Bug 1175318
| Summary: | forward zones stop working if bind-dyndb-ldap 2.x and 6.x are in the same replication topology | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Petr Spacek <pspacek> | |
| Component: | bind-dyndb-ldap | Assignee: | Petr Spacek <pspacek> | |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 6.6 | CC: | jkurik, jsvarova, mkosek, pspacek, xdong | |
| Target Milestone: | rc | Keywords: | ZStream | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | bind-dyndb-ldap-2.3-6.el6 | Doc Type: | Bug Fix | |
| Doc Text: |
Previously, the bind-dyndb-ldap 2.x driver (used in Red Hat Enterprise Linux 6.x) did not handle forward zones correctly when it was in the same replication topology as bind-dyndb-ldap 6.x (used in Red Hat Enterprise Linux 7.1). As a consequence, forward zones stopped working on all replicas. The underlying source code has been patched to fix this bug, and forward zones now continue to work in the described situation.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 1176129 (view as bug list) | Environment: | ||
| Last Closed: | 2015-07-22 05:39:06 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1176129 | |||
| Attachments: | ||||
|
Description
Petr Spacek
2014-12-17 13:45:14 UTC
Created attachment 970194 [details]
0001-Add-helper-functions-for-generic-iteration-over-RBT.patch
Created attachment 970195 [details]
0002-Add-missing-includes-to-util.h.patch
Created attachment 970196 [details]
0003-Add-support-for-pure-forward-zones-idnsForwardZone-o.patch
Created attachment 970197 [details]
0004-Make-RBT-iterators-more-resilient.patch
Patches 0001-0004 are preliminary version of proposed fix. Created attachment 970554 [details]
0003-Add-support-for-pure-forward-zones-idnsForwardZone-o.patch
Attaching final version of 0003-Add-support-for-pure-forward-zones-idnsForwardZone-o.patch.
Thanks Petr!
Verified on bind-dyndb-ldap-2.3-7.el6:
1.install RHEL 6.6 IPA server with DNS - first master
2.add a forward zone to the IPA DNS:
[root@cloud-qe-17 ~]# ipa dnszone-add redhat.com. --forwarder=10.16.96.106
Authoritative nameserver: cloud-qe-17.testrelm.test.
Administrator e-mail address [hostmaster.redhat.com.]:
Zone name: redhat.com.
Authoritative nameserver: cloud-qe-17.testrelm.test.
Administrator e-mail address: hostmaster.redhat.com.
SOA serial: 1434421859
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
BIND update policy: grant TESTRELM.TEST krb5-self * A; grant TESTRELM.TEST
krb5-self * AAAA; grant TESTRELM.TEST krb5-self * SSHFP;
Active zone: TRUE
Dynamic update: FALSE
Allow query: any;
Allow transfer: none;
Zone forwarders: 10.16.96.106
3.add RHEL 7.0 IPA replica to the topology
[root@mgmt3 ~]# ipa-replica-install --setup-dns --no-forwarder /root/replica-info-mgmt3.testrelm.test.gpg
.
.
.
[9/9]: changing resolv.conf to point to ourselves
Done configuring DNS (named).
Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files
Restarting the web server
4. Forward zone on RHEL 6.7 replica works:
[root@mgmt13 ~]# dig cloud-qe-9.idmqe.lab.eng.bos.redhat.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> cloud-qe-9.idmqe.lab.eng.bos.redhat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8486
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;cloud-qe-9.idmqe.lab.eng.bos.redhat.com. IN A
;; ANSWER SECTION:
cloud-qe-9.idmqe.lab.eng.bos.redhat.com. 1200 IN A 10.16.96.106
;; AUTHORITY SECTION:
idmqe.lab.eng.bos.redhat.com. 86400 IN NS cloud-qe-9.idmqe.lab.eng.bos.redhat.com.
;; Query time: 2 msec
;; SERVER: 10.16.4.23#53(10.16.4.23)
;; WHEN: Mon Jun 15 23:23:52 2015
;; MSG SIZE rcvd: 87
5.upgrade RHEL 7.0 IPA replica to RHEL 7.1
[root@mgmt3 ~]# rpm -q ipa-server bind-dyndb-ldap
ipa-server-4.1.0-18.el7.x86_64
bind-dyndb-ldap-6.0-2.el7.x86_64
6.on 6.7 replica ,Forward zone works well after upgrade.
[root@mgmt13 ~]# dig cloud-qe-9.idmqe.lab.eng.bos.redhat.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> cloud-qe-9.idmqe.lab.eng.bos.redhat.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34567
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;cloud-qe-9.idmqe.lab.eng.bos.redhat.com. IN A
;; ANSWER SECTION:
cloud-qe-9.idmqe.lab.eng.bos.redhat.com. 345 IN A 10.16.96.106
;; AUTHORITY SECTION:
idmqe.lab.eng.bos.redhat.com. 85545 IN NS cloud-qe-9.idmqe.lab.eng.bos.redhat.com.
