https://bugzilla.redhat.com/show_bug.cgi?id=799335 (Red Hat Enterprise Linux 6)
Description of problem: add forward and reverse entries for a host and try to add the host without --force option. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : :: [ LOG ] :: ipa-host-cli-48: Add host without force option - DNS Record Exists ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : :: [09:09:36] :: EXECUTING: ipa host-add myhost.testrelm.com ipa: ERROR: Host does not have corresponding DNS A record :: [ FAIL ] :: Add host DNS entries exist (Expected 0, got 1) --------------- 0 hosts matched --------------- ---------------------------- Number of entries returned 0 ---------------------------- :: [09:09:39] :: WARNING: Failed to find host. :: [ FAIL ] :: Verifying host was added when DNS records exist. (Expected 0, got 1) Record name: myhost A record: 10.16.187.99 ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Checking for forward DNS entry Record name: 99 PTR record: myhost.testrelm.com. ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Checking for reverse DNS entry Version-Release number of selected component (if applicable): ipa-server-2.2.0-103.20120302T0507zgitc611d89.el6.x86_64 How reproducible: always Steps to Reproduce: 1. see description 2. 3. Actual results: Expected results: Additional info:
The problem is in acutil (or httpd) which do not update the resolver when it is changed in /etc/resolv.conf when the IPA with DNS support is installed. Then, acutil still uses the former resolver which does not know the new host. When httpd is reloaded, the resolution works ok.
A quick fix will be to restart httpd after DNS install.
Reported bug for acutil: https://bugzilla.redhat.com/show_bug.cgi?id=800368
How to test:
# ipa-server-install --setup-dns ... [14/14]: configuring httpd to start on boot done configuring httpd. Applying LDAP updates Restarting the directory server Restarting the KDC Configuring named: [1/9]: adding DNS container [2/9]: setting up our zone [3/9]: setting up reverse zone [4/9]: setting up our own record [5/9]: setting up kerberos principal [6/9]: setting up named.conf [7/9]: restarting named [8/9]: configuring named to start on boot [9/9]: changing resolv.conf to point to ourselves done configuring named. Restarting the web server ============================================================================== Setup complete Next steps: 1. You must make sure these network ports are open: TCP Ports: * 80, 443: HTTP/HTTPS * 389, 636: LDAP/LDAPS * 88, 464: kerberos * 53: bind UDP Ports: * 88, 464: kerberos * 53: bind * 123: ntp 2. You can now obtain a kerberos ticket using the command: 'kinit admin' This ticket will allow you to use the IPA tools (e.g., ipa user-add) and the web user interface. Be sure to back up the CA certificate stored in /root/cacert.p12 This file is required to create replicas. The password for this file is the Directory Manager password # kinit admin Password for admin@IDM.LAB.BOS.REDHAT.COM: # ipa dnszone-add example.com --name-server=`hostname` Administrator e-mail address [hostmaster.example.com.]: Zone name: example.com Authoritative nameserver: vm-068.idm.lab.bos.redhat.com. Administrator e-mail address: hostmaster.example.com. SOA serial: 2012060301 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; # ipa dnsrecord-add example.com foo --a-rec=10.0.0.1 Record name: foo A record: 10.0.0.1 # host foo.example.com foo.example.com has address 10.0.0.1 foo.example.com IS resolvable, i.e. the following command should work, but it does not with an unpatched IPA. # ipa host-add foo.example.com ipa: ERROR: Host does not have corresponding DNS A record
attachment freeipa-mkosek-230-refresh-resolvers-after-dns-install.patch
Patch freeipa-mkosek-230-refresh-resolvers-after-dns-install.patch sent for review
master: c956b3c
ipa-2-2: 453dbdc
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03
Login to comment on this ticket.