When I have a topology with at least one replica, I am unable to add ipa domain as a subdomain of a root zone.
Workflow is as follows:
ipa: ERROR: Nameserver '<master_hostname>' does not have a corresponding A/AAAA record
However, if I remove the ns record of the replica from root zone, it will work:
# ipa dnsrecord-find . Record name: @ NS record: <master_hostname>, <replica_hostname> Record name: <master_hostname> A record: <master_ip> ---------------------------- Number of entries returned 2 ---------------------------- # ipa dnsrecord-del . --ns-rec=<replica_hostname> Record name: @ Record name: @ NS record: <master_hostname> # ipa dnsrecord-add . <ipa_domain_name> --ns-rec=<master_hostname> Record name: <ipa_domain_name> NS record: <master_hostname>
It looks like a combination of 2 issues. 1. All NS records for the zone must have corresponding A records if we want to be able to add subdomains. (This is probably not a bug at all) 2. dnsrecord-add complains that master does not have an A record, when in reality master does have it, but replica does not.
Replying to [ticket:5848 ofayans]:
It looks like a combination of 2 issues. 1. All NS records for the zone must have corresponding A records if we want to be able to add subdomains. (This is probably not a bug at all)
This is by design - BIND does the same.
dnsrecord-add complains that master does not have an A record, when in reality master does have it, but replica does not. Replica and master are equivalent so the message is in fact correct.
We might do two things:
Anyway, this is 4.5 material.
Tests fixed: master:
Metadata Update from @ofayans: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5 backlog
Login to comment on this ticket.