;; Query time: 0 msec
;; SERVER: 10.16.4.23#53(10.16.4.23)
;; WHEN: Mon Jun 15 23:38:07 2015
;; MSG SIZE rcvd: 87
Hello! Are you sure that dig command contacted the correct server? It would be useful to explicitly list the DNS server you are testing using "dig @<DNS server's address>" to be sure that the request came from the correct server. If you do not have the environment anymore you can only double-check that IP address listed on line ";; SERVER:" in dig's output matches IP address of the server you wanted to test. Thank you for double-checking! Hi Petr, On 6.7 replica: [root@mgmt13 ~]# hostname -i 10.16.4.23 [root@mgmt13 ~]# dig cloud-qe-9.idmqe.lab.eng.bos.redhat.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> cloud-qe-9.idmqe.lab.eng.bos.redhat.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48081 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;cloud-qe-9.idmqe.lab.eng.bos.redhat.com. IN A ;; ANSWER SECTION: cloud-qe-9.idmqe.lab.eng.bos.redhat.com. 365 IN A 10.16.96.106 ;; AUTHORITY SECTION: idmqe.lab.eng.bos.redhat.com. 50483 IN NS cloud-qe-9.idmqe.lab.eng.bos.redhat.com. ;; Query time: 0 msec ;; SERVER: 10.16.4.23#53(10.16.4.23) ;; WHEN: Tue Jun 16 09:22:29 2015 ;; MSG SIZE rcvd: 87 [root@mgmt13 ~]# dig @10.16.4.23 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> @10.16.4.23 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6379 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 25077 IN NS d.root-servers.net. . 25077 IN NS b.root-servers.net. . 25077 IN NS a.root-servers.net. . 25077 IN NS m.root-servers.net. . 25077 IN NS i.root-servers.net. . 25077 IN NS c.root-servers.net. . 25077 IN NS g.root-servers.net. . 25077 IN NS k.root-servers.net. . 25077 IN NS h.root-servers.net. . 25077 IN NS j.root-servers.net. . 25077 IN NS f.root-servers.net. . 25077 IN NS e.root-servers.net. . 25077 IN NS l.root-servers.net. ;; ADDITIONAL SECTION: i.root-servers.net. 31493 IN A 192.36.148.17 i.root-servers.net. 157881 IN AAAA 2001:7fe::53 j.root-servers.net. 193841 IN A 192.58.128.30 j.root-servers.net. 31494 IN AAAA 2001:503:c27::2:30 a.root-servers.net. 179909 IN A 198.41.0.4 a.root-servers.net. 31493 IN AAAA 2001:503:ba3e::2:30 h.root-servers.net. 31494 IN A 128.63.2.53 h.root-servers.net. 31494 IN AAAA 2001:500:1::803f:235 g.root-servers.net. 31494 IN A 192.112.36.4 c.root-servers.net. 193870 IN A 192.33.4.12 c.root-servers.net. 31494 IN AAAA 2001:500:2::c l.root-servers.net. 31493 IN A 199.7.83.42 l.root-servers.net. 31494 IN AAAA 2001:500:3::42 ;; Query time: 0 msec ;; SERVER: 10.16.4.23#53(10.16.4.23) ;; WHEN: Tue Jun 16 09:22:41 2015 ;; MSG SIZE rcvd: 508 Let me know if this proves the verification , thanks! I were not clear. You need to repeat all the dig commands from comment #16 and *add* @<IP addresses> parameter with the address of the particular DNS server (master or replica) you want to test in that particular case. Thanks! DNS server works well on master/replica before and after 7.0 replica's upgrade. [root@mgmt13 ~]# dig cloud-qe-9.idmqe.lab.eng.bos.redhat.com @10.16.96.132 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> cloud-qe-9.idmqe.lab.eng.bos.redhat.com @10.16.96.132 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55389 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;cloud-qe-9.idmqe.lab.eng.bos.redhat.com. IN A ;; ANSWER SECTION: cloud-qe-9.idmqe.lab.eng.bos.redhat.com. 1200 IN A 10.16.96.106 ;; AUTHORITY SECTION: idmqe.lab.eng.bos.redhat.com. 46681 IN NS cloud-qe-9.idmqe.lab.eng.bos.redhat.com. ;; Query time: 2 msec ;; SERVER: 10.16.96.132#53(10.16.96.132) ;; WHEN: Tue Jun 16 10:25:12 2015 ;; MSG SIZE rcvd: 87 [root@mgmt13 ~]# dig cloud-qe-9.idmqe.lab.eng.bos.redhat.com @10.16.4.23 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6 <<>> cloud-qe-9.idmqe.lab.eng.bos.redhat.com @10.16.4.23 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46254 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;cloud-qe-9.idmqe.lab.eng.bos.redhat.com. IN A ;; ANSWER SECTION: cloud-qe-9.idmqe.lab.eng.bos.redhat.com. 1200 IN A 10.16.96.106 ;; AUTHORITY SECTION: idmqe.lab.eng.bos.redhat.com. 46748 IN NS cloud-qe-9.idmqe.lab.eng.bos.redhat.com. ;; Query time: 1 msec ;; SERVER: 10.16.4.23#53(10.16.4.23) ;; WHEN: Tue Jun 16 10:24:44 2015 ;; MSG SIZE rcvd: 87 Thank you! Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1259.html |