[Freeipa-devel] [PATCH] 202 Add reverse DNS record when forward is created

Martin Kosek mkosek at redhat.com
Mon Feb 20 13:34:21 UTC 2012 

On Fri, 2012-02-10 at 16:42 +0100, Martin Kosek wrote:
> On Tue, 2012-02-07 at 16:26 +0100, Martin Kosek wrote:
> > On Mon, 2012-02-06 at 15:56 -0500, Rob Crittenden wrote:
> > > Martin Kosek wrote:
> > > > On Mon, 2012-01-30 at 11:52 -0500, Rob Crittenden wrote:
> > > >> Martin Kosek wrote:
> > > >>> Adding reverse DNS record may be a time consuming task, especially
> > > >>> for IPv6 addresses. Having a way to automatically create a reverse
> > > >>> record when a forward record is created could speed up the process.
> > > >>> host-add command already has this possibility.
> > > >>>
> > > >>> This patch takes advantage of the new per-type API and adds new
> > > >>> options for A/AAAA record types: --a-create-reverse and
> > > >>> --aaaa-create-reverse. These commands can be used to automatically
> > > >>> create reverse records for new A/AAAA addresses (both forward
> > > >>> and reverse zones need to be managed by FreeIPA server):
> > > >>>
> > > >>> ipa dnsrecord-add example.com foo --a-rec=10.0.0.1 --a-create-reverse
> > > >>>
> > > >>> This command would add a new A record to record foo in zone
> > > >>> example.com and a PTR record to appropriate reverse zone for
> > > >>> IP address 10.0.0.1 (for example PTR record 1 in zone
> > > >>> 0.0.10.in-addr.arpa. pointing to foo.example.com.).
> > > >>>
> > > >>> Few modification were done to new DNS API to support this feature:
> > > >>>    - Refactor --ip-address option handling from host-add and place it
> > > >>>      to dns.py to be used by both modules
> > > >>>    - Add support for "extra" per-type options
> > > >>>    - Hide DNS record part options in dnsrecord_find command as they
> > > >>>      have no effect for this command
> > > >>>
> > > >>> https://fedorahosted.org/freeipa/ticket/2009
> > > >>
> > > >> Can the options -a-create-reverse and -aaaa-create-reverse be combined?
> > > >> I was able to create an IPv4 addr using -aaaa-create-reverse:
> > > >>
> > > >> # ipa dnsrecord-add example.com baz --a-rec=192.168.166.115
> > > >> --aaaa-create-reverse
> > > >>     Record name: baz
> > > >>     A record: 192.168.166.115
> > > >>
> > > >> Otherwise the patch seems fine.
> > > >
> > > > These 2 options can be combined, you can add both A and AAAA forward
> > > > records and create records in their reverse records at the same time:
> > > >
> > > > ipa dnsrecord-add example.com bar --a-rec=10.0.0.1 --a-create-reverse
> > > > --aaaa-rec=2001::beef:1 --aaaa-create-reverse
> > > >
> > > > In your case the option --aaaa-create-reverse is ignored as there is no
> > > > AAAA rec added. Thus no AAAA record callback which would create this
> > > > reverse record is called.
> > > >
> > > > We may implement some checks which would throw a validation error when
> > > > --a-create-reverse/--aaaa-create-reverse is called without a respective
> > > > A/AAAA record.
> > > >
> > > > Martin
> > > >
> > > 
> > > Yes, I think that is the way to go, otherwise this is confusing.
> > > 
> > > rob
> > 
> > Now, an exception is thrown if you try to pass --<rrtype>-create-reverse
> > without an appropriate --<rrtype>-rec option filled:
> > 
> > # ipa dnsrecord-add example.com baz --a-rec=192.168.166.115 --aaaa-create-reverse
> > ipa: ERROR: 'aaaarecord' is required
> > 
> > I also refactored pre_callback of dnsrecord-add command a little, I
> > didn't like parsing <rrtype> from parameter name using regexes. Now,
> > every DNS part option has a link to "parent" DNS record stored in hint
> > attribute.
> > 
> > Martin
> 
> Petr Vobornik noticed that reserved IP address passed to --a-rec
> (--aaaa-rec) causes an Internal Error when --a-create-reverse is set at
> the same time:
> 
> # ipa dnsrecord-add example.com foo --aaaa-ip-address=F:F:F:A::12 --aaaa-create-reverse
> ipa: ERROR: an internal error has occurred
> 
> Attached patch fixes it:
> 
> # ipa dnsrecord-add example.com foo --aaaa-ip-address=F:F:F:A::12 --aaaa-create-reverse
> ipa: ERROR: invalid 'aaaarecord': cannot use IANA reserved IP address
> 
> Martin

I rebased the patch for the lastest ipa-2-2 version. There was a
conflict with ssh patches that were pushed recently.

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-202-4-add-reverse-dns-record-when-forward-is-created.patch
Type: text/x-patch
Size: 57523 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120220/3ef83bf7/attachment.bin>

More information about the Freeipa-devel mailing list