[Freeipa-devel] [PATCHES 0024, 0025] Classless support for reverse domains
Martin Basti
mbasti at redhat.com
Thu Feb 6 14:57:51 UTC 2014
On Thu, 2014-02-06 at 10:59 +0100, Jan Cholasta wrote:
> Hi,
>
> On 31.1.2014 16:06, Martin Basti wrote:
> > Reverse domain names in form "0/28.0.10.10.in-addr.arpa." are now
> > allowed.
> >
> > Ticket: https://fedorahosted.org/freeipa/ticket/4143
> > Patches attached.
>
I add Petr2 to CC, to inspect RFC issues, with allowing '/' in IPv6
> I think the validation should be more strict. IPv4 reverse zones should
> allow slash only in the label for the last octet (i.e. 0/25.1.168.192 is
> valid, 0.1/25.168.192 is not). IPv6 reverse zones should not allow slash
> at all.
>
I havent found anything about IPv6, RFCs don't forbids it.
1.0/25.1.168.192.in-addr.arpa. is also valid, it could be used to CNAME
records
The slashes in domain names are referenced as the best practise in RFC,
there are not strict rules.
>
> +def _cname_hostname_validator(ugettext, value):
>
> Can you name this _bind_cname_hostname_validator, so that it is clear it
> is related to _bind_hostname_validator?
>
I will rename it
>
> + #classless reverse zones can contain slash '/'
> + if not zone_is_reverse(normalized_zone) and
> (normalized_zone.count('/') > 0):
> + raise errors.ValidationError(name='name',
> + error=_("Only reverse zones can contain '/' in
> labels"))
>
> This should be handled in _domain_name_validator. Validation in
> pre_callback should be done only when the validation depends on values
> of multiple parameters, which is not this case.
>
I will move it
>
> + def _reverse_zone_pre_callback(self, ldap, dn, entry_attrs, *keys,
> **options):
>
> Rename this to _idnsname_pre_callback and you won't have to call it
> explicitly in run_precallback_validators.
>
I will rename it
>
> + if addr.count('/') > 0:
>
> I think "if '/' in addr:" would be better.
>
I will change it
>
> -def validate_dns_label(dns_label, allow_underscore=False):
> +def validate_dns_label(dns_label, allow_underscore=False,
> allow_slash=False):
>
> IMO instead of adding a new boolean argument, it would be nicer to
> replace allow_underscore with an argument (e.g. allowed_chars) which
> takes a string of extra allowed characters.
>
But I have to handle not only allowed chars, but position of the chars
in the label string too.
>
> Honza
>
--
Martin^2 Basti
More information about the Freeipa-devel
mailing list