[Freeipa-users] Wildcard DNS record supported ?

Martin Kosek mkosek at redhat.com
Mon May 26 10:19:20 UTC 2014 

On 05/25/2014 08:29 PM, Rob Crittenden wrote:
> Matt . wrote:
>> Indeed!
> 
> Look for the regex in ipalib/plugins/dns.py . I'd suspect you'll need to
> modify the hostname validator, validate_hostname, in ipalib/util.py.
> 
> Be wary of edge cases.
> 
> For instructions on testing, see http://www.freeipa.org/page/Testing
> 
> For how to contribute the patch, see http://www.freeipa.org/page/Contribute
> 
> regards
> 
> rob

That's the spirit! Thanks guys! But please focus on a different battle, as I
noted in the beginning, this feature is already being worked on, see thread
'[PATCH 0029-0046] Internationalized domain names in DNS plugin' in
freeipa-devel list.

With the proposed patches (work in progress), I am able to add wildcard names
and have them resolved:

# ipa dnszone-add example.test --name-server=`hostname`.
Administrator e-mail address [hostmaster.example.test.]:
  Zone name: example.test.
  Authoritative nameserver: ipa.mkosek-fedora20.test.
  Administrator e-mail address: hostmaster.example.test.
  SOA serial: 1401099233
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant MKOSEK-FEDORA20.TEST krb5-self * A; grant
MKOSEK-FEDORA20.TEST krb5-self *
                      AAAA; grant MKOSEK-FEDORA20.TEST krb5-self * SSHFP;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;

# dig -t soa example.test

; <<>> DiG 9.9.4-P2-RedHat-9.9.4-12.P2.fc20 <<>> -t soa example.test
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17653
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;example.test.			IN	SOA

;; ANSWER SECTION:
example.test.		86400	IN	SOA	ipa.mkosek-fedora20.test. hostmaster.example.test.
1401099236 3600 900 1209600 3600

;; AUTHORITY SECTION:
example.test.		86400	IN	NS	ipa.mkosek-fedora20.test.

;; ADDITIONAL SECTION:
ipa.mkosek-fedora20.test. 1200	IN	A	10.34.47.236

;; Query time: 4 msec
;; SERVER: 10.34.47.236#53(10.34.47.236)
;; WHEN: Mon May 26 12:14:00 CEST 2014
;; MSG SIZE  rcvd: 138


# ipa dnsrecord-add example.test *.wildcardtest --a-rec 1.2.3.4
  Record name: *.wildcardtest
  A record: 1.2.3.4

# host foo.wildcardtest.example.test
foo.wildcardtest.example.test has address 1.2.3.4

# host bar.wildcardtest.example.test
bar.wildcardtest.example.test has address 1.2.3.4


You are still welcome to participate in a patch review/testing of this patch
set (warning - there are bugs preventing a clean installation of updated rpm, I
had to upload the changed files to existing installation).

Martin

More information about the Freeipa-users mailing list