[Freeipa-devel] [PATCH] 202 Add reverse DNS record when forward is created
Martin Kosek
mkosek at redhat.com
Tue Feb 14 17:54:10 UTC 2012
On Tue, 2012-02-14 at 16:52 +0100, Jan Cholasta wrote:
> On 10.2.2012 16:42, Martin Kosek wrote:
> > On Tue, 2012-02-07 at 16:26 +0100, Martin Kosek wrote:
> >> On Mon, 2012-02-06 at 15:56 -0500, Rob Crittenden wrote:
> >>> Martin Kosek wrote:
> >>>> On Mon, 2012-01-30 at 11:52 -0500, Rob Crittenden wrote:
> >>>>> Martin Kosek wrote:
> >>>>>> Adding reverse DNS record may be a time consuming task, especially
> >>>>>> for IPv6 addresses. Having a way to automatically create a reverse
> >>>>>> record when a forward record is created could speed up the process.
> >>>>>> host-add command already has this possibility.
> >>>>>>
> >>>>>> This patch takes advantage of the new per-type API and adds new
> >>>>>> options for A/AAAA record types: --a-create-reverse and
> >>>>>> --aaaa-create-reverse. These commands can be used to automatically
> >>>>>> create reverse records for new A/AAAA addresses (both forward
> >>>>>> and reverse zones need to be managed by FreeIPA server):
> >>>>>>
> >>>>>> ipa dnsrecord-add example.com foo --a-rec=10.0.0.1 --a-create-reverse
> >>>>>>
> >>>>>> This command would add a new A record to record foo in zone
> >>>>>> example.com and a PTR record to appropriate reverse zone for
> >>>>>> IP address 10.0.0.1 (for example PTR record 1 in zone
> >>>>>> 0.0.10.in-addr.arpa. pointing to foo.example.com.).
> >>>>>>
> >>>>>> Few modification were done to new DNS API to support this feature:
> >>>>>> - Refactor --ip-address option handling from host-add and place it
> >>>>>> to dns.py to be used by both modules
> >>>>>> - Add support for "extra" per-type options
> >>>>>> - Hide DNS record part options in dnsrecord_find command as they
> >>>>>> have no effect for this command
> >>>>>>
> >>>>>> https://fedorahosted.org/freeipa/ticket/2009
> >>>>>
> >>>>> Can the options -a-create-reverse and -aaaa-create-reverse be combined?
> >>>>> I was able to create an IPv4 addr using -aaaa-create-reverse:
> >>>>>
> >>>>> # ipa dnsrecord-add example.com baz --a-rec=192.168.166.115
> >>>>> --aaaa-create-reverse
> >>>>> Record name: baz
> >>>>> A record: 192.168.166.115
> >>>>>
> >>>>> Otherwise the patch seems fine.
> >>>>
> >>>> These 2 options can be combined, you can add both A and AAAA forward
> >>>> records and create records in their reverse records at the same time:
> >>>>
> >>>> ipa dnsrecord-add example.com bar --a-rec=10.0.0.1 --a-create-reverse
> >>>> --aaaa-rec=2001::beef:1 --aaaa-create-reverse
> >>>>
> >>>> In your case the option --aaaa-create-reverse is ignored as there is no
> >>>> AAAA rec added. Thus no AAAA record callback which would create this
> >>>> reverse record is called.
> >>>>
> >>>> We may implement some checks which would throw a validation error when
> >>>> --a-create-reverse/--aaaa-create-reverse is called without a respective
> >>>> A/AAAA record.
> >>>>
> >>>> Martin
> >>>>
> >>>
> >>> Yes, I think that is the way to go, otherwise this is confusing.
> >>>
> >>> rob
> >>
> >> Now, an exception is thrown if you try to pass --<rrtype>-create-reverse
> >> without an appropriate --<rrtype>-rec option filled:
> >>
> >> # ipa dnsrecord-add example.com baz --a-rec=192.168.166.115 --aaaa-create-reverse
> >> ipa: ERROR: 'aaaarecord' is required
> >>
> >> I also refactored pre_callback of dnsrecord-add command a little, I
> >> didn't like parsing<rrtype> from parameter name using regexes. Now,
> >> every DNS part option has a link to "parent" DNS record stored in hint
> >> attribute.
> >>
> >> Martin
> >
> > Petr Vobornik noticed that reserved IP address passed to --a-rec
> > (--aaaa-rec) causes an Internal Error when --a-create-reverse is set at
> > the same time:
> >
> > # ipa dnsrecord-add example.com foo --aaaa-ip-address=F:F:F:A::12 --aaaa-create-reverse
> > ipa: ERROR: an internal error has occurred
> >
> > Attached patch fixes it:
> >
> > # ipa dnsrecord-add example.com foo --aaaa-ip-address=F:F:F:A::12 --aaaa-create-reverse
> > ipa: ERROR: invalid 'aaaarecord': cannot use IANA reserved IP address
> >
> > Martin
> >
>
> I would prefer if there was a single --create-reverse option for both A
> and AAAA records, as it IMO makes more sense from user's point of view.
> What do you think?
>
> Honza
>
I am not sure this would be a good idea for several reasons:
1) It would be inconsistent with the rest of new per-type API, i.e.
--<rr>-<option> options like --mx-preference or --mx-exchanger generated
by the new framework. These new options just follow this pattern:
--a-create-reverse and --aaaa-create-reverse
With these per-type options it is then also easy to run special RR
callbacks, like this one without any other special code handling this
case (--create-reverse is passed, call A and AAAA callbacks).
It may also make WebUI DNS processing more difficult.
2) With current options you can run commands like this one:
ipa dnsrecord-add example.com foo --a-rec=10.0.0.1 --a-create-reverse
--aaaa-rec=2001:beef::2
and create reverse records just for the A record. (Although it may have
a limited use of course).
3) It would create an inconsistency in command help. Now, you have
sections for every record and see all relevant options:
A Record:
--a-rec=ARECORD Comma-separated list of raw A records
--a-ip-address=STR IP Address
--a-create-reverse Create reverse record for this IP Address
AAAA Record:
--aaaa-rec=AAAARECORD
Comma-separated list of raw AAAA records
--aaaa-ip-address=STR
IP Address
--aaaa-create-reverse
Create reverse record for this IP Address
Since OptionParser does not allow duplicate options we would not be able
(without same OptionParser hacking) to list the common option in both
sections where its applicable.
I hope that makes sense.
Martin
More information about the Freeipa-devel
mailing list