From 881df73568a9638bba6a6d0ae2e715cf249f6fa4 Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Mon, 11 Jul 2011 10:14:53 +0200 Subject: [PATCH] Fix creation of reverse DNS zones. Create reverse DNS zone for /24 IPv4 subnet and /64 IPv6 subnet by default instead of using the netmask from the --ip-address option. Custom reverse DNS zone can be specified using new --reverse-zone option, which replaces the old --ip-address netmask way of creating reverse zones. The reverse DNS zone name is printed to the user during the install. ticket 1398 --- install/tools/ipa-dns-install | 50 ++++++---- install/tools/ipa-replica-install | 38 ++++--- install/tools/ipa-replica-prepare | 51 +++++----- install/tools/ipa-server-install | 34 ++++--- install/tools/man/ipa-dns-install.1 | 3 + install/tools/man/ipa-replica-install.1 | 3 + install/tools/man/ipa-replica-prepare.1 | 6 ++ install/tools/man/ipa-server-install.1 | 3 + ipaserver/install/bindinstance.py | 126 +++++++++++++++--------- 9 files changed, 193 insertions(+), 121 deletions(-) diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index b5295b5c7..eb1336e51 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -38,14 +38,14 @@ def parse_options(): parser.add_option("-d", "--debug", dest="debug", action="store_true", default=False, help="print debugging information") parser.add_option("--ip-address", dest="ip_address", - type="ip", ip_netmask=True, ip_local=True, help="Master Server IP Address") + type="ip", ip_local=True, help="Master Server IP Address") parser.add_option("--forwarder", dest="forwarders", action="append", type="ip", help="Add a DNS forwarder") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") - parser.add_option("--no-reverse", dest="no_reverse", - action="store_true", default=False, - help="Do not create reverse DNS zone") + parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") + parser.add_option("--no-reverse", dest="no_reverse", action="store_true", + default=False, help="Do not create reverse DNS zone") parser.add_option("--zonemgr", dest="zonemgr", help="DNS zone manager e-mail address. Defaults to root") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", @@ -56,6 +56,8 @@ def parse_options(): if options.forwarders and options.no_forwarders: parser.error("You cannot specify a --forwarder option together with --no-forwarders") + elif options.reverse_zone and options.no_reverse: + parser.error("You cannot specify a --reverse-zone option together with --no-reverse") if options.unattended: if not options.forwarders and not options.no_forwarders: @@ -104,26 +106,28 @@ def main(): # Check we have a public IP that is associated with the hostname if options.ip_address: - ip_address = options.ip_address + ip = options.ip_address else: hostaddr = resolve_host(api.env.host) - ip_address = hostaddr and ipautil.CheckedIPAddress(hostaddr) + ip = hostaddr and ipautil.CheckedIPAddress(hostaddr) try: - verify_ip_address(ip_address) + verify_ip_address(ip) except Exception, e: - print "Error: Invalid IP Address %s: %s" % (ip_address, e) - ip_address = None + print "Error: Invalid IP Address %s: %s" % (ip, e) + ip = None - if not ip_address: + if not ip: if options.unattended: sys.exit("Unable to resolve IP address for host name") else: - ip_address = read_ip_address(api.env.host, fstore) - ip_prefixlen = ip_address.prefixlen - ip_address = str(ip_address) + ip = read_ip_address(api.env.host, fstore) + ip_address = str(ip) logging.debug("will use ip_address: %s\n", ip_address) + if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip): + sys.exit(1) + if options.no_forwarders: dns_forwarders = () elif options.forwarders: @@ -161,13 +165,6 @@ def main(): sys.exit("\nPassword is not valid!") bind.dm_password = read_password("Directory Manager", confirm=False, validate=False) - create_reverse = True - if options.unattended: - create_reverse = not options.no_reverse - elif not options.no_reverse: - create_reverse = bindinstance.create_reverse() - bind.setup(api.env.host, ip_address, ip_prefixlen, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, create_reverse, zonemgr=options.zonemgr) - if bind.dm_password: