freeipa/ipapython/dnsutil.py

# Authors: Martin Basti <mbasti@redhat.com>
#
# Copyright (C) 2007-2014  Red Hat
# see file 'COPYING' for use and warranty information
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.    See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

import dns.name
import dns.exception
import copy

import six

if six.PY3:
    unicode = str


@six.python_2_unicode_compatible
class DNSName(dns.name.Name):
    labels = None  # make pylint happy

    @classmethod
    def from_text(cls, labels, origin=None):
        return cls(dns.name.from_text(labels, origin))

    def __init__(self, labels, origin=None):
        try:
            if isinstance(labels, six.string_types):
                #pylint: disable=E1101
                labels = dns.name.from_text(unicode(labels), origin).labels
            elif isinstance(labels, dns.name.Name):
                labels = labels.labels

            super(DNSName, self).__init__(labels)
        except UnicodeError as e:
            # dnspython bug, an invalid domain name returns the UnicodeError
            # instead of a dns.exception
            raise dns.exception.SyntaxError(e)

    def __bool__(self):
        #dns.name.from_text('@') is represented like empty tuple
        #we need to acting '@' as nonzero value
        return True

    __nonzero__ = __bool__  # for Python 2

    def __copy__(self):
        return DNSName(self.labels)

    def __deepcopy__(self, memo):
        return DNSName(copy.deepcopy(self.labels, memo))

    def __str__(self):
        return self.to_unicode()

    def ToASCII(self):
        #method named by RFC 3490 and python standard library
        return self.to_text().decode('ascii')  # must be unicode string

    def canonicalize(self):
        return DNSName(super(DNSName, self).canonicalize())

    def concatenate(self, other):
        return DNSName(super(DNSName, self).concatenate(other))

    def relativize(self, origin):
        return DNSName(super(DNSName, self).relativize(origin))

    def derelativize(self, origin):
        return DNSName(super(DNSName, self).derelativize(origin))

    def choose_relativity(self, origin=None, relativize=True):
        return DNSName(super(DNSName, self).choose_relativity(origin=origin,
                       relativize=relativize))

    def make_absolute(self):
        return self.derelativize(self.root)

    def is_idn(self):
        return any(label.startswith('xn--') for label in self.labels)

    def is_ip4_reverse(self):
        return self.is_subdomain(self.ip4_rev_zone)

    def is_ip6_reverse(self):
        return self.is_subdomain(self.ip6_rev_zone)

    def is_reverse(self):
        return self.is_ip4_reverse() or self.is_ip6_reverse()

    def is_empty(self):
        return len(self.labels) == 0


#DNS public constants
DNSName.root = DNSName(dns.name.root)  # '.'
DNSName.empty = DNSName(dns.name.empty)  # '@'
DNSName.ip4_rev_zone = DNSName(('in-addr', 'arpa', ''))
DNSName.ip6_rev_zone = DNSName(('ip6', 'arpa', ''))

