[Freeipa-devel] [PATCH] 202 Add reverse DNS record when forward is created

Rob Crittenden rcritten at redhat.com
Mon Feb 27 15:36:32 UTC 2012 

Martin Kosek wrote:
> On Mon, 2012-02-20 at 14:34 +0100, Martin Kosek wrote:
>> On Fri, 2012-02-10 at 16:42 +0100, Martin Kosek wrote:
>>> On Tue, 2012-02-07 at 16:26 +0100, Martin Kosek wrote:
>>>> On Mon, 2012-02-06 at 15:56 -0500, Rob Crittenden wrote:
>>>>> Martin Kosek wrote:
>>>>>> On Mon, 2012-01-30 at 11:52 -0500, Rob Crittenden wrote:
>>>>>>> Martin Kosek wrote:
>>>>>>>> Adding reverse DNS record may be a time consuming task, especially
>>>>>>>> for IPv6 addresses. Having a way to automatically create a reverse
>>>>>>>> record when a forward record is created could speed up the process.
>>>>>>>> host-add command already has this possibility.
>>>>>>>>
>>>>>>>> This patch takes advantage of the new per-type API and adds new
>>>>>>>> options for A/AAAA record types: --a-create-reverse and
>>>>>>>> --aaaa-create-reverse. These commands can be used to automatically
>>>>>>>> create reverse records for new A/AAAA addresses (both forward
>>>>>>>> and reverse zones need to be managed by FreeIPA server):
>>>>>>>>
>>>>>>>> ipa dnsrecord-add example.com foo --a-rec=10.0.0.1 --a-create-reverse
>>>>>>>>
>>>>>>>> This command would add a new A record to record foo in zone
>>>>>>>> example.com and a PTR record to appropriate reverse zone for
>>>>>>>> IP address 10.0.0.1 (for example PTR record 1 in zone
>>>>>>>> 0.0.10.in-addr.arpa. pointing to foo.example.com.).
>>>>>>>>
>>>>>>>> Few modification were done to new DNS API to support this feature:
>>>>>>>>     - Refactor --ip-address option handling from host-add and place it
>>>>>>>>       to dns.py to be used by both modules
>>>>>>>>     - Add support for "extra" per-type options
>>>>>>>>     - Hide DNS record part options in dnsrecord_find command as they
>>>>>>>>       have no effect for this command
>>>>>>>>
>>>>>>>> https://fedorahosted.org/freeipa/ticket/2009
>>>>>>>
>>>>>>> Can the options -a-create-reverse and -aaaa-create-reverse be combined?
>>>>>>> I was able to create an IPv4 addr using -aaaa-create-reverse:
>>>>>>>
>>>>>>> # ipa dnsrecord-add example.com baz --a-rec=192.168.166.115
>>>>>>> --aaaa-create-reverse
>>>>>>>      Record name: baz
>>>>>>>      A record: 192.168.166.115
>>>>>>>
>>>>>>> Otherwise the patch seems fine.
>>>>>>
>>>>>> These 2 options can be combined, you can add both A and AAAA forward
>>>>>> records and create records in their reverse records at the same time:
>>>>>>
>>>>>> ipa dnsrecord-add example.com bar --a-rec=10.0.0.1 --a-create-reverse
>>>>>> --aaaa-rec=2001::beef:1 --aaaa-create-reverse
>>>>>>
>>>>>> In your case the option --aaaa-create-reverse is ignored as there is no
>>>>>> AAAA rec added. Thus no AAAA record callback which would create this
>>>>>> reverse record is called.
>>>>>>
>>>>>> We may implement some checks which would throw a validation error when
>>>>>> --a-create-reverse/--aaaa-create-reverse is called without a respective
>>>>>> A/AAAA record.
>>>>>>
>>>>>> Martin
>>>>>>
>>>>>
>>>>> Yes, I think that is the way to go, otherwise this is confusing.
>>>>>
>>>>> rob
>>>>
>>>> Now, an exception is thrown if you try to pass --<rrtype>-create-reverse
>>>> without an appropriate --<rrtype>-rec option filled:
>>>>
>>>> # ipa dnsrecord-add example.com baz --a-rec=192.168.166.115 --aaaa-create-reverse
>>>> ipa: ERROR: 'aaaarecord' is required
>>>>
>>>> I also refactored pre_callback of dnsrecord-add command a little, I
>>>> didn't like parsing<rrtype>  from parameter name using regexes. Now,
>>>> every DNS part option has a link to "parent" DNS record stored in hint
>>>> attribute.
>>>>
>>>> Martin
>>>
>>> Petr Vobornik noticed that reserved IP address passed to --a-rec
>>> (--aaaa-rec) causes an Internal Error when --a-create-reverse is set at
>>> the same time:
>>>
>>> # ipa dnsrecord-add example.com foo --aaaa-ip-address=F:F:F:A::12 --aaaa-create-reverse
>>> ipa: ERROR: an internal error has occurred
>>>
>>> Attached patch fixes it:
>>>
>>> # ipa dnsrecord-add example.com foo --aaaa-ip-address=F:F:F:A::12 --aaaa-create-reverse
>>> ipa: ERROR: invalid 'aaaarecord': cannot use IANA reserved IP address
>>>
>>> Martin
>>
>> I rebased the patch for the lastest ipa-2-2 version. There was a
>> conflict with ssh patches that were pushed recently.
>>
>> Martin
>
> Another rebase to current version (my DNS patches 195-199 were pushed).
>
> Martin

ACK, works for me.

rob

More information about the Freeipa-devel mailing list