Bug 805430

Summary: IPA dnszone-add does not accept the utmost valid serial number.
Product: Red Hat Enterprise Linux 6 Reporter: Gowrishankar Rajaiyan <grajaiya>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.3CC: dpal, jgalipea, mkosek, pspacek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.0.0-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 09:10:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Gowrishankar Rajaiyan 2012-03-21 09:48:03 UTC 
Description of problem:
rfc1912 states DNS serial won't overflow until the year 4294, which as per the syntax makes 4294123199 a valid value.

Version-Release number of selected component (if applicable):
ipa-server-2.2.0-4.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
[root@primenova ~]# ipa dnszone-add testzone --serial=4294123199
  
Actual results:
ipa: ERROR: invalid 'serial': can be at most 2147483647

Expected results:
Zone should be created successfully and at most should be 4294123199.

Additional info:
http://www.ietf.org/rfc/rfc1912.txt
Comment 2 Martin Kosek 2012-03-21 09:52:12 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2568
Comment 3 Martin Kosek 2012-09-06 13:03:12 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/6abe476459e83d9457b22693b22b55c6c98a1a58
ipa-3-0: https://fedorahosted.org/freeipa/changeset/5355b32304c94ce8841d038ffb5116e3566443ec
Comment 4 Jenny Severance 2012-09-25 16:41:59 UTC 
regression test automated in DNS test suite
Comment 7 Namita Soman 2012-12-18 03:50:04 UTC 
Verified using: ipa-server-3.0.0-11.el6.x86_64

test output:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: 805430 IPA dnszone-add does not accept the utmost valid serial number.
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

kdestroy: No credentials cache found while destroying cache
spawn /usr/bin/kinit -V admin
Using default cache: /tmp/krb5cc_0
Using principal: admin
Password for admin:
Authenticated to Kerberos v5
Default principal: admin
:: [22:10:00] ::  kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Kinit as admin user
  Zone name: maxtzone
  Authoritative nameserver: nightcrawler.testrelm.com.
  Administrator e-mail address: admin.testrelm.com.
  SOA serial: 4294123199
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;
:: [   PASS   ] :: test to make sure the maxtzone dnszone-add returns 0
:: [   PASS   ] :: check output of dnszone-add for error message
Comment 9 errata-xmlrpc 2013-02-21 09:10:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html