[Freeipa-devel] [PATCH] 302 Stricter IP network validator in dnszone-add command
Jan Cholasta
jcholast at redhat.com
Wed Sep 5 10:36:12 UTC 2012
Dne 5.9.2012 12:22, Petr Spacek napsal(a):
> On 09/05/2012 11:30 AM, Jan Cholasta wrote:
>> Dne 5.9.2012 10:04, Martin Kosek napsal(a):
>>> We allowed IP addresses without network specification which lead
>>> to unexpected results when the zone was being created. We should rather
>>> strictly require the prefix/netmask specifying the IP network that
>>> the reverse zone should be created for. This is already done in
>>> Web UI.
>>>
>>> A unit test exercising this new validation was added.
>>>
>>> https://fedorahosted.org/freeipa/ticket/2461
>>>
>>
>> I don't like this much. I would suggest using CheckedIPAddress and not
>> forcing
>> the user to enter the prefix length instead.
>>
>> CheckedIPAddress uses a sensible default prefix length if one is not
>> specified
>> (class-based for IPv4, /64 for IPv6) as opposed to IPNetwork (/32 for
>> IPv4,
>> /128 for IPv6 - this causes the erroneous reverse zones to be created as
>> described in the ticket).
>>
> Hello,
>
> I don't like automatic netmask guessing. I have met class-based guessing
> in Windows (XP?) and I was forced to overwrite default mask all the time
> ...
If there was no guessing, you would have to write the netmask anyway, so
I don't see any harm in guessing here.
>
> IMHO there is no "sensible default prefix" in real world. I sitting on
> network with /23 prefix right now. Also, I have never seen 10.x network
> with /8 prefix.
>
While this might be true for IPv4 in some cases, /64 is perfectly
sensible for IPv6. Also, I have never seen 192.168.x.x network with
non-/24 prefix.
Honza
--
Jan Cholasta
More information about the Freeipa-devel
mailing list