Re: [Freeipa-devel] [PATCH] 791 don't add IP address when creating zone

2011-05-27 Thread Martin Kosek 
On Thu, 2011-05-26 at 15:11 -0400, Rob Crittenden wrote:
 When creating a DNS zone if an IP address was passed in that address was 
 added to the record of the IPA server.
 
 This was causing problems when creating new reverse zones for different 
 subnets with ipa-replica-prepare. If you padded in --ip_address then a 
 new reverse DNS zone would be created and the new IP would be added to 
 the IPA master. Installing the replica file would fail with odd errors.
 
 ticket 1223
 
 rob

NACK. This breaks current --ip-address option functionality for
dnszone-add added in ticket #838. It is a shortcut to add a new zone
with a non-resolvable name server and the A/ record of the new name
server at the same time.

This is behavior with your patch (ns.example.com is not resolvable):
# ipa dnszone-add example.com --name-server=ns.example.com 
--admin-email=ad...@example.com --ip-address=1.2.3.4
  Zone name: example.com
  Authoritative nameserver: ns.example.com.
  Administrator e-mail address: admin.example.com.
  SOA serial: 2011270501
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Dynamic update: FALSE
# ipa dnsrecord-show example.com ns
ipa: ERROR: ns: DNS resource record not found

And without it:
# ipa dnszone-add example2.com --name-server=ns.example2.com 
--admin-email=ad...@example2.com --ip-address=1.2.3.4
  Zone name: example2.com
  Authoritative nameserver: ns.example2.com.
  Administrator e-mail address: admin.example2.com.
  SOA serial: 2011270501
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Dynamic update: FALSE
# ipa dnsrecord-show example2.com ns  Record name: ns
  A record: 1.2.3.4

I think all we have to do is to fix ipa-replica-prepare:
...
if options.ip_address:
print Adding DNS records for %s % replica_fqdn
api.Backend.ldap2.connect(bind_dn=cn=Directory Manager, 
bind_pw=dirman_password)

domain = replica_fqdn.split(.)
name = domain.pop(0)
domain = ..join(domain)

zone = add_zone(domain, nsaddr=options.ip_address)
add_rr(zone, name, A, options.ip_address)
add_reverse_zone(options.ip_address)   == BUG
add_ptr_rr(options.ip_address, replica_fqdn)

Currently, we are adding a reverse zone with a name server IP address
pointing to the new replica instead of the current master. And this is
just wrong.

Martin

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 791 don't add IP address when creating zone

2011-05-26 Thread Rob Crittenden 
When creating a DNS zone if an IP address was passed in that address was 
added to the record of the IPA server.


This was causing problems when creating new reverse zones for different 
subnets with ipa-replica-prepare. If you padded in --ip_address then a 
new reverse DNS zone would be created and the new IP would be added to 
the IPA master. Installing the replica file would fail with odd errors.


ticket 1223

rob
From 783f1a3f5705cbba67d3109b310e11bbc9eb09c1 Mon Sep 17 00:00:00 2001
From: Rob Crittenden rcrit...@redhat.com
Date: Thu, 26 May 2011 14:30:17 -0400
Subject: [PATCH] Adding a forward record when creating a zone was adding bad aRecord.

The aRecord for the DNS server was getting a new aRecord for each
zone created. This occurred when a new reverse zone was created and
made the installation of a replics in the new subnet fail.

ticket 1223
---
 ipalib/plugins/dns.py |   10 --
 1 files changed, 0 insertions(+), 10 deletions(-)

diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py
index 3f8753d..4161a64 100644
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@@ -376,16 +376,6 @@ class dnszone_add(LDAPCreate):
 entry_attrs['idnssoamname'] = nameserver
 return dn
 
-def post_callback(self, ldap, dn, entry_attrs, *keys, **options):
-if 'ip_address' in options:
-nameserver = entry_attrs['idnssoamname'][0][:-1] # ends with a dot
-nsparts = nameserver.split('.')
-add_forward_record('.'.join(nsparts[1:]),
-   nsparts[0],
-   options['ip_address'])
-
-return dn
-
 api.register(dnszone_add)
 
 
-- 
1.7.4

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel