[Freeipa-devel] [PATCH] ipv6 compatible way to check the hostname

Rob Crittenden rcritten at redhat.com
Mon Mar 31 13:29:49 UTC 2008 

Simo Sorce wrote:
> On Fri, 2008-03-28 at 17:34 -0400, Rob Crittenden wrote:
>> Simo Sorce wrote:
>>> Rob Crittenden wrote:
>>>> Simo Sorce wrote:
>>>>> This change checks the machine can resolve address using nsswitch 
>>>>> host name resolution, this means we are also checking that /etc/hosts 
>>>>> is not broken.
>>>>>
>>>>> It uses IPv6 aware system functions, so this should make it also IPv6 
>>>>> compatible.
>>>>>
>>>>> It does not force to have a DNS set up correctly, but that's 
>>>>> intentional as we might want to install DNS as part of the 
>>>>> installation (--setup-bind) and checking DNS before installing it 
>>>>> wouldn't really work :-)
>>>>>
>>>>> It still do try to check the DNS but currently it just exists 
>>>>> silently if DNS is not configured. I am not sure how to raise a 
>>>>> warning without throwing an exception that would make the install 
>>>>> script abort in this case.
>>>>>
>>>>> It does error out if DNS is setup incorrectly.
>>>>>
>>>> +
>>>> +    rev = None
>>>> +    for rsn in rs:
>>>> +        if rsn.dns_type == dnsclient.DNS_T_A:
>>>> +            rev = rsn
>>>> +            break
>>>> +
>>>> +    if rev == None:
>>>> +        raise RuntimeError("Cannot find PTR record for %s" % addr)
>>>> +
>>>> +    reverse = rev.rdata.ptrdname
>>>>
>>>> Should you be looking for DNS_T_PTR here instead? If you have an A 
>>>> record you won't have a ptrdname.
>>>>
>>>> You need to add a try/except around socket.getaddrinfo() to catch 
>>>> errors if the hostname isn't found so a more useful error message can 
>>>> be returned than 'Name or service not known'
>>>>
>>>> gethostbyaddr may need a try/except around it too.
>>>>
>>>> rob
>>>>
>>>
>>>
>>> Good points, new patch attached.
>> I have just a couple more comments (sorry, should have included these in 
>> the first patch):
>>
>> - We should say why 127.0.0.1/::1 is an Invalid IP address. Or rather, 
>> just say that the hostname needs to resolve to a real address or something.
>> - When are you planning on filling in the #TODO raise a warning? What 
>> happens if the hostname is a CNAME, will it work? It kinda looks like it 
>> will still be accepted.
> 
> Good points again, newer patch attached.
>  
> 

Looks great, ack.

rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080331/4a995d57/attachment.bin>

More information about the Freeipa-devel mailing list