DNS record-add warns when a suspicious DNS name is detected

Relative name "record.zone" is being added into zone "zone.", which is probably a mistake. User probably wanted to either specify relative name "record" or use FQDN "record.zone.". Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-11-02 09:50:57 +01:00 · 2015-11-02 09:50:57 +01:00 · 50b0471f01
commit 50b0471f01
parent a8c3d6fbb7
2 changed files with 40 additions and 0 deletions
--- a/ipalib/messages.py
+++ b/ipalib/messages.py
@ -294,6 +294,23 @@ class DNSSECMasterNotInstalled(PublicMessage):
        "until the DNSSEC key master is installed."
    )

+
+class DNSSuspiciousRelativeName(PublicMessage):
+    """
+    **13014** Relative name "record.zone" is being added into zone "zone.",
+    which is probably a mistake. User probably wanted to either specify
+    relative name "record" or use FQDN "record.zone.".
+    """
+
+    errno = 13014
+    type = "warning"
+    format = _(
+        "Relative record name '%(record)s' contains the zone name '%(zone)s' "
+        "as a suffix, which results in FQDN '%(fqdn)s'. This is usually a "
+        "mistake caused by a missing dot at the end of the name specification."
+    )
+
+
 def iter_messages(variables, base):
    """Return a tuple with all subclasses
    """
--- a/ipalib/plugins/dns.py
+++ b/ipalib/plugins/dns.py
@ -3522,6 +3522,24 @@ class dnsrecord(LDAPObject):
            _add_warning_fw_zone_is_not_effective(result, fwzone,
                                                  options['version'])

+    def warning_suspicious_relative_name(self, result, *keys, **options):
+        """Detect if zone name is suffix of relative record name and warn.
+
+        Zone name: test.zone.
+        Relative name: record.test.zone
+        """
+        record_name = keys[-1]
+        zone = keys[-2]
+        if not record_name.is_absolute() and record_name.is_subdomain(
+            zone.relativize(DNSName.root)):
+            messages.add_message(
+                options['version'],
+                result,
+                messages.DNSSuspiciousRelativeName(record=record_name,
+                                                   zone=zone,
+                                                   fqdn=record_name + zone)
+            )
+

@register()
 class dnsrecord_add(LDAPCreate):
@ -3701,6 +3719,11 @@ class dnsrecord_add(LDAPCreate):

        return dn

+    def execute(self, *keys, **options):
+        result = super(dnsrecord_add, self).execute(*keys, **options)
+        self.obj.warning_suspicious_relative_name(result, *keys, **options)
+        return result
+
    def exc_callback(self, keys, options, exc, call_func, *call_args, **call_kwargs):
        if call_func.__name__ == 'add_entry':
            if isinstance(exc, errors.DuplicateEntry):