Bug 1172495
| Summary: | oo-accept-broker should look for testrecord DNS with absolute domain | ||||||
|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | gregory.nuyttens | ||||
| Component: | Node | Assignee: | Luke Meyer <lmeyer> | ||||
| Status: | CLOSED ERRATA | QA Contact: | libra bugs <libra-bugs> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 2.2.0 | CC: | bleanhar, cryan, gregory.nuyttens, jokerman, libra-onpremise-devel, mmccomas, xiama | ||||
| Target Milestone: | --- | Keywords: | Upstream | ||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | openshift-origin-broker-util-1.33.0.1-1 | Doc Type: | Bug Fix | ||||
| Doc Text: |
Cause: oo-accept-broker did not test DNS using absolute domain names. (ie: those ending in .)
Consequence: Under certain DNS configurations this may have produced incorrect test results.
Fix: oo-accept-broker now tests for absolutely domain names avoiding problems associated with relative DNS search results.
Result: oo-accept-broker DNS tests are now more accurate.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-02-12 13:09:45 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
oo-accept-broker creates and then deletes a test record to prove that the DNS plugin is working. I agree it would make sense to test for the absolute domain, not relative, but what is the particular DNS setup that's leading to the issue? Commit pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/29e1fff065a3831ea46d3715eee3bcffa1c57606 oo-accept-broker: testrecord DNS w/absolute domain Bug 1172495 - oo-accept-broker should look for testrecord DNS with absolute domain https://bugzilla.redhat.com/show_bug.cgi?id=1172495 Thank you for your modification, with this one it seems to be OK at our side.
For your information, I made a internal request for the dns server config and I saw that the bug only occurs when we have allow-query-cache activated.
allow-query { any; };
allow-query-cache { any; };
allow-recursion { none; };
Best regards,
Thanks for the information, so we will know what to look for if someone else reports this... caching queries is probably not the best idea for a DDNS service, would be a good argument for separating out the DNS service used for OSE. I don't think the change made here will address that problem. You are right.. The one thing I can tell is that when we remove the allow-query-cache we don't have any problem. If we don't remove this line but apply your fix from https://github.com/openshift/origin-server/commit/29e1fff065a3831ea46d3715eee3bcffa1c57606 it works also. So it's ok for us now. I can not reproduce this issue. I check the codes, it has been merged. I configure allow-query-cache activated, then run "oo-accept-broker". No error is given out. So move it to VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0220.html |
Created attachment 966702 [details] Dump of the problem Description of problem: When we make an oo-accept-broker command we got: FAIL: txt record testrecord.${DNS_SUFFIX} still resolves on server XX.XX.XX.XX 1 ERRORS Version-Release number of selected component (if applicable): All versions How reproducible: Need to have a certain configuration at the DNS server side (it's another department which are responsible of the DNS servers in my company) Steps to Reproduce: 1. Have the certain configuration of the DNS 2. test the command oo-accept-broker or directly make the command which are invoked by oo-accept-broker -> host -t txt testrecord.${DNS_SUFFIX} ${BIND_SERVER} Actual results: host -t txt testrecord.${DNS_SUFFIX} ${BIND_SERVER} -> testrecord.openshift.${DNS_SUFFIX}.${DNS_SUFFIX} has no TXT record Expected results: host -t txt testrecord.${DNS_SUFFIX} ${BIND_SERVER} Host testrecord.openshift.${DNS_SUFFIX} not found: 3(NXDOMAIN) Additional info: For me the problem is that into the oo-accept-broker the command host -t txt testrecord.${DNS_SUFFIX} ${BIND_SERVER} will be replaced by host -t txt testrecord.${DNS_SUFFIX}. ${BIND_SERVER} (with a dot after the DNS SUFFIX). We need to verify the absolute record (with a dot at the end) and not the relative record