Bug 784815

Summary: Dynamic update for zone without idnsAllowSyncPTR does not work
Product: [Fedora] Fedora Reporter: Martin Kosek <mkosek>
Component: bind-dyndb-ldapAssignee: Petr Spacek <pspacek>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: atkac, jkuncar, pspacek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: bind-dyndb-ldap-1.1.0-0.8.a2.fc16 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-01 09:34:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Martin Kosek 2012-01-26 10:48:10 UTC 
Description of problem:
Automatic updates using `nsupdate' report error when the target zones do not contain attribute idnsAllowSyncPTR. The update worked when it was set to FALSE or TRUE.

LDIF of the failing zones:

dn: idnsname=idm.lab.bos.redhat.com,cn=dns,dc=idm,dc=lab,dc=bos,dc=redhat,dc
 =com
idnsAllowDynUpdate: TRUE
idnsAllowQuery: any
idnsAllowSyncPTR: TRUE
idnsAllowTransfer: none
idnsName: idm.lab.bos.redhat.com
idnsSOAexpire: 1209
idnsSOAmName: vm-068.idm.lab.bos.redhat.com.
idnsSOAminimum: 3600
idnsSOArName: hostmaster.idm.lab.bos.redhat.com.
idnsSOArefresh: 3600
idnsSOAretry: 900
idnsSOAserial: 2015
idnsUpdatePolicy: grant IDM.LAB.BOS.REDHAT.COM krb5-self * A; grant IDM.LAB.
 BOS.REDHAT.COM krb5-self * AAAA;
idnsZoneActive: TRUE
nSRecord: vm-068.idm.lab.bos.redhat.com.
objectClass: top
objectClass: idnsrecord
objectClass: idnszone

dn: idnsname=78.16.10.in-addr.arpa.,cn=dns,dc=idm,dc=lab,dc=bos,dc=redhat,dc
 =com
idnsAllowDynUpdate: TRUE
idnsAllowQuery: any
idnsAllowSyncPTR: TRUE
idnsAllowTransfer: none
idnsName: 78.16.10.in-addr.arpa.
idnsSOAexpire: 1209600
idnsSOAmName: vm-068.idm.lab.bos.redhat.com.
idnsSOAminimum: 3600
idnsSOArName: hostmaster.78.16.10.in-addr.arpa.
idnsSOArefresh: 3600
idnsSOAretry: 900
idnsSOAserial: 2012260101
idnsUpdatePolicy: grant IDM.LAB.BOS.REDHAT.COM krb5-subdomain 78.16.10.in-ad
 dr.arpa. PTR;
idnsZoneActive: TRUE
nSRecord: vm-068.idm.lab.bos.redhat.com.
objectClass: top
objectClass: idnsrecord
objectClass: idnszone

nsupdate output:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/vm-138.idm.lab.bos.redhat.com.BOS.REDHAT.COM

Valid starting     Expires            Service principal
01/26/12 05:16:02  01/27/12 05:16:02  krbtgt/IDM.LAB.BOS.REDHAT.COM.BOS.REDHAT.COM
01/26/12 05:16:21  01/27/12 05:16:02  DNS/vm-068.idm.lab.bos.redhat.com.BOS.REDHAT.COM

# cat nsupdate.txt 
zone idm.lab.bos.redhat.com.
update delete vm-138.idm.lab.bos.redhat.com. IN A
send
update add vm-138.idm.lab.bos.redhat.com. 1200 IN A 10.16.78.138
send
# /usr/bin/nsupdate -g nsupdate.txt
update failed: SERVFAIL
update failed: SERVFAIL

Version-Release number of selected component (if applicable):
bind-9.8.1-4.P1.fc16.x86_64
bind-dyndb-ldap-1.0.0-0.2.b1.fc16.x86_64

How reproducible:

Steps to Reproduce:
1. Server: Prepare forward and reverse zone in LDAP (as in the provided example). Make sure the does not have idnsAllowSyncPTR attribute filled.
2. Client: Try to run the nsupdate as in the above example
3.
  
Actual results:
Update reports SERVFAIL.

Expected results:
Update succeeds. Since idnsAllowSyncPTR is not filled it should use the default behavior, i.e. do not create PTR record.

Additional info:
Comment 1 Fedora Update System 2012-02-20 12:16:03 UTC 
bind-dyndb-ldap-1.1.0-0.8.a2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/FEDORA-2012-1613/bind-dyndb-ldap-1.1.0-0.8.a2.fc16
Comment 2 Fedora Update System 2012-03-01 09:34:48 UTC 
bind-dyndb-ldap-1.1.0-0.8.a2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.