# Empty zones are defined in various RFCs. BIND is by default serving them.
# This constat should contain everything listed in
# IANA registry "Locally-Served DNS Zones"
# URL: http://www.iana.org/assignments/locally-served-dns-zones
# + AS112 zone defined in RFC 7534. It is not in the registry for some
# reason but BIND 9.10 is serving it as automatic empty zones.
EMPTY_ZONES = [DNSName(aez).make_absolute() for aez in [
        # RFC 1918
        "10.IN-ADDR.ARPA", "16.172.IN-ADDR.ARPA", "17.172.IN-ADDR.ARPA",
        "18.172.IN-ADDR.ARPA", "19.172.IN-ADDR.ARPA", "20.172.IN-ADDR.ARPA",
        "21.172.IN-ADDR.ARPA", "22.172.IN-ADDR.ARPA", "23.172.IN-ADDR.ARPA",
        "24.172.IN-ADDR.ARPA", "25.172.IN-ADDR.ARPA", "26.172.IN-ADDR.ARPA",
        "27.172.IN-ADDR.ARPA", "28.172.IN-ADDR.ARPA", "29.172.IN-ADDR.ARPA",
        "30.172.IN-ADDR.ARPA", "31.172.IN-ADDR.ARPA", "168.192.IN-ADDR.ARPA",
        # RFC 6598
        "64.100.IN-ADDR.ARPA", "65.100.IN-ADDR.ARPA", "66.100.IN-ADDR.ARPA",
        "67.100.IN-ADDR.ARPA", "68.100.IN-ADDR.ARPA", "69.100.IN-ADDR.ARPA",
        "70.100.IN-ADDR.ARPA", "71.100.IN-ADDR.ARPA", "72.100.IN-ADDR.ARPA",
        "73.100.IN-ADDR.ARPA", "74.100.IN-ADDR.ARPA", "75.100.IN-ADDR.ARPA",
        "76.100.IN-ADDR.ARPA", "77.100.IN-ADDR.ARPA", "78.100.IN-ADDR.ARPA",
        "79.100.IN-ADDR.ARPA", "80.100.IN-ADDR.ARPA", "81.100.IN-ADDR.ARPA",
        "82.100.IN-ADDR.ARPA", "83.100.IN-ADDR.ARPA", "84.100.IN-ADDR.ARPA",
        "85.100.IN-ADDR.ARPA", "86.100.IN-ADDR.ARPA", "87.100.IN-ADDR.ARPA",
        "88.100.IN-ADDR.ARPA", "89.100.IN-ADDR.ARPA", "90.100.IN-ADDR.ARPA",
        "91.100.IN-ADDR.ARPA", "92.100.IN-ADDR.ARPA", "93.100.IN-ADDR.ARPA",
        "94.100.IN-ADDR.ARPA", "95.100.IN-ADDR.ARPA", "96.100.IN-ADDR.ARPA",
        "97.100.IN-ADDR.ARPA", "98.100.IN-ADDR.ARPA", "99.100.IN-ADDR.ARPA",
        "100.100.IN-ADDR.ARPA", "101.100.IN-ADDR.ARPA",
        "102.100.IN-ADDR.ARPA", "103.100.IN-ADDR.ARPA",
        "104.100.IN-ADDR.ARPA", "105.100.IN-ADDR.ARPA",
        "106.100.IN-ADDR.ARPA", "107.100.IN-ADDR.ARPA",
        "108.100.IN-ADDR.ARPA", "109.100.IN-ADDR.ARPA",
        "110.100.IN-ADDR.ARPA", "111.100.IN-ADDR.ARPA",
        "112.100.IN-ADDR.ARPA", "113.100.IN-ADDR.ARPA",
        "114.100.IN-ADDR.ARPA", "115.100.IN-ADDR.ARPA",
        "116.100.IN-ADDR.ARPA", "117.100.IN-ADDR.ARPA",
        "118.100.IN-ADDR.ARPA", "119.100.IN-ADDR.ARPA",
        "120.100.IN-ADDR.ARPA", "121.100.IN-ADDR.ARPA",
        "122.100.IN-ADDR.ARPA", "123.100.IN-ADDR.ARPA",
        "124.100.IN-ADDR.ARPA", "125.100.IN-ADDR.ARPA",
        "126.100.IN-ADDR.ARPA", "127.100.IN-ADDR.ARPA",
        # RFC 5735 and RFC 5737
        "0.IN-ADDR.ARPA", "127.IN-ADDR.ARPA", "254.169.IN-ADDR.ARPA",
        "2.0.192.IN-ADDR.ARPA", "100.51.198.IN-ADDR.ARPA",
        "113.0.203.IN-ADDR.ARPA", "255.255.255.255.IN-ADDR.ARPA",
        # Local IPv6 Unicast Addresses
        "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA",
        "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA",
        # LOCALLY ASSIGNED LOCAL ADDRESS SCOPE
        "D.F.IP6.ARPA", "8.E.F.IP6.ARPA", "9.E.F.IP6.ARPA", "A.E.F.IP6.ARPA",
        "B.E.F.IP6.ARPA",
        # Example Prefix, RFC 3849.
        "8.B.D.0.1.0.0.2.IP6.ARPA",
        # RFC 7534
        "EMPTY.AS112.ARPA",
    ]]


def assert_absolute_dnsname(name):
    """Raise AssertionError if name is not DNSName or is not absolute.

    >>> assert_absolute_dnsname(DNSName('absolute.name.example.'))
    >>> assert_absolute_dnsname(DNSName('relative.name.example'))
    Traceback (most recent call last):
      ...
    AssertionError: name must be absolute, ...
    >>> assert_absolute_dnsname('absolute.string.example.')
    Traceback (most recent call last):
      ...
    AssertionError: name must be DNSName instance, ...
    """

    assert isinstance(name, DNSName), ("name must be DNSName instance, "
                                       "got '%s'" % type(name))
    assert name.is_absolute(), "name must be absolute, got '%s'" % name


def is_auto_empty_zone(zone):
    """True if specified zone name exactly matches an automatic empty zone.

