Bug 842756

Summary: Incorrect suggested Zone name when using name-from-ip
Product: Red Hat Enterprise Linux 7 Reporter: Namita Soman <nsoman>
Component: ipaAssignee: Martin Kosek <mkosek>
Status: CLOSED CURRENTRELEASE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: dpal, jgalipea, mkosek, rmainz
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-16 15:00:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Namita Soman 2012-07-24 14:18:59 UTC 
Description of problem:
When adding a reverse zone using name-from-ip, the prompt suggests an invalid zone name, using all 4 octets of the ip.

Version-Release number of selected component (if applicable):
freeipa-server-2.99.0-0.20120713T1418Zgitc20d4c7.fc17.x86_64

How reproducible:
always

Steps to Reproduce:
1.# ipa dnszone-add --name-from-ip=10.15.20.100 --name-server=qe-blade-04.testrelm.com
2. ]# ipa dnszone-add --name-from-ip=10.15.20 --name-server=qe-blade-04.testrelm.com

  
Actual results:
1. Step 1 prompts: Zone name [100.20.15.10.in-addr.arpa.]:
2. Step 2 prompts: Zone name [0.20.15.10.in-addr.arpa.]: 

Expected results:
Step 1: Prompt should be:
Zone name [20.15.10.in-addr.arpa.]:
Step 2: should be Validation Error - to indicate invalid ip

Additional info:
Comment 2 Namita Soman 2012-07-25 10:37:28 UTC 
User error...I didn't use the right value for ip. When doing the below, the suggested zone name is correct:

#ipa dnszone-add --name-from-ip 10.10.100.0/25
Authoritative nameserver: ipaqavmh.testrelm.com
Zone name [100.10.10.in-addr.arpa.]: 

Can we have validation when using this parameter to avoid incorrect zones from being added?
Comment 3 Martin Kosek 2012-07-30 13:57:21 UTC 
Technically the zone is not invalid. You just cannot add any child PTR records to the zone because there would be too many components in the reverse zone. But you are free to add a record to the zone itself, i.e.:


# ipa dnszone-add --name-from-ip=10.0.0.1 --name-server=`hostname`
Zone name [1.0.0.10.in-addr.arpa.]: 
Administrator e-mail address [hostmaster.1.0.0.10.in-addr.arpa.]: 
  Zone name: 1.0.0.10.in-addr.arpa.
  Authoritative nameserver: vm-086.idm.lab.bos.redhat.com.
  Administrator e-mail address: hostmaster.1.0.0.10.in-addr.arpa.
  SOA serial: 1343655778
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant IDM.LAB.BOS.REDHAT.COM krb5-subdomain 1.0.0.10.in-addr.arpa. PTR;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;

# ipa dnsrecord-add 1.0.0.10.in-addr.arpa. @ --ptr-rec=`hostname`.
  Record name: @
  NS record: vm-086.idm.lab.bos.redhat.com.
  PTR record: vm-086.idm.lab.bos.redhat.com.

# host 10.0.0.2
2.0.0.10.in-addr.arpa domain name pointer vm-086.idm.lab.bos.redhat.com.


We may just want to fix the default IP network mask size assignment from current fixed size (32b for IPv4, 128b for IPv6) to the one based on IP address class (8b for 10.* networks) as in other IP-network-related code. I will open a ticket.
Comment 4 Martin Kosek 2012-07-30 13:58:58 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2952
Comment 8 Martin Kosek 2015-01-16 15:00:54 UTC 
See Comment 3. The suggest improvement was already done in current FreeIPA/IdM (tested on 4.1):

# ipa dnszone-add --name-from-ip=10.0.0.1
Zone name [0.0.10.in-addr.arpa.]: ^C

It now uses a better suited default and does not use the full 32b network mask. Closing the bug.