Simo did a nice writeup of the changes in
https://fedorahosted.org/freeipa/ticket/931
>From d27c228160b5bfc460055392389e2ba966263709 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Thu, 10 Feb 2011 21:47:45 +0100
Subject: [PATCH] Fine tuning DNS options
Add pointer to self to /etc/hosts to avoid chicken/egg problems when
restarting DNS.
On servers set both dns_lookup_realm and dns_lookup_kdc to false so we don't
attempt to do any resolving. Leave it to true on clients.
Set rdns to false on both server and client.
https://fedorahosted.org/freeipa/ticket/931
---
install/share/krb5.conf.template |5 +++--
ipa-client/ipa-install/ipa-client-install |1 +
ipaserver/install/bindinstance.py |3 +++
ipaserver/install/installutils.py | 24
4 files changed, 27 insertions(+), 6 deletions(-)
diff --git a/install/share/krb5.conf.template b/install/share/krb5.conf.template
index 9cf4ee8..93d88db 100644
--- a/install/share/krb5.conf.template
+++ b/install/share/krb5.conf.template
@@ -5,8 +5,9 @@
[libdefaults]
default_realm = $REALM
- dns_lookup_realm = true
- dns_lookup_kdc = true
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ rdns = false
ticket_lifetime = 24h
forwardable = yes
diff --git a/ipa-client/ipa-install/ipa-client-install
b/ipa-client/ipa-install/ipa-client-install
index a32564d..9211a86 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -408,6 +408,7 @@ def configure_krb5_conf(fstore, cli_basedn, cli_realm,
cli_domain, cli_server, d
else:
libopts.append({'name':'dns_lookup_realm', 'type':'option',
'value':'true'})
libopts.append({'name':'dns_lookup_kdc', 'type':'option',
'value':'true'})
+libopts.append({'name':'rdns', 'type':'option', 'value':'false'})
libopts.append({'name':'ticket_lifetime', 'type':'option', 'value':'24h'})
libopts.append({'name':'forwardable', 'type':'option', 'value':'yes'})
diff --git a/ipaserver/install/bindinstance.py
b/ipaserver/install/bindinstance.py
index 8790427..ea9280b 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -297,6 +297,9 @@ class BindInstance(service.Service):
# get a connection to the DS
self.ldap_connect()
+if not installutils.record_in_hosts(self.ip_address, self.fqdn):
+installutils.add_record_to_hosts(self.ip_address, self.fqdn)
+
if not dns_container_exists(self.fqdn, self.suffix):
self.step("adding DNS container", self.__setup_dns_container)
if not dns_zone_exists(self.domain):
diff --git a/ipaserver/install/installutils.py
b/ipaserver/install/installutils.py
index 99d1582..56b 100644
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -156,6 +156,25 @@ def verify_ip_address(ip):
is_ok = False
return is_ok
+def record_in_hosts(ip, host_name, file="/etc/hosts"):
+hosts = open(file, 'r').readlines()
+for line in hosts:
+hosts_ip = line.split()[0]
+if hosts_ip != ip:
+continue
+
+names = line.split()[1:]
+if host_name in names:
+return True
+
+return False
+
+def add_record_to_hosts(ip, host_name, file="/etc/hosts"):
+hosts_fd = open(file, 'r+')
+hosts_fd.seek(0, 2)
+hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n')
+hosts_fd.close()
+
def read_ip_address(host_name, fstore):
while True:
ip = ipautil.user_input("Please provide the IP address to be used for
this host name", allow_empty = False)
@@ -169,10 +188,7 @@ def read_ip_address(host_name, fstore):
print "Adding ["+ip+" "+host_name+"] to your /etc/hosts file"
fstore.backup_file("/etc/hosts")
-hosts_fd = open('/etc/hosts', 'r+')
-hosts_fd.seek(0, 2)
-hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n')
-hosts_fd.close()
+add_record_to_hosts(ip, host_name)
return ip
--
1.7.4
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