api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=bind.dm_password) else: @@ -175,6 +172,19 @@ def main(): ccache = krbV.default_context().default_ccache().name api.Backend.ldap2.connect(ccache) + if options.reverse_zone: + reverse_zone = bindinstance.normalize_zone(options.reverse_zone) + else: + reverse_zone = bindinstance.find_reverse_zone(ip) + if reverse_zone is None and not options.no_reverse: + reverse_zone = bindinstance.get_reverse_zone_default(ip) + if not options.unattended and bindinstance.create_reverse(): + reverse_zone = bindinstance.read_reverse_zone(reverse_zone, ip) + + if reverse_zone is not None: + print "Using reverse zone %s" % reverse_zone + + bind.setup(api.env.host, ip_address, api.env.realm, api.env.domain, dns_forwarders, conf_ntp, reverse_zone, zonemgr=options.zonemgr) bind.create_instance() diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index 7daa0e8e3..d499754a9 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -59,6 +59,7 @@ def parse_options(): type="ip", help="Add a DNS forwarder") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") + parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") parser.add_option("--no-reverse", dest="no_reverse", action="store_true", default=False, help="Do not create reverse DNS zone") parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true", @@ -84,12 +85,16 @@ def parse_options(): parser.error("You cannot specify a --forwarder option without the --setup-dns option") if options.no_forwarders: parser.error("You cannot specify a --no-forwarders option without the --setup-dns option") + if options.reverse_zone: + parser.error("You cannot specify a --reverse-zone option without the --setup-dns option") if options.no_reverse: parser.error("You cannot specify a --no-reverse option without the --setup-dns option") elif options.forwarders and options.no_forwarders: parser.error("You cannot specify a --forwarder option together with --no-forwarders") elif not options.forwarders and not options.no_forwarders: parser.error("You must specify at least one --forwarder option or --no-forwarders option") + elif options.reverse_zone and options.no_reverse: + parser.error("You cannot specify a --reverse-zone option together with --no-reverse") return safe_options, options, args[0] @@ -183,22 +188,23 @@ def install_bind(config, options): sys.exit("Unable to resolve IP address for host name") ip = installutils.parse_ip_address(ip_address) ip_address = str(ip) - ip_prefixlen = ip.prefixlen - create_reverse = True - if options.unattended: - # In unattended mode just use the cmdline flag - create_reverse = not options.no_reverse + if options.reverse_zone: + if not bindinstance.verify_reverse_zone(options.reverse_zone, ip): + sys.exit(1) + reverse_zone = bindinstance.normalize_zone(options.reverse_zone) else: - if options.no_reverse: - create_reverse = False - else: - # In interactive mode, if the flag was not explicitly - # specified, ask the user - create_reverse = bindinstance.create_reverse() + reverse_zone = bindinstance.find_reverse_zone(ip) + if reverse_zone is None and not options.no_reverse: + reverse_zone = bindinstance.get_reverse_zone_default(ip) + if not options.unattended and bindinstance.create_reverse(): + reverse_zone = bindinstance.read_reverse_zone(reverse_zone, ip) - bind.setup(config.host_name, ip_address, ip_prefixlen, config.realm_name, - config.domain_name, forwarders, options.conf_ntp, create_reverse) + if reverse_zone is not None: + print "Using reverse zone %s" % reverse_zone + + bind.setup(config.host_name, ip_address, config.realm_name, + config.domain_name, forwarders, options.conf_ntp, reverse_zone) bind.create_instance() def install_dns_records(config, options): @@ -221,11 +227,11 @@ def install_dns_records(config, options): sys.exit("Unable to resolve IP address for host name") ip = installutils.parse_ip_address(ip_address) ip_address = str(ip) - ip_prefixlen = ip.prefixlen + reverse_zone = bindinstance.find_reverse_zone(ip) - bind.add_master_dns_records(config.host_name, ip_address, ip_prefixlen, + bind.add_master_dns_records(config.host_name, ip_address, config.realm_name, config.domain_name, - options.conf_ntp) + reverse_zone, options.conf_ntp) #set