    >>> is_auto_empty_zone(DNSName('in-addr.arpa.'))
    False
    >>> is_auto_empty_zone(DNSName('10.in-addr.arpa.'))
    True
    >>> is_auto_empty_zone(DNSName('1.10.in-addr.arpa.'))
    False
    >>> is_auto_empty_zone(DNSName('10.in-addr.arpa'))
    Traceback (most recent call last):
      ...
    AssertionError: ...
    """
    assert_absolute_dnsname(zone)
    return zone in EMPTY_ZONES
DNSName type Type used to store domain names based on dnspython Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-04-09 05:37:39 -05:00			`# Authors: Martin Basti <mbasti@redhat.com>`
			`#`
			`# Copyright (C) 2007-2014 Red Hat`
			`# see file 'COPYING' for use and warranty information`
			`#`
			`# This program is free software; you can redistribute it and/or modify`
			`# it under the terms of the GNU General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`
			`#`

			`import dns.name`
Fix handle python-dns UnicodeError Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-06-20 05:53:06 -05:00			`import dns.exception`
DNSName type Type used to store domain names based on dnspython Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-04-09 05:37:39 -05:00			`import copy`

Use six.python_2_unicode_compatible Rename __unicode__ to __str__ in classes which define it and use the six.python_2_unicode_compatible decorator on them to make them compatible with both Python 2 and 3. Additional changes were required for the ipapython.dnsutil.DNSName class, because it defined both __str__ and __unicode__. Reviewed-By: Petr Viktorin <pviktori@redhat.com> 2015-08-31 02:26:27 -05:00			`import six`
DNSName type Type used to store domain names based on dnspython Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-04-09 05:37:39 -05:00
Alias "unicode" to "str" under Python 3 The six way of doing this is to replace all occurences of "unicode" with "six.text_type". However, "unicode" is non-ambiguous and (arguably) easier to read. Also, using it makes the patches smaller, which should help with backporting. Reviewed-By: Petr Viktorin <pviktori@redhat.com> 2015-09-11 06:43:28 -05:00			`if six.PY3:`
			`unicode = str`

Use six.python_2_unicode_compatible Rename __unicode__ to __str__ in classes which define it and use the six.python_2_unicode_compatible decorator on them to make them compatible with both Python 2 and 3. Additional changes were required for the ipapython.dnsutil.DNSName class, because it defined both __str__ and __unicode__. Reviewed-By: Petr Viktorin <pviktori@redhat.com> 2015-08-31 02:26:27 -05:00
			`@six.python_2_unicode_compatible`
DNSName type Type used to store domain names based on dnspython Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-04-09 05:37:39 -05:00			`class DNSName(dns.name.Name):`
			`labels = None # make pylint happy`

Use six.python_2_unicode_compatible Rename __unicode__ to __str__ in classes which define it and use the six.python_2_unicode_compatible decorator on them to make them compatible with both Python 2 and 3. Additional changes were required for the ipapython.dnsutil.DNSName class, because it defined both __str__ and __unicode__. Reviewed-By: Petr Viktorin <pviktori@redhat.com> 2015-08-31 02:26:27 -05:00			`@classmethod`
			`def from_text(cls, labels, origin=None):`
			`return cls(dns.name.from_text(labels, origin))`

DNSName type Type used to store domain names based on dnspython Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-04-09 05:37:39 -05:00			`def __init__(self, labels, origin=None):`
			`try:`
Use six.python_2_unicode_compatible Rename __unicode__ to __str__ in classes which define it and use the six.python_2_unicode_compatible decorator on them to make them compatible with both Python 2 and 3. Additional changes were required for the ipapython.dnsutil.DNSName class, because it defined both __str__ and __unicode__. Reviewed-By: Petr Viktorin <pviktori@redhat.com> 2015-08-31 02:26:27 -05:00			`if isinstance(labels, six.string_types):`
Raise right exception if domain name is not valid Because of dnspython implementation, in some cases UnicodeError is raised instead of DNS SyntaxError Ticket: https://fedorahosted.org/freeipa/ticket/4734 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-11-19 07:51:20 -06:00			`#pylint: disable=E1101`
Fix more bytes/unicode issues Reviewed-By: Tomas Babej <tbabej@redhat.com> 2015-09-17 11:46:14 -05:00			`labels = dns.name.from_text(unicode(labels), origin).labels`
Raise right exception if domain name is not valid Because of dnspython implementation, in some cases UnicodeError is raised instead of DNS SyntaxError Ticket: https://fedorahosted.org/freeipa/ticket/4734 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-11-19 07:51:20 -06:00			`elif isinstance(labels, dns.name.Name):`
			`labels = labels.labels`

