Bug 795406

Summary: Hold bind and plugin global settings in LDAP
Product: Red Hat Enterprise Linux 6 Reporter: Petr Spacek <pspacek>
Component: bind-dyndb-ldapAssignee: Petr Spacek <pspacek>
Status: CLOSED ERRATA QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.3CC: atkac, grajaiya, jgalipea, ovasik, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: bind-dyndb-ldap-1.1.0-0.3.b1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 13:52:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Spacek 2012-02-20 12:33:43 UTC 
Description of problem:
Plugin is missing global configuration feature.


Version-Release number of selected component (if applicable):
bind-dyndb-ldap-1.1.0-0.8.a2


Actual results:
Configuration is taken from named.conf.


Expected results:
Configuration is loaded from idnsConfigObject in LDAP.


Upstream ticket:
https://fedorahosted.org/bind-dyndb-ldap/ticket/43
Comment 2 Petr Spacek 2012-02-28 14:30:19 UTC 
Fixed in upstream:
https://fedorahosted.org/bind-dyndb-ldap/ticket/43#comment:2
Comment 5 Gowrishankar Rajaiyan 2012-05-09 14:44:31 UTC 
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
Case 1:
- Forwarder not set in /etc/named.conf
- nslookup $somezone

Result:
[root@goldbug ~]# nslookup shanks.example.com
Server:		10.65.201.101
Address:	10.65.201.101#53

** server can't find shanks.example.com: NXDOMAIN

[root@goldbug ~]# 
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
Case 2:
- forwarder set in dns global config
- nslookup $somezone

[root@goldbug ~]# ipa dnsconfig-mod --forwarder=10.65.201.100
  Global forwarders: 10.65.201.100
[root@goldbug ~]# 


[root@goldbug ~]# nslookup shanks.example.com
Server:		10.65.201.101
Address:	10.65.201.101#53

Non-authoritative answer:
Name:	shanks.example.com
Address: 192.168.0.100

[root@goldbug ~]# 


[root@goldbug ~]# tcpdump  -ni eth0 udp port 53
10:38:58.389557 IP 10.65.201.101.51174 > 10.65.201.100.domain: 60351+ [1au] A? shanks.example.com. (47)
10:38:58.389588 IP 10.65.201.101.55396 > 10.65.201.100.domain: 29952+ [1au] NS? . (28)
10:38:58.390613 IP 10.65.201.100.domain > 10.65.201.101.55396: 29952 14/0/23 NS e.root-servers.net., NS f.root-servers.net., NS k.root-servers.net., NS l.root-servers.net., NS c.root-servers.net., NS m.root-servers.net., NS i.root-servers.net., NS a.root-servers.net., NS b.root-servers.net., NS d.root-servers.net., NS j.root-servers.net., NS h.root-servers.net., NS g.root-servers.net., RRSIG (857)
10:38:58.392649 IP 10.65.201.100.domain > 10.65.201.101.51174: 60351* 1/1/2 A 192.168.0.100 (122)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
Case 3:
- Set a forwarder in /etc/named.conf
- set another forwarder in dns global config
- nslookup $somezone

[root@goldbug ~]# ipa dnsconfig-mod --forwarder=10.65.201.100
  Global forwarders: 10.65.201.100
[root@goldbug ~]# 


[root@goldbug ~]# nslookup shanks.example.com
Server:		10.65.201.101
Address:	10.65.201.101#53

Non-authoritative answer:
Name:	shanks.example.com
Address: 192.168.0.100

[root@goldbug ~]# 

[root@goldbug ~]# tcpdump  -ni eth0 udp port 5310:40:53.025919 IP 10.65.201.101.BESApi > 10.65.201.100.domain: 3705+ [1au] A? shanks.example.com. (47)
10:40:53.025969 IP 10.65.201.101.34315 > 10.65.201.100.domain: 3036+ [1au] NS? . (28)
10:40:53.026550 IP 10.65.201.100.domain > 10.65.201.101.34315: 3036 14/0/23 NS d.root-servers.net., NS a.root-servers.net., NS l.root-servers.net., NS h.root-servers.net., NS m.root-servers.net., NS i.root-servers.net., NS c.root-servers.net., NS g.root-servers.net., NS k.root-servers.net., NS b.root-servers.net., NS f.root-servers.net., NS j.root-servers.net., NS e.root-servers.net., RRSIG (857)
10:40:53.028004 IP 10.65.201.100.domain > 10.65.201.101.BESApi: 3705* 1/1/2 A 192.168.0.100 (122)
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#

Verified: bind-dyndb-ldap-1.1.0-0.8.b1.el6.x86_64
Comment 7 errata-xmlrpc 2012-06-20 13:52:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0837.html