Fine tuning DNS options

Add pointer to self to /etc/hosts to avoid chicken/egg problems when restarting DNS. On servers set both dns_lookup_realm and dns_lookup_kdc to false so we don't attempt to do any resolving. Leave it to true on clients. Set rdns to false on both server and client. https://fedorahosted.org/freeipa/ticket/931
2025-02-25 18:55:28 -06:00 · 2011-02-10 21:47:45 +01:00 · 2011-02-10 21:47:45 +01:00 · 22c3a681da
commit 22c3a681da
parent c9431749a0
4 changed files with 27 additions and 6 deletions
--- a/install/share/krb5.conf.template
+++ b/install/share/krb5.conf.template
@ -5,8 +5,9 @@

 [libdefaults]
 default_realm = $REALM
- dns_lookup_realm = true
- dns_lookup_kdc = true
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ rdns = false
 ticket_lifetime = 24h
 forwardable = yes

--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@ -408,6 +408,7 @@ def configure_krb5_conf(fstore, cli_basedn, cli_realm, cli_domain, cli_server, d
    else:
        libopts.append({'name':'dns_lookup_realm', 'type':'option', 'value':'true'})
        libopts.append({'name':'dns_lookup_kdc', 'type':'option', 'value':'true'})
+    libopts.append({'name':'rdns', 'type':'option', 'value':'false'})
    libopts.append({'name':'ticket_lifetime', 'type':'option', 'value':'24h'})
    libopts.append({'name':'forwardable', 'type':'option', 'value':'yes'})

--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@ -297,6 +297,9 @@ class BindInstance(service.Service):
        # get a connection to the DS
        self.ldap_connect()

+        if not installutils.record_in_hosts(self.ip_address, self.fqdn):
+            installutils.add_record_to_hosts(self.ip_address, self.fqdn)
+
        if not dns_container_exists(self.fqdn, self.suffix):
            self.step("adding DNS container", self.__setup_dns_container)
        if not dns_zone_exists(self.domain):
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@ -156,6 +156,25 @@ def verify_ip_address(ip):
            is_ok = False
    return is_ok

+def record_in_hosts(ip, host_name, file="/etc/hosts"):
+    hosts = open(file, 'r').readlines()
+    for line in hosts:
+        hosts_ip = line.split()[0]
+        if hosts_ip != ip:
+            continue
+
+        names = line.split()[1:]
+        if host_name in names:
+            return True
+
+    return False
+
+def add_record_to_hosts(ip, host_name, file="/etc/hosts"):
+    hosts_fd = open(file, 'r+')
+    hosts_fd.seek(0, 2)
+    hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n')
+    hosts_fd.close()
+
 def read_ip_address(host_name, fstore):
    while True:
        ip = ipautil.user_input("Please provide the IP address to be used for this host name", allow_empty = False)
@ -169,10 +188,7 @@ def read_ip_address(host_name, fstore):

    print "Adding ["+ip+" "+host_name+"] to your /etc/hosts file"
    fstore.backup_file("/etc/hosts")
-    hosts_fd = open('/etc/hosts', 'r+')
-    hosts_fd.seek(0, 2)
-    hosts_fd.write(ip+'\t'+host_name+' '+host_name.split('.')[0]+'\n')
-    hosts_fd.close()
+    add_record_to_hosts(ip, host_name)

    return ip