DNSName type Type used to store domain names based on dnspython Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-04-09 05:37:39 -05:00			`super(DNSName, self).__init__(labels)`
Modernize 'except' clauses The 'as' syntax works from Python 2 on, and Python 3 will drop the "comma" syntax. Reviewed-By: Tomas Babej <tbabej@redhat.com> 2015-07-30 09:49:29 -05:00			`except UnicodeError as e:`
Fix handle python-dns UnicodeError Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-06-20 05:53:06 -05:00			`# dnspython bug, an invalid domain name returns the UnicodeError`
			`# instead of a dns.exception`
			`raise dns.exception.SyntaxError(e)`
DNSName type Type used to store domain names based on dnspython Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-04-09 05:37:39 -05:00
dnsutil: Rename __nonzero__ to __bool__ In Python 3, this special method got renamed. Set both to the same function to keep compatibility. https://fedorahosted.org/freeipa/ticket/5623 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> 2016-01-05 07:03:50 -06:00			`def __bool__(self):`
DNSName type Type used to store domain names based on dnspython Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-04-09 05:37:39 -05:00			`#dns.name.from_text('@') is represented like empty tuple`
			`#we need to acting '@' as nonzero value`
			`return True`

dnsutil: Rename __nonzero__ to __bool__ In Python 3, this special method got renamed. Set both to the same function to keep compatibility. https://fedorahosted.org/freeipa/ticket/5623 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> 2016-01-05 07:03:50 -06:00			`__nonzero__ = __bool__ # for Python 2`

DNSName type Type used to store domain names based on dnspython Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-04-09 05:37:39 -05:00			`def __copy__(self):`
			`return DNSName(self.labels)`

			`def __deepcopy__(self, memo):`
			`return DNSName(copy.deepcopy(self.labels, memo))`

			`def __str__(self):`
			`return self.to_unicode()`

			`def ToASCII(self):`
			`#method named by RFC 3490 and python standard library`
Use six.python_2_unicode_compatible Rename __unicode__ to __str__ in classes which define it and use the six.python_2_unicode_compatible decorator on them to make them compatible with both Python 2 and 3. Additional changes were required for the ipapython.dnsutil.DNSName class, because it defined both __str__ and __unicode__. Reviewed-By: Petr Viktorin <pviktori@redhat.com> 2015-08-31 02:26:27 -05:00			`return self.to_text().decode('ascii') # must be unicode string`
DNSName type Type used to store domain names based on dnspython Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-04-09 05:37:39 -05:00
DNSSEC: DNS key synchronization daemon Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com> 2014-10-16 08:43:29 -05:00			`def canonicalize(self):`
			`return DNSName(super(DNSName, self).canonicalize())`

DNSName type Type used to store domain names based on dnspython Part of ticket: IPA should allow internationalized domain names https://fedorahosted.org/freeipa/ticket/3169 Reviewed-By: Jan Cholasta <jcholast@redhat.com> 2014-04-09 05:37:39 -05:00			`def concatenate(self, other):`
			`return DNSName(super(DNSName, self).concatenate(other))`

			`def relativize(self, origin):`
			`return DNSName(super(DNSName, self).relativize(origin))`

			`def derelativize(self, origin):`
			`return DNSName(super(DNSName, self).derelativize(origin))`

			`def choose_relativity(self, origin=None, relativize=True):`
			`return DNSName(super(DNSName, self).choose_relativity(origin=origin,`
			`relativize=relativize))`

			`def make_absolute(self):`
			`return self.derelativize(self.root)`

			`def is_idn(self):`
			`return any(label.startswith('xn--') for label in self.labels)`

			`def is_ip4_reverse(self):`
			`return self.is_subdomain(self.ip4_rev_zone)`

			`def is_ip6_reverse(self):`
			`return self.is_subdomain(self.ip6_rev_zone)`

			`def is_reverse(self):`
			`return self.is_ip4_reverse() or self.is_ip6_reverse()`

			`def is_empty(self):`
			`return len(self.labels) == 0`


			`#DNS public constants`
			`DNSName.root = DNSName(dns.name.root) # '.'`
			`DNSName.empty = DNSName(dns.name.empty) # '@'`
			`DNSName.ip4_rev_zone = DNSName(('in-addr', 'arpa', ''))`
			`DNSName.ip6_rev_zone = DNSName(('ip6', 'arpa', ''))`
Move automatic empty zone list into ipapython.dnsutil and make it reusable https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com> 2016-03-07 05:00:21 -06:00
			`# Empty zones are defined in various RFCs. BIND is by default serving them.`
			`# This constat should contain everything listed in`
			`# IANA registry "Locally-Served DNS Zones"`
			`# URL: http://www.iana.org/assignments/locally-served-dns-zones`
			`# + AS112 zone defined in RFC 7534. It is not in the registry for some`
			`# reason but BIND 9.10 is serving it as automatic empty zones.`
			`EMPTY_ZONES = [DNSName(aez).make_absolute() for aez in [`
			`# RFC 1918`
			`"10.IN-ADDR.ARPA", "16.172.IN-ADDR.ARPA", "17.172.IN-ADDR.ARPA",`
			`"18.172.IN-ADDR.ARPA", "19.172.IN-ADDR.ARPA", "20.172.IN-ADDR.ARPA",`
			`"21.172.IN-ADDR.ARPA", "22.172.IN-ADDR.ARPA", "23.172.IN-ADDR.ARPA",`
			`"24.172.IN-ADDR.ARPA", "25.172.IN-ADDR.ARPA", "26.172.IN-ADDR.ARPA",`
			`"27.172.IN-ADDR.ARPA", "28.172.IN-ADDR.ARPA", "29.172.IN-ADDR.ARPA",`
			`"30.172.IN-ADDR.ARPA", "31.172.IN-ADDR.ARPA", "168.192.IN-ADDR.ARPA",`
			`# RFC 6598`
			`"64.100.IN-ADDR.ARPA", "65.100.IN-ADDR.ARPA", "66.100.IN-ADDR.ARPA",`
			`"67.100.IN-ADDR.ARPA", "68.100.IN-ADDR.ARPA", "69.100.IN-ADDR.ARPA",`
			`"70.100.IN-ADDR.ARPA", "71.100.IN-ADDR.ARPA", "72.100.IN-ADDR.ARPA",`
			`"73.100.IN-ADDR.ARPA", "74.100.IN-ADDR.ARPA", "75.100.IN-ADDR.ARPA",`
			`"76.100.IN-ADDR.ARPA", "77.100.IN-ADDR.ARPA", "78.100.IN-ADDR.ARPA",`
			`"79.100.IN-ADDR.ARPA", "80.100.IN-ADDR.ARPA", "81.100.IN-ADDR.ARPA",`
			`"82.100.IN-ADDR.ARPA", "83.100.IN-ADDR.ARPA", "84.100.IN-ADDR.ARPA",`
			`"85.100.IN-ADDR.ARPA", "86.100.IN-ADDR.ARPA", "87.100.IN-ADDR.ARPA",`
			`"88.100.IN-ADDR.ARPA", "89.100.IN-ADDR.ARPA", "90.100.IN-ADDR.ARPA",`
			`"91.100.IN-ADDR.ARPA", "92.100.IN-ADDR.ARPA", "93.100.IN-ADDR.ARPA",`
			`"94.100.IN-ADDR.ARPA", "95.100.IN-ADDR.ARPA", "96.100.IN-ADDR.ARPA",`
			`"97.100.IN-ADDR.ARPA", "98.100.IN-ADDR.ARPA", "99.100.IN-ADDR.ARPA",`
			`"100.100.IN-ADDR.ARPA", "101.100.IN-ADDR.ARPA",`
			`"102.100.IN-ADDR.ARPA", "103.100.IN-ADDR.ARPA",`
			`"104.100.IN-ADDR.ARPA", "105.100.IN-ADDR.ARPA",`
			`"106.100.IN-ADDR.ARPA", "107.100.IN-ADDR.ARPA",`
			`"108.100.IN-ADDR.ARPA", "109.100.IN-ADDR.ARPA",`
			`"110.100.IN-ADDR.ARPA", "111.100.IN-ADDR.ARPA",`
			`"112.100.IN-ADDR.ARPA", "113.100.IN-ADDR.ARPA",`
			`"114.100.IN-ADDR.ARPA", "115.100.IN-ADDR.ARPA",`
			`"116.100.IN-ADDR.ARPA", "117.100.IN-ADDR.ARPA",`
			`"118.100.IN-ADDR.ARPA", "119.100.IN-ADDR.ARPA",`
			`"120.100.IN-ADDR.ARPA", "121.100.IN-ADDR.ARPA",`
			`"122.100.IN-ADDR.ARPA", "123.100.IN-ADDR.ARPA",`
			`"124.100.IN-ADDR.ARPA", "125.100.IN-ADDR.ARPA",`
			`"126.100.IN-ADDR.ARPA", "127.100.IN-ADDR.ARPA",`
			`# RFC 5735 and RFC 5737`
			`"0.IN-ADDR.ARPA", "127.IN-ADDR.ARPA", "254.169.IN-ADDR.ARPA",`
			`"2.0.192.IN-ADDR.ARPA", "100.51.198.IN-ADDR.ARPA",`
			`"113.0.203.IN-ADDR.ARPA", "255.255.255.255.IN-ADDR.ARPA",`
			`# Local IPv6 Unicast Addresses`
			`"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA",`
			`"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA",`
			`# LOCALLY ASSIGNED LOCAL ADDRESS SCOPE`
			`"D.F.IP6.ARPA", "8.E.F.IP6.ARPA", "9.E.F.IP6.ARPA", "A.E.F.IP6.ARPA",`
			`"B.E.F.IP6.ARPA",`
			`# Example Prefix, RFC 3849.`
			`"8.B.D.0.1.0.0.2.IP6.ARPA",`
			`# RFC 7534`
			`"EMPTY.AS112.ARPA",`
			`]]`
Add assert_absolute_dnsname() helper to ipapython.dnsutil Sanity check for zone names and such should be the same everywhere. This new function will be a replacement for ad-hoc checks. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com> 2016-03-07 06:24:31 -06:00

