freeipa

Clone
Source Code
GIT

#2481 ipa host-add fails when DNS records already exist
Closed: Fixed None Opened 12 years ago by mkosek.

Closed: Fixed
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=799335 (Red Hat Enterprise Linux 6)

Description of problem:

add forward and reverse entries for a host and try to add the host without
--force option.

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:
:: [   LOG    ] :: ipa-host-cli-48: Add host without force option - DNS Record
Exists
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:

:: [09:09:36] ::  EXECUTING: ipa host-add myhost.testrelm.com
ipa: ERROR: Host does not have corresponding DNS A record
:: [   FAIL   ] :: Add host DNS entries exist (Expected 0, got 1)
---------------
0 hosts matched
---------------
----------------------------
Number of entries returned 0
----------------------------
:: [09:09:39] ::  WARNING: Failed to find host.
:: [   FAIL   ] :: Verifying host was added when DNS records exist. (Expected
0, got 1)
  Record name: myhost
  A record: 10.16.187.99
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for forward DNS entry
  Record name: 99
  PTR record: myhost.testrelm.com.
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for reverse DNS entry



Version-Release number of selected component (if applicable):
ipa-server-2.2.0-103.20120302T0507zgitc611d89.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. see description
2.
3.

Actual results:


Expected results:


Additional info:

The problem is in acutil (or httpd) which do not update the resolver when it is changed in /etc/resolv.conf when the IPA with DNS support is installed. Then, acutil still uses the former resolver which does not know the new host. When httpd is reloaded, the resolution works ok.

A quick fix will be to restart httpd after DNS install.

How to test:

# ipa-server-install --setup-dns
...
  [14/14]: configuring httpd to start on boot
done configuring httpd.
Applying LDAP updates
Restarting the directory server
Restarting the KDC
Configuring named:
  [1/9]: adding DNS container
  [2/9]: setting up our zone
  [3/9]: setting up reverse zone
  [4/9]: setting up our own record
  [5/9]: setting up kerberos principal
  [6/9]: setting up named.conf
  [7/9]: restarting named
  [8/9]: configuring named to start on boot
  [9/9]: changing resolv.conf to point to ourselves
done configuring named.
Restarting the web server
==============================================================================
Setup complete

Next steps:
    1. You must make sure these network ports are open:
        TCP Ports:
          * 80, 443: HTTP/HTTPS
          * 389, 636: LDAP/LDAPS
          * 88, 464: kerberos
          * 53: bind
        UDP Ports:
          * 88, 464: kerberos
          * 53: bind
          * 123: ntp

    2. You can now obtain a kerberos ticket using the command: 'kinit admin'
       This ticket will allow you to use the IPA tools (e.g., ipa user-add)
       and the web user interface.

Be sure to back up the CA certificate stored in /root/cacert.p12
This file is required to create replicas. The password for this
file is the Directory Manager password
# kinit admin
Password for admin@IDM.LAB.BOS.REDHAT.COM: 
# ipa dnszone-add example.com --name-server=`hostname`
Administrator e-mail address [hostmaster.example.com.]: 
  Zone name: example.com
  Authoritative nameserver: vm-068.idm.lab.bos.redhat.com.
  Administrator e-mail address: hostmaster.example.com.
  SOA serial: 2012060301
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;
# ipa dnsrecord-add example.com foo --a-rec=10.0.0.1
  Record name: foo
  A record: 10.0.0.1
# host foo.example.com
foo.example.com has address 10.0.0.1

foo.example.com IS resolvable, i.e. the following command should work, but it does not with an unpatched IPA.

# ipa host-add foo.example.com
ipa: ERROR: Host does not have corresponding DNS A record

Patch freeipa-mkosek-230-refresh-resolvers-after-dns-install.patch sent for review

master: c956b3c

ipa-2-2: 453dbdc

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
DNS
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=799335
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.