[Freeipa-devel] [PATCH] 202 Add reverse DNS record when forward is created

Martin Kosek mkosek at redhat.com
Mon Feb 27 15:53:44 UTC 2012 

On Mon, 2012-02-27 at 10:36 -0500, Rob Crittenden wrote:
> Martin Kosek wrote:
> > On Mon, 2012-02-20 at 14:34 +0100, Martin Kosek wrote:
> >> On Fri, 2012-02-10 at 16:42 +0100, Martin Kosek wrote:
> >>> On Tue, 2012-02-07 at 16:26 +0100, Martin Kosek wrote:
> >>>> On Mon, 2012-02-06 at 15:56 -0500, Rob Crittenden wrote:
> >>>>> Martin Kosek wrote:
> >>>>>> On Mon, 2012-01-30 at 11:52 -0500, Rob Crittenden wrote:
> >>>>>>> Martin Kosek wrote:
> >>>>>>>> Adding reverse DNS record may be a time consuming task, especially
> >>>>>>>> for IPv6 addresses. Having a way to automatically create a reverse
> >>>>>>>> record when a forward record is created could speed up the process.
> >>>>>>>> host-add command already has this possibility.
> >>>>>>>>
> >>>>>>>> This patch takes advantage of the new per-type API and adds new
> >>>>>>>> options for A/AAAA record types: --a-create-reverse and
> >>>>>>>> --aaaa-create-reverse. These commands can be used to automatically
> >>>>>>>> create reverse records for new A/AAAA addresses (both forward
> >>>>>>>> and reverse zones need to be managed by FreeIPA server):
> >>>>>>>>
> >>>>>>>> ipa dnsrecord-add example.com foo --a-rec=10.0.0.1 --a-create-reverse
> >>>>>>>>
> >>>>>>>> This command would add a new A record to record foo in zone
> >>>>>>>> example.com and a PTR record to appropriate reverse zone for
> >>>>>>>> IP address 10.0.0.1 (for example PTR record 1 in zone
> >>>>>>>> 0.0.10.in-addr.arpa. pointing to foo.example.com.).
> >>>>>>>>
> >>>>>>>> Few modification were done to new DNS API to support this feature:
> >>>>>>>>     - Refactor --ip-address option handling from host-add and place it
> >>>>>>>>       to dns.py to be used by both modules
> >>>>>>>>     - Add support for "extra" per-type options
> >>>>>>>>     - Hide DNS record part options in dnsrecord_find command as they
> >>>>>>>>       have no effect for this command
> >>>>>>>>
> >>>>>>>> https://fedorahosted.org/freeipa/ticket/2009
> >>>>>>>
> >>>>>>> Can the options -a-create-reverse and -aaaa-create-reverse be combined?
> >>>>>>> I was able to create an IPv4 addr using -aaaa-create-reverse:
> >>>>>>>
> >>>>>>> # ipa dnsrecord-add example.com baz --a-rec=192.168.166.115
> >>>>>>> --aaaa-create-reverse
> >>>>>>>      Record name: baz
> >>>>>>>      A record: 192.168.166.115
> >>>>>>>
> >>>>>>> Otherwise the patch seems fine.
> >>>>>>
> >>>>>> These 2 options can be combined, you can add both A and AAAA forward
> >>>>>> records and create records in their reverse records at the same time:
> >>>>>>
> >>>>>> ipa dnsrecord-add example.com bar --a-rec=10.0.0.1 --a-create-reverse
> >>>>>> --aaaa-rec=2001::beef:1 --aaaa-create-reverse
> >>>>>>
> >>>>>> In your case the option --aaaa-create-reverse is ignored as there is no
> >>>>>> AAAA rec added. Thus no AAAA record callback which would create this
> >>>>>> reverse record is called.
> >>>>>>
> >>>>>> We may implement some checks which would throw a validation error when
> >>>>>> --a-create-reverse/--aaaa-create-reverse is called without a respective
> >>>>>> A/AAAA record.
> >>>>>>
> >>>>>> Martin
> >>>>>>
> >>>>>
> >>>>> Yes, I think that is the way to go, otherwise this is confusing.
> >>>>>
> >>>>> rob
> >>>>
> >>>> Now, an exception is thrown if you try to pass --<rrtype>-create-reverse
> >>>> without an appropriate --<rrtype>-rec option filled:
> >>>>
> >>>> # ipa dnsrecord-add example.com baz --a-rec=192.168.166.115 --aaaa-create-reverse
> >>>> ipa: ERROR: 'aaaarecord' is required
> >>>>
> >>>> I also refactored pre_callback of dnsrecord-add command a little, I
> >>>> didn't like parsing<rrtype>  from parameter name using regexes. Now,
> >>>> every DNS part option has a link to "parent" DNS record stored in hint
> >>>> attribute.
> >>>>
> >>>> Martin
> >>>
> >>> Petr Vobornik noticed that reserved IP address passed to --a-rec
> >>> (--aaaa-rec) causes an Internal Error when --a-create-reverse is set at
> >>> the same time:
> >>>
> >>> # ipa dnsrecord-add example.com foo --aaaa-ip-address=F:F:F:A::12 --aaaa-create-reverse
> >>> ipa: ERROR: an internal error has occurred
> >>>
> >>> Attached patch fixes it:
> >>>
> >>> # ipa dnsrecord-add example.com foo --aaaa-ip-address=F:F:F:A::12 --aaaa-create-reverse
> >>> ipa: ERROR: invalid 'aaaarecord': cannot use IANA reserved IP address
> >>>
> >>> Martin
> >>
> >> I rebased the patch for the lastest ipa-2-2 version. There was a
> >> conflict with ssh patches that were pushed recently.
> >>
> >> Martin
> >
> > Another rebase to current version (my DNS patches 195-199 were pushed).
> >
> > Martin
> 
> ACK, works for me.
> 
> rob

Pushed to master, ipa-2-2.

Martin

More information about the Freeipa-devel mailing list