[Freeipa-devel] [PATCH] 328 Process relative nameserver DNS record correctly

Martin Kosek mkosek at redhat.com
Fri Nov 2 16:16:47 UTC 2012 

On 11/02/2012 04:35 PM, Rob Crittenden wrote:
> Martin Kosek wrote:
>> On 10/25/2012 04:01 PM, Martin Kosek wrote:
>>> Nameserver hostname passed to dnszone_add command was always treated
>>> as FQDN even though it was a relative DNS name to the new zone. All
>>> relative names were being rejected as unresolvable.
>>>
>>> Modify --name-server option processing in dnszone_add and dnszone_mod
>>> to respect FQDN/relative DNS name and do the checks accordingly. With
>>> this change, user can add a new zone "example.com" and let dnszone_add
>>> to create NS record "ns" in it, when supplied with its IP address. IP
>>> address check is more strict so that it is not entered when no forward
>>> record is created. Places misusing the option were fixed.
>>>
>>> Nameserver option now also accepts zone name, which means that NS and A
>>> record is placed to DNS zone itself. Also "@" is accepted as a nameserver
>>> name, BIND understand it also as a zone name. As a side-effect of this
>>> change, other records with hostname part (MX, KX, NS, SRV) accept "@"
>>> as valid hostname. BIND replaces it with respective zone name as well.
>>>
>>> Unit tests were updated to test the new format.
>>>
>>> https://fedorahosted.org/freeipa/ticket/3204
>>>
>>> ---
>>>
>>> With this change, use cases like the following should now work as expected:
>>>
>>> # ipa dnszone-add example.com --name-server ns --ip-address 10.0.0.1
>>>
>>> # ipa dnszone-add example.com --name-server ns.example.com. --ip-address
>>> 10.0.0.1
>>>
>>> # ipa dnszone-add example.com --name-server ns.other.zone. --ip-address
>>> 10.0.0.1
>>>
>>> # ipa dnszone-add example.com --name-server example.com. --ip-address 10.0.0.1
>>>
>>> # ipa dnszone-add example.com --name-server @ --ip-address 10.0.0.1
>>>
>>> Martin
>>>
>>>
>>
>> Forgot to squash NS check fix. Updated patch attached.
> 
> Overall it looks good.
> 
> The API needs to be updated.
> 
> We had no formal string freeze but do we need to change doc strings now or can
> these be deferred (except may be the examples)?
> 
> 
> rob

API updated.
Relaxed check for root zone that Petr Spacek pointed out was removed.

As for the string changes... I think that the only optional change is this one:

@@ -1726,10 +1764,10 @@ class dnszone_add(LDAPCreate):
     takes_options = LDAPCreate.takes_options + (
         Flag('force',
              label=_('Force'),
-             doc=_('Force DNS zone creation even if nameserver not in DNS.'),
+             doc=_('Force DNS zone creation even if nameserver is not
resolvable.'),
         ),
         Str('ip_address?', _validate_ipaddr,
-            doc=_('Add the nameserver to DNS with this IP address'),
+            doc=_('Add forward record for nameserver located in the created
zone'),
         ),
     )


Other changes are needed to make our processing of domain name clear, like

-                    error=unicode(_("Nameserver address is not a fully
qualified domain name")))
+                    error=_("Nameserver address is not a domain name"))

Updated patch attached.

Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-328-3-process-relative-nameserver-dns-record-correctly.patch
Type: text/x-patch
Size: 21814 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121102/1884d201/attachment.bin>

More information about the Freeipa-devel mailing list