it back to the default api.Backend.ldap2.disconnect() diff --git a/install/tools/ipa-replica-prepare b/install/tools/ipa-replica-prepare index 97dd96a19..cb279481d 100755 --- a/install/tools/ipa-replica-prepare +++ b/install/tools/ipa-replica-prepare @@ -27,7 +27,7 @@ import krbV from ipapython import ipautil from ipaserver.install import bindinstance, dsinstance, installutils, certs -from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr, dns_zone_exists +from ipaserver.install.bindinstance import add_zone, add_reverse_zone, add_fwd_rr, add_ptr_rr from ipaserver.install.replication import check_replication_plugin, enable_replication_version_checking from ipaserver.install.installutils import resolve_host from ipaserver.plugins.ldap2 import ldap2 @@ -54,8 +54,11 @@ def parse_options(): parser.add_option("-p", "--password", dest="password", help="Directory Manager (existing master) password") parser.add_option("--ip-address", dest="ip_address", - type="ip", ip_netmask=True, - help="Add A and PTR records of the future replica") + type="ip", help="Add A and PTR records of the future replica") + parser.add_option("--reverse-zone", dest="reverse_zone", + help="The reverse DNS zone to use") + parser.add_option("--no-reverse", dest="no_reverse", action="store_true", + default=False, help="Do not create reverse DNS zone") parser.add_option("--ca", dest="ca_file", default="/root/cacert.p12", help="Location of CA PKCS#12 file, default /root/cacert.p12") parser.add_option("--no-pkinit", dest="setup_pkinit", action="store_false", @@ -63,6 +66,14 @@ def parse_options(): options, args = parser.parse_args() + if not options.ip_address: + if options.reverse_zone: + parser.error("You cannot specify a --reverse-zone option without the --ip-address option") + if options.no_reverse: + parser.error("You cannot specify a --no-reverse option without the --ip-address option") + elif options.reverse_zone and options.no_reverse: + parser.error("You cannot specify a --reverse-zone option together with --no-reverse") + # If any of the PKCS#12 options are selected, all are required. Create a # list of the options and count it to enforce that all are required without # having a huge set of it blocks. @@ -255,6 +266,8 @@ def main(): if not bindinstance.dns_container_exists(api.env.host, api.env.basedn): print "You can't add a DNS record because DNS is not set up." sys.exit(1) + if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, options.ip_address): + sys.exit(1) if not certs.ipa_self_signed() and not ipautil.file_exists("/var/lib/pki-ca/conf/CS.cfg") and not options.dirsrv_pin: sys.exit("The replica must be created on the primary IPA server.\nIf you installed IPA with your own certificates using PKCS#12 files you must provide PKCS#12 files for any replicas you create as well.") @@ -424,31 +437,21 @@ def main(): ip = options.ip_address ip_address = str(ip) - ip_prefixlen = ip.prefixlen - if ip.defaultnet: - revzone = ip.reverse_dns - if ip.version == 4: - prefix = 32 - dec = 8 - elif ip.version == 6: - prefix = 128 - dec = 4 - - while prefix > 0: - dummy, dot, revzone = revzone.partition('.') - prefix = prefix - dec - if dns_zone_exists(revzone): - break - - if prefix > 0: - ip_prefixlen = prefix - else: - add_reverse_zone(ip_address, ip_prefixlen) + if options.reverse_zone: + reverse_zone = bindinstance.normalize_zone(options.reverse_zone) + else: + reverse_zone = bindinstance.find_reverse_zone(ip) + if reverse_zone is None and not options.no_reverse: + reverse_zone = bindinstance.get_reverse_zone_default(ip) add_zone(domain) add_fwd_rr(domain, name, ip_address) - add_ptr_rr(ip_address, ip_prefixlen, replica_fqdn) + + if reverse_zone is not None: + print "Using reverse zone %s" % reverse_zone + add_reverse_zone(reverse_zone) + add_ptr_rr(reverse_zone, ip_address, replica_fqdn) try: if not os.geteuid()==0: diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 504da2c61..35b16dae8 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -100,7 +100,7 @@ def parse_options(): help="File containing PKCS#10 of the external CA chain") parser.add_option("--hostname", dest="host_name", help="fully qualified name of