mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Add DNS conditional forwarding
Add ability configure per-zone forwarder for DNS zones. Any data in such zone will then be considered as non-authoritative and all queries will be sent to specified forwarder. https://fedorahosted.org/freeipa/ticket/2108
This commit is contained in:
parent
8605790225
commit
210d913eb1
12
API.txt
12
API.txt
@ -1067,7 +1067,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
||||
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
|
||||
output: Output('value', <type 'unicode'>, None)
|
||||
command: dnszone_add
|
||||
args: 1,21,3
|
||||
args: 1,23,3
|
||||
arg: Str('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True)
|
||||
option: Str('name_from_ip', attribute=False, cli_name='name_from_ip', multivalue=False, required=False)
|
||||
option: Str('idnssoamname', attribute=True, cli_name='name_server', multivalue=False, required=True)
|
||||
@ -1083,6 +1083,8 @@ option: Str('idnsupdatepolicy', attribute=True, cli_name='update_policy', multiv
|
||||
option: Bool('idnsallowdynupdate', attribute=True, autofill=True, cli_name='dynamic_update', default=False, multivalue=False, required=False)
|
||||
option: Str('idnsallowquery', attribute=True, autofill=True, cli_name='allow_query', default=u'any;', multivalue=False, required=False)
|
||||
option: Str('idnsallowtransfer', attribute=True, autofill=True, cli_name='allow_transfer', default=u'none;', multivalue=False, required=False)
|
||||
option: Str('idnsforwarders', attribute=True, cli_name='forwarder', csv=True, multivalue=True, required=False)
|
||||
option: StrEnum('idnsforwardpolicy', attribute=True, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first'))
|
||||
option: Str('setattr*', cli_name='setattr', exclude='webui')
|
||||
option: Str('addattr*', cli_name='addattr', exclude='webui')
|
||||
option: Flag('force', autofill=True, default=False)
|
||||
@ -1113,7 +1115,7 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None)
|
||||
output: Output('result', <type 'bool'>, None)
|
||||
output: Output('value', <type 'unicode'>, None)
|
||||
command: dnszone_find
|
||||
args: 1,23,4
|
||||
args: 1,25,4
|
||||
arg: Str('criteria?', noextrawhitespace=False)
|
||||
option: Str('idnsname', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False)
|
||||
option: Str('name_from_ip', attribute=False, autofill=False, cli_name='name_from_ip', multivalue=False, query=True, required=False)
|
||||
@ -1131,6 +1133,8 @@ option: Bool('idnszoneactive', attribute=True, autofill=False, cli_name='zone_ac
|
||||
option: Bool('idnsallowdynupdate', attribute=True, autofill=False, cli_name='dynamic_update', default=False, multivalue=False, query=True, required=False)
|
||||
option: Str('idnsallowquery', attribute=True, autofill=False, cli_name='allow_query', default=u'any;', multivalue=False, query=True, required=False)
|
||||
option: Str('idnsallowtransfer', attribute=True, autofill=False, cli_name='allow_transfer', default=u'none;', multivalue=False, query=True, required=False)
|
||||
option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, query=True, required=False)
|
||||
option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, query=True, required=False, values=(u'only', u'first'))
|
||||
option: Int('timelimit?', autofill=False, minvalue=0)
|
||||
option: Int('sizelimit?', autofill=False, minvalue=0)
|
||||
option: Flag('forward_only', autofill=True, cli_name='forward_only', default=False)
|
||||
@ -1143,7 +1147,7 @@ output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list
|
||||
output: Output('count', <type 'int'>, None)
|
||||
output: Output('truncated', <type 'bool'>, None)
|
||||
command: dnszone_mod
|
||||
args: 1,21,3
|
||||
args: 1,23,3
|
||||
arg: Str('idnsname', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True)
|
||||
option: Str('name_from_ip', attribute=False, autofill=False, cli_name='name_from_ip', multivalue=False, required=False)
|
||||
option: Str('idnssoamname', attribute=True, autofill=False, cli_name='name_server', multivalue=False, required=False)
|
||||
@ -1159,6 +1163,8 @@ option: Str('idnsupdatepolicy', attribute=True, autofill=False, cli_name='update
|
||||
option: Bool('idnsallowdynupdate', attribute=True, autofill=False, cli_name='dynamic_update', default=False, multivalue=False, required=False)
|
||||
option: Str('idnsallowquery', attribute=True, autofill=False, cli_name='allow_query', default=u'any;', multivalue=False, required=False)
|
||||
option: Str('idnsallowtransfer', attribute=True, autofill=False, cli_name='allow_transfer', default=u'none;', multivalue=False, required=False)
|
||||
option: Str('idnsforwarders', attribute=True, autofill=False, cli_name='forwarder', csv=True, multivalue=True, required=False)
|
||||
option: StrEnum('idnsforwardpolicy', attribute=True, autofill=False, cli_name='forward_policy', multivalue=False, required=False, values=(u'only', u'first'))
|
||||
option: Str('setattr*', cli_name='setattr', exclude='webui')
|
||||
option: Str('addattr*', cli_name='addattr', exclude='webui')
|
||||
option: Str('delattr*', cli_name='delattr', exclude='webui')
|
||||
|
@ -144,6 +144,13 @@ EXAMPLES:
|
||||
Show records for resource www in zone example.com
|
||||
ipa dnsrecord-show example.com www
|
||||
|
||||
Forward all request for a zone external.com to another nameserver using
|
||||
a "first" policy (it will send the queries to the selected forwarder and if
|
||||
not answered it will use global resolvers):
|
||||
ipa dnszone-add external.com
|
||||
ipa dnszone-mod external.com --forwarder=10.20.0.1 \\
|
||||
--forward-policy=first
|
||||
|
||||
Delete zone example.com with all resource records:
|
||||
ipa dnszone-del example.com
|
||||
|
||||
@ -1215,7 +1222,8 @@ class dnszone(LDAPObject):
|
||||
default_attributes = [
|
||||
'idnsname', 'idnszoneactive', 'idnssoamname', 'idnssoarname',
|
||||
'idnssoaserial', 'idnssoarefresh', 'idnssoaretry', 'idnssoaexpire',
|
||||
'idnssoaminimum', 'idnsallowquery', 'idnsallowtransfer'
|
||||
'idnssoaminimum', 'idnsallowquery', 'idnsallowtransfer',
|
||||
'idnsforwarders', 'idnsforwardpolicy'
|
||||
] + _record_attributes
|
||||
label = _('DNS Zones')
|
||||
label_singular = _('DNS Zone')
|
||||
@ -1337,6 +1345,18 @@ class dnszone(LDAPObject):
|
||||
default=u'none;', # no one can issue queries by default
|
||||
autofill=True,
|
||||
),
|
||||
Str('idnsforwarders*',
|
||||
_validate_ipaddr,
|
||||
cli_name='forwarder',
|
||||
label=_('Zone forwarders'),
|
||||
doc=_('A list of zone forwarders'),
|
||||
csv=True,
|
||||
),
|
||||
StrEnum('idnsforwardpolicy?',
|
||||
cli_name='forward_policy',
|
||||
label=_('Forward policy'),
|
||||
values=(u'only', u'first',),
|
||||
),
|
||||
)
|
||||
|
||||
api.register(dnszone)
|
||||
|
Loading…
Reference in New Issue
Block a user