IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

DNS: Warn if forwarding policy conflicts with automatic empty zones

Browse Source 
Forwarding policy "first" or "none" may conflicts with some automatic empty
zones. Queries for zones specified by RFC 6303 will ignore
forwarding and recursion and always result in NXDOMAIN answers.

This is not detected and warned about. Global forwarding is equivalent
to forward zone ".".

Example:
Forward zone 1.10.in-addr.arpa with policy "first"
will not forward anything because BIND will automatically prefer
automatic empty zone "10.in-addr.arpa." which is authoritative.

https://fedorahosted.org/freeipa/ticket/5710

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Petr Spacek
2016-05-04 10:30:18 +02:00
committed by Martin Basti
parent 037eae26d0
commit da71e7e9de
3 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
ipatests/test_xmlrpc/test_dns_plugin.py
View File

@@ -1762,6 +1762,13 @@ class test_dns(Declarative):
'value': None,
'summary': None,
u'messages': (
{u'message': lambda x: x.startswith(
u"Forwarding policy conflicts with some "
"automatic empty zones."),
u'code': 13021,
u'type': u'warning',
u'name': u'DNSForwardPolicyConflictWithEmptyZone',
u'data': {}},
{u'message': lambda x: x.startswith(
u"DNS server %s: query '. SOA':" % fwd_ip),
u'code': 13006,
@@ -3437,6 +3444,13 @@ class test_forward_zones(Declarative):
'value': fwzone2_dnsname,
'summary': None,
u'messages': (
{u'message': lambda x: x.startswith(
u"Forwarding policy conflicts with some "
"automatic empty zones."),
u'code': 13021,
u'type': u'warning',
u'name': u'DNSForwardPolicyConflictWithEmptyZone',
u'data': {}},
{u'message': lambda x: x.startswith(
u"DNS server %s: query '%s SOA':" %
(forwarder1, fwzone2)),