[Freeipa-devel] Structured DNS record API proposal - summary
Adam Young
ayoung at redhat.com
Fri Sep 23 14:46:32 UTC 2011
On 09/23/2011 02:02 AM, Martin Kosek wrote:
> On Thu, 2011-09-22 at 22:05 -0400, Adam Young wrote:
>> On 09/22/2011 08:31 PM, Endi Sukma Dewata wrote:
>>>> OPEN QUESTION: should we implement these new commands also for discrete
>>>> DNS records types to be consistent? I mean for example A, AAAA, CNAME,
>>>> PTR, ... They would look like
>>>>
>>>>> ipa dnsrecord-aaaa-add --ip-address=IPAddress
>>>> BENEFITS of this approach (command per RR type):
>>>> - use can get all help for RR type by simply typing "ipa help
>>>> dnsrecord-mx-add"
>>>> - we would be able to implement helper methods consistently on one
>>>> place, for example:
>>>> dnsrecord-aaaa-add --from-mac=00:1D:BA:06:37:64
>>> If we have this for all record types the UI can use a generic code to
>>> figure out which command to use. Everything will be in this pattern:
>>> dnsrecord-<rrtype>-add/mod/del<primary keys> [parameters*]
>> We won't have it for all types, so we will need a map. Most will use
>> the old API, and a few will use the pattern above
> I think to make this all as consistent as possible, new API shall be
> implemented for all types (except unsupported and DNSSEC ones). Rob did
> agree with this approach too.
>
> Martin
>
Lets proceed with caution here. I think we can really complicate things
with this approach.
From a UI perspective, we will have to tailor the control to be used
for any DNS record type that gets more than a single field.
From what I've seen, and the types we have to deal with thus far, only
the SRV and MX records are really used that much. Lets implement for
them first and test it out.
For certificate based records, DNS and otherwise, we want to get file
upload working, as cut and paste etc is a PITA. I'm not sure if we
really need the Cert based records, but I suspect that, from a Dogtag
perspective, there is a lot of things we could do with a tight
integration of the two. I can even see an API where we generate a Cert
based record from a Certificate Signing Request.
For A and AAAA records, we don't need a new API, we need a pattern.
For A record that pattern is:
\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b
For AAAA records that is:
/^\s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))(%.+)?\s*$/
Yep, they are nasty. But that is going to be the case regardless of
whether we use the new API or not.
Lets deal with these issues, and hold the API explosion until later.
More information about the Freeipa-devel
mailing list