarning', 'type': 'warning'}]
> got = [{'code': 13021, 'message': "Forwarding policy conflicts with some
> automatic empty zones. Queries for zones specified ...': The DNS operation
> timed out after 10.0008428097 seconds.", 'name': 'DNSServerValidationWarning',
> 'type': 'warning'}]
> doc = '0087: dnsconfig_mod: Update global DNS settings', stack = ('messages',)
>
> def assert_deepequal(expected, got, doc='', stack=tuple()):
> """
> Recursively check for type and equality.
>
> If a value in expected is callable then it will used as a callback to
> test for equality on the got value. The callback is passed the got
> value and returns True if equal, False otherwise.
>
> If the tests fails, it will raise an ``AssertionError`` with detailed
> information, including the path to the offending value. For example:
>
> >>> expected = [u'Hello', dict(world=u'how are you?')]
> >>> got = [u'Hello', dict(world='how are you?')]
> >>> expected == got
> True
> >>> assert_deepequal(expected, got, doc='Testing my nested data')
> Traceback (most recent call last):
> ...
> AssertionError: assert_deepequal: type(expected) is not type(got).
> Testing my nested data
> type(expected) = <type 'unicode'>
> type(got) = <type 'str'>
> expected = u'how are you?'
> got = 'how are you?'
> path = (0, 'world')
>
> Note that lists and tuples are considered equivalent, and the order of
> their elements does not matter.
> """
> if isinstance(expected, tuple):
> expected = list(expected)
> if isinstance(got, tuple):
> got = list(got)
> if isinstance(expected, DN):
> if isinstance(got, six.string_types):
> got = DN(got)
> if not (isinstance(expected, Fuzzy) or callable(expected) or
> type(expected) is type(got)):
> raise AssertionError(
> TYPE % (doc, type(expected), type(got), expected, got, stack)
> )
> if isinstance(expected, (list, tuple)):
> if len(expected) != len(got):
> raise AssertionError(
>> LEN % (doc, len(expected), len(got), expected, got, stack)
> )
> E AssertionError: assert_deepequal: list length mismatch.
> E 0087: dnsconfig_mod: Update global DNS settings
> E len(expected) = 1
> E len(got) = 2
> E expected = [{u'message': <function <lambda> at
> 0x7fcef426c758>, u'code': 13006, u'type': u'warning', u'name':
> u'DNSServerValidationWarning'}]
> E got = [{u'message': u"Forwarding policy conflicts with some
> automatic empty zones. Queries for zones specified by RFC 6303 will ignore
> forwarding and recursion and always result in NXDOMAIN answers. To override
> this behavior use forward policy 'only'.", u'code': 13021, u'type':
> u'warning', u'name': u'DNSForwardPolicyConflictWithEmptyZone'}, {u'message':
> u"DNS server 172.16.31.80: query '. SOA': The DNS operation timed out after
> 10.0008428097 seconds.", u'code': 13006, u'type': u'warning', u'name':
> u'DNSServerValidationWarning'}]
> E path = (u'messages',)
>
> util.py:332: AssertionError
Fixed patch is attached. It depends on newest patches 113-132.
--
Petr^2 Spacek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pspacek-0110-2-DNS-Warn-if-forwarding-policy-conflicts-with-automat.patch
Type: text/x-patch
Size: 6737 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160527/d658dc29/attachment.bin>
More information about the Freeipa-devel
mailing list