Bug 688765
| Summary: | [RFE] afsdb records to not seem to be resolvable. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Michael Gregg <mgregg> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.1 | CC: | benl, dpal, mkosek |
| Target Milestone: | rc | Keywords: | FutureFeature, Reopened |
| Target Release: | 6.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-2.2.0-1.el6 | Doc Type: | Enhancement |
| Doc Text: |
Cause: IPA DNS plugin does not validate contents of DNS records. Some DNS record types (e.g. MX, LOC, or SRV) have a complex data structure which need to be kept, otherwise the record is not resolvable.
Consequence: Relaxed DNS plugin validation lets user to unknowingly create invalid records which then won't be resolvable even though they are stored in LDAP. This situation may confuse users.
Change: Every DNS record type (except experimental A6 DNS record type) is now validated with respect to relevant RFC document. The validation covers most common user errors and also gives user a guidance what is wrong with the entered record when an invalid record is entered.
Result: DNS plugin should not let user enter invalid records. User should also be able to create even complex DNS records without a detailed knowledge of their structure as the improved DNS plugin interface guide him. Both features should improve user experience with IPA and DNS.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-20 13:13:43 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 756082 | ||
|
Description
Michael Gregg
2011-03-17 23:05:37 UTC
You used an invalid syntax of AFSDB record. RFC 1183 states that AFSDB has the following format: <owner> <ttl> <class> AFSDB <subtype> <hostname> You missed <subtype> field in AFSDB record. When I added the <subtype> field, the record is correctly resolvable by dig: $ ipa dnsrecord-add example.com afsdbrec --afsdb-rec="0 interesting.zone.com." Record name: afsdbrec AFSDB record: 0 interesting.zone.com. # dig -t AFSDB afsdbrec.example.com ; <<>> DiG 9.7.3-RedHat-9.7.3-1.el6 <<>> -t AFSDB afsdbrec.example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30727 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;afsdbrec.example.com. IN AFSDB ;; ANSWER SECTION: afsdbrec.example.com. 86400 IN AFSDB 0 interesting.zone.com. ;; AUTHORITY SECTION: example.com. 86400 IN NS vm-111.idm.lab.bos.redhat.com. ;; ADDITIONAL SECTION: vm-111.idm.lab.bos.redhat.com. 86400 IN A 10.16.78.111 ;; Query time: 2 msec ;; SERVER: 10.16.78.111#53(10.16.78.111) ;; WHEN: Mon Mar 21 06:11:41 2011 ;; MSG SIZE rcvd: 130 I will close the ticket "Not a bug". dns command should not allow invalid data - expected an error saying subtype is required. - this is still a bug. Fixed upstream. master: efc3e2c1f7a3dcf5e94736395d39e1fa2800a490
verified in:
ipa-server-2.1.3-9.el6.x86_64
bind-dyndb-ldap-0.2.0-7.el6.x86_64
ipa-dns-52 through ipa-dns-57 added to test this bug.
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [ LOG ] :: ipa-dns-54: make sure that dig can find the record type afsdb
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
afsdb.newzone. 86400 IN AFSDB 0 green.femto.edu.
:: [ PASS ] :: make sure dig can find the afsdb record
'54e7ab21-711f-4ed4-9f31-c30192304f1e'
ipa-dns-54 result: PASS
metric: 0
Log: /tmp/beakerlib-4093129/journal.txt
Info: Searching AVC errors produced since 1324582283.0 (Thu Dec 22 14:31:23 2011)
Searching logs...
Info: No AVC messages found.
Writing to /mnt/testarea/tmp.QUSpSR
:
AvcLog: /mnt/testarea/tmp.QUSpSR
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
Cause: IPA DNS plugin does not validate contents of DNS records. Some DNS record types (e.g. MX, LOC, or SRV) have a complex data structure which need to be kept, otherwise the record is not resolvable.
Consequence: Relaxed DNS plugin validation lets user to unknowingly create invalid records which then won't be resolvable even though they are stored in LDAP. This situation may confuse users.
Change: Every DNS record type (except experimental A6 DNS record type) is now validated with respect to relevant RFC document. The validation covers most common user errors and also gives user a guidance what is wrong with the entered record when an invalid record is entered.
Result: DNS plugin should not let user enter invalid records. User should also be able to create even complex DNS records without a detailed knowledge of their structure as the improved DNS plugin interface guide him. Both features should improve user experience with IPA and DNS.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html |