#5710 Fix forward zone conficts with automatic empty zones from BIND
Closed: Fixed None Opened 2 years ago by pspacek.

Side-effect of fixing #5087 is that we now trigger deficiency in the way how FreeIPA handles automatic empty zones. As a result, zones like 10.in-addr.arpa and other reverse zones are not forwarded to the global forwarder as expected (sometimes :-).

Fix is described in
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/AutomaticEmptyZones

Proposing for 4.3.x because #5087 was done for 4.3.0 so this 4.3+ are affected.


master:

  • 9ee6d37 Remove function ipapython.ipautil.host_exists()
  • 8997454 Extend installers with --forward-policy option
  • bd32b48 Move automatic empty zone list into ipapython.dnsutil and make it reusable
  • 41464b7 Add assert_absolute_dnsname() helper to ipapython.dnsutil
  • 6752d64 Move function is_auto_empty_zone() into ipapython.dnsutil
  • 1df30b4 Use shared sanity check and tests ipapython.dnsutil.is_auto_empty_zone()
  • c7ee765 Add function ipapython.dnsutil.inside_auto_empty_zone()
  • 51907d5 Auto-detect default value for --forward-policy option in installers

ipa-4-3:

  • 6dbc4cc Remove function ipapython.ipautil.host_exists()
  • 54e2679 Extend installers with --forward-policy option
  • 5c53cf2 Move automatic empty zone list into ipapython.dnsutil and make it reusable
  • 4a8dcc1 Add assert_absolute_dnsname() helper to ipapython.dnsutil
  • ea1bf61 Move function is_auto_empty_zone() into ipapython.dnsutil
  • f2cf30d Use shared sanity check and tests ipapython.dnsutil.is_auto_empty_zone()
  • fbc8a23 Add function ipapython.dnsutil.inside_auto_empty_zone()
  • d145f8c Auto-detect default value for --forward-policy option in installers

other patches will follow

master:

  • da71e7e DNS: Warn if forwarding policy conflicts with automatic empty zones
  • 0c75df4 Move check_zone_overlap() from ipapython.ipautil to ipapython.dnsutil
  • ec49130 Use root_logger for verify_host_resolvable()
  • dc40500 Move IP address resolution from ipaserver.install.installutils to ipapython.dnsutil
  • 70794c7 Turn verify_host_resolvable() into a wrapper around ipapython.dnsutil
  • 321a2ba Add ipaDNSVersion option to dnsconfig* commands and use new attribute
  • a4da9a2 DNS upgrade: separate backup logic to make it reusable
  • c978ad5 Add function ipapython.dnsutil.related_to_auto_empty_zone()
  • f750d42 DNS upgrade: change forwarding policy to = only for conflicting forward zones
  • e45a803 DNS upgrade: change global forwarding policy in LDAP to "only" if private IPs are used
  • 6eb0056 DNS upgrade: change global forwarding policy in named.conf to "only" if private IPs are used

ipa-4-3:

  • b18f848 Move check_zone_overlap() from ipapython.ipautil to ipapython.dnsutil
  • a54b822 Use root_logger for verify_host_resolvable()
  • f170f15 Move IP address resolution from ipaserver.install.installutils to ipapython.dnsutil
  • da119a6 Turn verify_host_resolvable() into a wrapper around ipapython.dnsutil
  • d75998c Add ipaDNSVersion option to dnsconfig* commands and use new attribute
  • 1259059 DNS upgrade: separate backup logic to make it reusable
  • e69254b Add function ipapython.dnsutil.related_to_auto_empty_zone()
  • f8a3989 DNS upgrade: change forwarding policy to = only for conflicting forward zones
  • 7002461 DNS upgrade: change global forwarding policy in LDAP to "only" if private IPs are used
  • 233550a DNS upgrade: change global forwarding policy in named.conf to "only" if private IPs are used
  • 8cbecdb DNS: Warn if forwarding policy conflicts with automatic empty zones

master:

  • 05c8808 Test: fix failing host_test

ipa-4-3:

  • be65f1e Test: fix failing host_test

Only ipa-4-3

ipa-4-3:

  • 8f6db8f Fix: exceptions in DNS tests should not have data attribute

master:

  • 971b4bf Fix resolve_rrsets: RRSet is not hashable

ipa-4-3:

  • 262054a Fix resolve_rrsets: RRSet is not hashable

master:

  • ce1f9ca Remove unused is_local(), interface, and defaultnet from CheckedIPAddress
  • 5e78b54 Fix internal errors in host-add and other commands caused by DNS resolution

Patches for ipa-4-3 will come later

ipa-4-3:

  • 0db277e Remove unused is_local(), interface, and defaultnet from CheckedIPAddress
  • b8d5881 Fix internal errors in host-add and other commands caused by DNS resolution

Metadata Update from @pspacek:
- Issue assigned to pspacek
- Issue set to the milestone: FreeIPA 4.3.2

2 years ago

Login to comment on this ticket.

Metadata