Bug 690473

Summary: Installing ipa-client indicates DNS is updated for this unknown hostname, but is not on server
Product: Red Hat Enterprise Linux 6 Reporter: Namita Soman <nsoman>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: benl, dpal, jgalipea, kevinu, mkosek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-2.1.1-1.el6 Doc Type: Bug Fix
Doc Text:
Cause: Using the --hostname to set a value outside an IPA-managed DNS domain does not return an error and does not add the host to DNS. Consequence: It appears to the user that the hostname was added to DNS but it was not. Fix: The DNS updating utility nsupdate was modified to properly return an error when an update fails. Result: The user will see an error that nsupdate failed to add add the DNS entry.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-06 18:21:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 700097, 731950, 744141    
Bug Blocks:    

Description Namita Soman 2011-03-24 12:51:35 UTC 
Description of problem:
When installing specifying hostname that is unknown, install indicates DNS is updated on server, but it is not updated on server.

install using command as below:
ipa-client-install --hostname qqq.www -d
The output includes:
root        : DEBUG    stderr=
Warning: Hostname (qqq.www) not found in DNS
root        : DEBUG    args=/usr/bin/kinit -k -t /etc/krb5.keytab host/qqq.www
root        : DEBUG    stdout=
root        : DEBUG    stderr=
root        : DEBUG    args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt
root        : DEBUG    stdout=
root        : DEBUG    stderr=specified zone 'www' does not exist (NXDOMAIN)
specified zone 'www' does not exist (NXDOMAIN)

DNS server record set to: qqq.www -> 10.16.19.131

And when not using the -d option, the output includes:
root        : DEBUG    stderr=
Warning: Hostname (qqq.www) not found in DNS
DNS server record set to: qqq.www -> 10.16.19.131

But 
ipa dnsrecord-find --all testrelm
doesn't list the above Record

also running the command below:
ipa host-del qqq.www --updatedns
gives error:
ipa: ERROR: DNS zone www not found

but host can be deleted without using --updatedns
ipa host-del qqq.www
----------------------
Deleted host "qqq.www"
----------------------



Version-Release number of selected component (if applicable):
ipa-client-2.0.0-16.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. ipa-client-install --hostname qqq.www which indicates DNS server record set to: qqq.www -> 10.16.19.131

2.ipa dnsrecord-find --all testrelm which doesn't list this record

3. ipa host-del qqq.www --updatedns which throws error ERROR: DNS zone www not found

  
Actual results:
Server is not updated with a DNS record for this client


Expected results:
If server cannot be updated, the message when installing shouldn't be displayed. And is it okay if the server doesn't have the DNS record for this? 


Additional info:
Comment 3 Dmitri Pal 2011-03-24 20:17:09 UTC 
https://fedorahosted.org/freeipa/ticket/1121
Comment 5 Martin Kosek 2011-04-27 13:06:57 UTC 
When client hostname is set to "qqq.www" nsupdate tries to update DNS record "qqq" in DNS zone www. See command list for nsupdate:

# cat .nsupdate 
zone www.
update delete qqq.www. IN A
send
update add qqq.www. 1200 IN A 10.16.78.134
send

However, DNS zone www is neither managed by IPA nor exists at all. Maybe the problem is that you forgot to enter a fully qualified hostname, e.g. qqq.www.testrelm, where testrelm and www.testrelm are valid zones. The command should work then.

I tried this with client hostname named "foo.bar" where "bar." was a DNS zone managed by my IPA server and the installation succeeded then:

CLIENT:
# ipa-client-install --hostname foo.bar
...
Configured /etc/krb5.conf for IPA realm IDM.LAB.BOS.REDHAT.COM
Warning: Hostname (foo.bar) not found in DNS
DNS server record set to: foo.bar -> 10.16.78.134
SSSD enabled
...
Client configuration complete.

SERVER:
# ipa dnsrecord-find bar
...
  Record name: foo
  A record: 10.16.78.134

The only problem I found is that nsupdate returns success even when the zone is not found (your case). This makes ipa-client-install without the -d flag to report a success in updating the DNS record even though there was an error. I filed a BZ for this one:

https://bugzilla.redhat.com/show_bug.cgi?id=700097
Comment 6 Martin Kosek 2011-09-09 12:33:09 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/806a40846b8848ffe2f23e216949d7a8babc5c79
ipa-2-1: https://fedorahosted.org/freeipa/changeset/290bc6a7682b9744e927b772f8f36f67eb6ff5e5

When updated bind-utils (9.7.3-6.P3.el6) package installed, nsupdate will not return success return code and ipa-client-install should correctly report problem with DNS server record.
Comment 8 Namita Soman 2011-10-14 18:06:13 UTC 
Verified using ipa-client-2.1.2-2.el6.x86_64

Installed using hostname ipaclient.testrelm, where testrelm is a dns zone managed by IPA, client install indiacted:
Warning: Hostname (ipaclient.testrelm) not found in DNS
DNS server record set to: ipaclient.testrelm -> 10.16.18.91

Installed using hostname qqq.www, where www is not a dns zone managed by IPA, client install indicated:
Warning: Hostname (qqq.www) not found in DNS
Failed to update DNS A record. (Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 2)
Comment 9 Rob Crittenden 2011-10-31 16:24:42 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Using the --hostname to set a value outside an IPA-managed DNS domain does not return an error and does not add the host to DNS.
Consequence: It appears to the user that the hostname was added to DNS but it was not.
Fix: The DNS updating utility nsupdate was modified to properly return an error when an update fails.
Result: The user will see an error that nsupdate failed to add add the DNS entry.
Comment 10 errata-xmlrpc 2011-12-06 18:21:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html