			`def assert_absolute_dnsname(name):`
			`"""Raise AssertionError if name is not DNSName or is not absolute.`

			`>>> assert_absolute_dnsname(DNSName('absolute.name.example.'))`
			`>>> assert_absolute_dnsname(DNSName('relative.name.example'))`
			`Traceback (most recent call last):`
			`...`
			`AssertionError: name must be absolute, ...`
			`>>> assert_absolute_dnsname('absolute.string.example.')`
			`Traceback (most recent call last):`
			`...`
			`AssertionError: name must be DNSName instance, ...`
			`"""`

			`assert isinstance(name, DNSName), ("name must be DNSName instance, "`
			`"got '%s'" % type(name))`
			`assert name.is_absolute(), "name must be absolute, got '%s'" % name`
Move function is_auto_empty_zone() into ipapython.dnsutil I'm going to extend this so it is better to have it in module. At the same time it is now using shared assert_absolute_dnsname() helper. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com> 2016-03-07 06:30:35 -06:00

			`def is_auto_empty_zone(zone):`
Use shared sanity check and tests ipapython.dnsutil.is_auto_empty_zone() https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com> 2016-03-07 07:10:34 -06:00			`"""True if specified zone name exactly matches an automatic empty zone.`

			`>>> is_auto_empty_zone(DNSName('in-addr.arpa.'))`
			`False`
			`>>> is_auto_empty_zone(DNSName('10.in-addr.arpa.'))`
			`True`
			`>>> is_auto_empty_zone(DNSName('1.10.in-addr.arpa.'))`
			`False`
			`>>> is_auto_empty_zone(DNSName('10.in-addr.arpa'))`
			`Traceback (most recent call last):`
			`...`
			`AssertionError: ...`
			`"""`
			`assert_absolute_dnsname(zone)`
Move function is_auto_empty_zone() into ipapython.dnsutil I'm going to extend this so it is better to have it in module. At the same time it is now using shared assert_absolute_dnsname() helper. https://fedorahosted.org/freeipa/ticket/5710 Reviewed-By: Martin Basti <mbasti@redhat.com> 2016-03-07 06:30:35 -06:00			`return zone in EMPTY_ZONES`