server") parser.add_option("--ip-address", dest="ip_address", - type="ip", ip_netmask=True, ip_local=True, + type="ip", ip_local=True, help="Master Server IP Address") parser.add_option("--setup-dns", dest="setup_dns", action="store_true", default=False, help="configure bind with our zone") @@ -108,6 +108,7 @@ def parse_options(): type="ip", help="Add a DNS forwarder") parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true", default=False, help="Do not add any DNS forwarders, use root servers instead") + parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use") parser.add_option("--no-reverse", dest="no_reverse", action="store_true", default=False, help="Do not create reverse DNS zone") parser.add_option("--zonemgr", action="callback", callback=zonemgr_callback, @@ -154,10 +155,14 @@ def parse_options(): parser.error("You cannot specify a --forwarder option without the --setup-dns option") if options.no_forwarders: parser.error("You cannot specify a --no-forwarders option without the --setup-dns option") + if options.reverse_zone: + parser.error("You cannot specify a --reverse-zone option without the --setup-dns option") if options.no_reverse: parser.error("You cannot specify a --no-reverse option without the --setup-dns option") elif options.forwarders and options.no_forwarders: parser.error("You cannot specify a --forwarder option together with --no-forwarders") + elif options.reverse_zone and options.no_reverse: + parser.error("You cannot specify a --reverse-zone option together with --no-reverse") if options.uninstall: if (options.realm_name or @@ -552,7 +557,7 @@ def main(): master_password = "" dm_password = "" admin_password = "" - create_reverse = True + reverse_zone = None # check bind packages are installed if options.setup_dns: @@ -631,7 +636,9 @@ def main(): ip = read_ip_address(host_name, fstore) logging.debug("read ip_address: %s\n" % str(ip)) ip_address = str(ip) - ip_prefixlen = ip.prefixlen + + if options.reverse_zone and not bindinstance.verify_reverse_zone(options.reverse_zone, ip): + sys.exit(1) print "The IPA Master Server will be configured with" print "Hostname: " + host_name @@ -896,18 +903,17 @@ def main(): # Create a BIND instance bind = bindinstance.BindInstance(fstore, dm_password) if options.setup_dns: - if options.unattended: - # In unattended mode just use the cmdline flag - create_reverse = not options.no_reverse - else: - if options.no_reverse: - create_reverse = False - else: - # In interactive mode, if the flag was not explicitly - # specified, ask the user - create_reverse = bindinstance.create_reverse() + if options.reverse_zone: + reverse_zone = bindinstance.normalize_zone(options.reverse_zone) + elif not options.no_reverse: + reverse_zone = bindinstance.get_reverse_zone_default(ip) + if not options.unattended and bindinstance.create_reverse(): + reverse_zone = bindinstance.read_reverse_zone(reverse_zone, ip) - bind.setup(host_name, ip_address, ip_prefixlen, realm_name, domain_name, dns_forwarders, options.conf_ntp, create_reverse, zonemgr=options.zonemgr) + if reverse_zone is not None: + print "Using reverse zone %s" % reverse_zone + + bind.setup(host_name, ip_address, realm_name, domain_name, dns_forwarders, options.conf_ntp, reverse_zone, zonemgr=options.zonemgr) if options.setup_dns: api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dm_password) diff --git a/install/tools/man/ipa-dns-install.1 b/install/tools/man/ipa-dns-install.1 index f6f99c125..e8c53bf72 100644 --- a/install/tools/man/ipa-dns-install.1 +++ b/install/tools/man/ipa-dns-install.1 @@ -40,6 +40,9 @@ A forwarder is a DNS server where queries for a specific non\-resolvable address \fB\-\-no\-forwarders\fR Do not add any DNS forwarders, send non\-resolvable addresses to the DNS root servers. .TP +\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR +The reverse DNS zone to use +.TP \fB\-\-no\-reverse\fR Do not create reverse DNS zone .TP diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1 index 1dac5faa1..1426d61bb 100644 --- a/install/tools/man/ipa-replica-install.1 +++ b/install/tools/man/ipa-replica-install.1 @@ -56,6 +56,9 @@ the \fB\-\-no\-forwarders\fR option is specified. \fB\-\-no\-forwarders\fR