Bug 671278

Summary: unable to add multiple NS records to a zone
Product: [Retired] freeIPA Reporter: Michael Gregg <mgregg>
Component: ipa-admintoolsAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: benl, dpal, jhrozek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: freeipa-2.0.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-28 09:25:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Michael Gregg 2011-01-20 23:24:17 UTC 
Description of problem:
I do not seem to be able to add multiple NS records to a zone. 
If I get the syntax correct, IPA seems to like the input, but then dig doesn't handle the entry. 

Version-Release number of selected component (if applicable):
ipa-server-2.0-0.2011011418gita68b2d2.fc14.x86_64

How reproducible:
always

Steps to Reproduce:
1. ipa  dnsrecord-add newzone1 @ --ns-rec=10.16.98.193,127.0.0.1.
2. dig newzone1 NS
  
Actual results:
[root@ipaqavmh ipa-dns]# ipa  dnsrecord-add newzone1 @ --ns-rec=10.16.98.193,127.0.0.1.
  Record name: newzone1
  MX record: 3.4.5.6
  NS record: 10.16.98.193, 127.0.0.1.
[root@ipaqavmh ipa-dns]# dig newzone1 NS

; <<>> DiG 9.7.2-P2-RedHat-9.7.2-2.P2.fc14 <<>> newzone1 NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41340
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;newzone1.			IN	NS

;; Query time: 2 msec
;; SERVER: 10.16.98.193#53(10.16.98.193)
;; WHEN: Thu Jan 20 18:22:09 2011
;; MSG SIZE  rcvd: 26

Expected results:
dig newzone NS to return two records. 

Additional:
I'm still not sure how I supposed to enter a priority for the NS records.
Comment 1 Jakub Hrozek 2011-01-24 21:34:21 UTC 
https://fedorahosted.org/freeipa/ticket/838
Comment 2 Jakub Hrozek 2011-01-31 08:32:11 UTC 
The bug has been fixed upstream in 0a6b1c4bced35dc0943ae38fcea71586274395ba. 

The root cause was that NS records are supposed to be resolvable hostnames. This is expected by Bind and enforced so that if Bind cannot find an A or AAAA record for a NS record, it wouldn't load the zone. Even if you add an IP address, Bind would still treat is as a hostname.

The fix is to 
a) during zone creation, check if NS record can be resolved with DNS. This can be overridden with --force (if, for some reason you'd like to add the NS record afterwards with dnsrecord-add/host-add or perhaps for testing purposes).
b) provide a new option to dnszone-add that allows specifying IP address of the NS record, so zone and NS record can be created in one go
c) when adding a new NS record with dnsrecord-add, check for a valid A/AAAA record, too.