Bug 1020075
Summary: | PTR record synchronization is not enabled by default | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Michael Gregg <mgregg> |
Component: | ipa | Assignee: | Martin Kosek <mkosek> |
Status: | CLOSED NOTABUG | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.0 | CC: | mgregg, pspacek, rcritten |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-10-18 07:13:06 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Michael Gregg
2013-10-17 00:21:29 UTC
Petr, can you please advise from bind-dyndb-ldap POV? I am not aware of any related change in IPA DNS module. There were some changes in bind-dyndb-bind, mainly fixes about IPv6 and some race conditions, so the bug could be there. Gregg, I don't see any information about your configuration nor any information from logs. Please make sure that everything is configured according to: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/SyncPTR Please check /var/log/messages and post any error messages to this bug. My guess is that the testing data doesn't pass validation in bind-dyndb-ldap. See section "Existing values in A/AAAA and PTR records matches." in the document linked above. Petr, your guess was correct, allow-sync-ptr was not configured for the default zone in IPA. After I ran "ipa dnszone-mod testrelm.com. --allow-sync-ptr=TRUE", my tests started passing. So, is this a ipa bug? I need to verify that this is happening, but it's looking like the allow-sync-ptr flag is not getting set upon running ipa-server-install --setup-dns For some reason, ptr sync is not enabled on my default domain during these tests. I am not sure why. It seems to be set on other ipa machines around here. Am I right in assuming that this flag should be set on IPA domains? My config before setting allow-sync-ptr flag: dn: idnsname=testrelm.com,cn=dns,dc=testrelm,dc=com Zone name: testrelm.com Authoritative nameserver: mgmt3.testrelm.com. Administrator e-mail address: hostmaster.testrelm.com. SOA serial: 1382053507 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: TRUE Allow query: any; Allow transfer: none; nsrecord: mgmt3.testrelm.com., cloud-qe-7.testrelm.com. objectclass: top, idnsrecord, idnszone AFAIK PTR record synchronization always has to be enabled manually. I don't think that there was a change in this area. Namita did the same test for https://bugzilla.redhat.com/show_bug.cgi?id=1010396 (RHEL 6) and the behaviour was the same. See https://bugzilla.redhat.com/show_bug.cgi?id=1010396#c8 step "2". |