[Freeipa-users] Wildcard DNS record supported ?
Martin Kosek
mkosek at redhat.com
Mon May 26 10:19:20 UTC 2014
On 05/25/2014 08:29 PM, Rob Crittenden wrote:
> Matt . wrote:
>> Indeed!
>
> Look for the regex in ipalib/plugins/dns.py . I'd suspect you'll need to
> modify the hostname validator, validate_hostname, in ipalib/util.py.
>
> Be wary of edge cases.
>
> For instructions on testing, see http://www.freeipa.org/page/Testing
>
> For how to contribute the patch, see http://www.freeipa.org/page/Contribute
>
> regards
>
> rob
That's the spirit! Thanks guys! But please focus on a different battle, as I
noted in the beginning, this feature is already being worked on, see thread
'[PATCH 0029-0046] Internationalized domain names in DNS plugin' in
freeipa-devel list.
With the proposed patches (work in progress), I am able to add wildcard names
and have them resolved:
# ipa dnszone-add example.test --name-server=`hostname`.
Administrator e-mail address [hostmaster.example.test.]:
Zone name: example.test.
Authoritative nameserver: ipa.mkosek-fedora20.test.
Administrator e-mail address: hostmaster.example.test.
SOA serial: 1401099233
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
BIND update policy: grant MKOSEK-FEDORA20.TEST krb5-self * A; grant
MKOSEK-FEDORA20.TEST krb5-self *
AAAA; grant MKOSEK-FEDORA20.TEST krb5-self * SSHFP;
Active zone: TRUE
Dynamic update: FALSE
Allow query: any;
Allow transfer: none;
# dig -t soa example.test
; <<>> DiG 9.9.4-P2-RedHat-9.9.4-12.P2.fc20 <<>> -t soa example.test
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17653
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.test. IN SOA
;; ANSWER SECTION:
example.test. 86400 IN SOA ipa.mkosek-fedora20.test. hostmaster.example.test.
1401099236 3600 900 1209600 3600
;; AUTHORITY SECTION:
example.test. 86400 IN NS ipa.mkosek-fedora20.test.
;; ADDITIONAL SECTION:
ipa.mkosek-fedora20.test. 1200 IN A 10.34.47.236
;; Query time: 4 msec
;; SERVER: 10.34.47.236#53(10.34.47.236)
;; WHEN: Mon May 26 12:14:00 CEST 2014
;; MSG SIZE rcvd: 138
# ipa dnsrecord-add example.test *.wildcardtest --a-rec 1.2.3.4
Record name: *.wildcardtest
A record: 1.2.3.4
# host foo.wildcardtest.example.test
foo.wildcardtest.example.test has address 1.2.3.4
# host bar.wildcardtest.example.test
bar.wildcardtest.example.test has address 1.2.3.4
You are still welcome to participate in a patch review/testing of this patch
set (warning - there are bugs preventing a clean installation of updated rpm, I
had to upload the changed files to existing installation).
Martin
More information about the Freeipa-users
mailing list