Do not add any DNS forwarders. Root DNS servers will be used instead. .TP +\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR +The reverse DNS zone to use +.TP \fB\-\-no\-reverse\fR Do not create reverse DNS zone .TP diff --git a/install/tools/man/ipa-replica-prepare.1 b/install/tools/man/ipa-replica-prepare.1 index 88da6f4fe..a8ebcc9cf 100644 --- a/install/tools/man/ipa-replica-prepare.1 +++ b/install/tools/man/ipa-replica-prepare.1 @@ -54,6 +54,12 @@ Directory Manager (existing master) password \fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR IP address of the replica server. If you provide this option, the A and PTR records will be added to the DNS. .TP +\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR +The reverse DNS zone to use +.TP +\fB\-\-no\-reverse\fR +Do not create reverse DNS zone +.TP \fB\-\-ca\fR=\fICA_FILE\fR Location of CA PKCS#12 file, default /root/cacert.p12 .TP diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 40d86e70e..7450ab980 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -79,6 +79,9 @@ the \fB\-\-no\-forwarders\fR option is specified. \fB\-\-no\-forwarders\fR Do not add any DNS forwarders. Root DNS servers will be used instead. .TP +\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR +The reverse DNS zone to use +.TP \fB\-\-no\-reverse\fR Do not create reverse DNS zone .TP diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py index 8981c2fdb..7aa8a2664 100644 --- a/ipaserver/install/bindinstance.py +++ b/ipaserver/install/bindinstance.py @@ -60,6 +60,12 @@ def check_inst(unattended): return True +def normalize_zone(zone): + if zone[-1] != '.': + return zone + '.' + else: + return zone + def create_reverse(): return ipautil.user_input("Do you want to configure the reverse zone?", True) @@ -99,22 +105,6 @@ def dns_container_exists(fqdn, suffix): return ret -def get_reverse_zone(ip_address_str, ip_prefixlen): - ip = netaddr.IPAddress(ip_address_str) - items = ip.reverse_dns.split('.') - - if ip.version == 4: - pos = 4 - ip_prefixlen / 8 - elif ip.version == 6: - pos = 32 - ip_prefixlen / 4 - else: - raise ValueError('Bad address format?') - - name = '.'.join(items[:pos]) - zone = '.'.join(items[pos:]) - - return unicode(zone), unicode(name) - def dns_zone_exists(name): try: zone = api.Command.dnszone_show(unicode(name)) @@ -126,6 +116,60 @@ def dns_zone_exists(name): else: return True +def get_reverse_record_name(zone, ip_address): + ip = netaddr.IPAddress(ip_address) + rev = '.' + normalize_zone(zone) + fullrev = '.' + normalize_zone(ip.reverse_dns) + + if not fullrev.endswith(rev): + raise ValueError("IP address does not match reverse zone") + + return fullrev[1:-len(rev)] + +def verify_reverse_zone(zone, ip_address): + try: + get_reverse_record_name(zone, ip_address) + except ValueError: + print "Invalid reverse zone %s" % zone + return False + + return True + +def get_reverse_zone_default(ip_address): + ip = netaddr.IPAddress(ip_address) + items = ip.reverse_dns.split('.') + + if ip.version == 4: + items = items[1:] # /24 for IPv4 + elif ip.version == 6: + items = items[16:] # /64 for IPv6 + + return normalize_zone('.'.join(items)) + +def find_reverse_zone(ip_address): + ip = netaddr.IPAddress(ip_address) + zone = normalize_zone(ip.reverse_dns) + + while len(zone) > 0: + if dns_zone_exists(zone): + return zone + foo, bar, zone = zone.partition('.') + + return None + +def get_reverse_zone(ip_address): + return find_reverse_zone(ip_address) or get_reverse_zone_default(ip_address) + +def read_reverse_zone(default, ip_address): + while True: + zone = ipautil.user_input("Please specify the reverse zone name", default=default) + if not zone: + return None + if verify_reverse_zone(zone, ip_address): + break + + return normalize_zone(zone) + def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_address=None, update_policy=None): if update_policy is None: @@ -158,9 +202,8 @@ def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_addres add_ns_rr(name, hostname, dns_backup=None, force=True) -def add_reverse_zone(ip_address, ip_prefixlen, ns_hostname=None, ns_ip_address=None, +def add_reverse_zone(zone, ns_hostname=None, ns_ip_address=None, ns_replicas=[], update_policy=None, dns_backup=None): - zone, name = get_reverse_zone(ip_address, ip_prefixlen) if update_policy is None: update_policy = "grant %s krb5-subdomain %s. PTR;" % (api.env.realm, zone) @@ -207,8 +250,8 @@ def add_fwd_rr(zone, host, ip_address): elif addr.version == 6: add_rr(zone, host, "AAAA", ip_address) -def add_ptr_rr(ip_address, ip_prefixlen, fqdn, dns_backup=None): - zone, name = get_reverse_zone(ip_address, ip_prefixlen) +def add_ptr_rr(zone, ip_address, fqdn, dns_backup=None): + name = get_reverse_record_name(zone, ip_address) add_rr(zone, name, "PTR", fqdn+".", dns_backup) def add_ns_rr(zone, hostname, dns_backup=None, force=True): @@ -288,22 +331,20 @@ class BindInstance(service.Service): self.domain = None self.host = None self.ip_address = None - self.ip_prefixlen = None self.realm = None self.forwarders = None self.sub_dict = None - self.create_reverse = True + self.reverse_zone = None if fstore: self.fstore = fstore else: self.fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') - def setup(self, fqdn, ip_address, ip_prefixlen, realm_name, domain_name, forwarders, ntp, create_reverse, named_user="named", zonemgr=None): + def setup(self, fqdn, ip_address, realm_name, domain_name, forwarders, ntp, reverse_zone, named_user="named", zonemgr=None): self.named_user = named_user self.fqdn = fqdn self.ip_address = ip_address - self.ip_prefixlen = ip_prefixlen self.realm = realm_name self.domain = domain_name self.forwarders = forwarders @@ -311,7 +352,7 @@ class BindInstance(service.Service): self.host_domain = '.'.join(fqdn.split(".")[1:]) self.suffix = util.realm_to_suffix(self.realm) self.ntp = ntp - self.create_reverse = create_reverse + self.reverse_zone = reverse_zone if zonemgr: self.zonemgr = zonemgr.replace('@','.') @@ -346,7 +387,7 @@ class BindInstance(service.Service): self.step("adding NS record to the zone", self.__add_self_ns) else: self.step("setting up our zone", self.__setup_zone) - if self.create_reverse: + if self.reverse_zone is not None: self.step("setting up reverse zone", self.__setup_reverse_zone) self.step("setting up our own record", self.__add_self) @@ -440,11 +481,11 @@ class BindInstance(service.Service): # Add forward and reverse records to self add_fwd_rr(zone, self.host, self.ip_address) - if dns_zone_exists(get_reverse_zone(self.ip_address, self.ip_prefixlen)[0]): - add_ptr_rr(self.ip_address, self.ip_prefixlen, self.fqdn) + if self.reverse_zone is not None and dns_zone_exists(self.reverse_zone): + add_ptr_rr(self.reverse_zone, self.ip_address, self.fqdn) def __setup_reverse_zone(self): - add_reverse_zone(self.ip_address, self.ip_prefixlen, ns_hostname=api.env.host, + add_reverse_zone(self.reverse_zone, ns_hostname=api.env.host, ns_ip_address=self.ip_address, dns_backup=self.dns_backup) def __setup_principal(self): @@ -501,16 +542,16 @@ class BindInstance(service.Service): resolv_fd.write(resolv_txt) resolv_fd.close() - def add_master_dns_records(self, fqdn, ip_address, ip_prefixlen, - realm_name, domain_name, ntp=False): + def add_master_dns_records(self, fqdn, ip_address, realm_name, domain_name, + reverse_zone, ntp=False): self.fqdn = fqdn self.ip_address = ip_address - self.ip_prefixlen = ip_prefixlen self.realm = realm_name self.domain = domain_name self.host = fqdn.split(".")[0] self.suffix = util.realm_to_suffix(self.realm) self.ntp = ntp + self.reverse_zone = reverse_zone self.__add_self() @@ -538,21 +579,12 @@ class BindInstance(service.Service): for (type, rdata) in areclist: del_rr(zone, host, type, rdata) - ip = netaddr.IPAddress(rdata) - rzone = ip.reverse_dns - record = '' - - while True: - part, dot, rzone = rzone.partition('.') - if len(rzone) == 0: - break - record = (record + '.' + part).lstrip('.') - - if dns_zone_exists(rzone): - del_rr(rzone, record, "PTR", fqdn+".") - # remove also master NS record from the reverse zone - del_rr(rzone, "@", "NS", fqdn+".") - break + rzone = find_reverse_zone(rdata) + if rzone is not None: + record = get_reverse_record_name(rzone, rdata) + del_rr(rzone, record, "PTR", fqdn+".") + # remove also master NS record from the reverse zone + del_rr(rzone, "@", "NS", fqdn+".") def uninstall(self):