[Freeipa-devel] [PATCH] 302 Stricter IP network validator in dnszone-add command
Simo Sorce
simo at redhat.com
Wed Sep 5 12:26:19 UTC 2012
On Wed, 2012-09-05 at 11:30 +0200, Jan Cholasta wrote:
> Dne 5.9.2012 10:04, Martin Kosek napsal(a):
> > We allowed IP addresses without network specification which lead
> > to unexpected results when the zone was being created. We should rather
> > strictly require the prefix/netmask specifying the IP network that
> > the reverse zone should be created for. This is already done in
> > Web UI.
> >
> > A unit test exercising this new validation was added.
> >
> > https://fedorahosted.org/freeipa/ticket/2461
> >
>
> I don't like this much. I would suggest using CheckedIPAddress and not
> forcing the user to enter the prefix length instead.
>
> CheckedIPAddress uses a sensible default prefix length if one is not
> specified (class-based for IPv4, /64 for IPv6)
IPv4 classes were already dead and not relevant last century Jan, so
class-based netmask is really useless, if we want to use a default for
ipv4 I would use /24 for any address, that's the simplest guess you can
make ,a nd will still be often wrongt, but certainly less wrong than
using the outdated 'class' concept.
Simo.
> as opposed to IPNetwork
> (/32 for IPv4, /128 for IPv6 - this causes the erroneous reverse zones
> to be created as described in the ticket).
>
> Honza
>
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list