| Summary: | Zone without idnsUpdatePolicy causes error message during each zone_refresh | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Petr Spacek <pspacek> | |
| Component: | bind-dyndb-ldap | Assignee: | Petr Spacek <pspacek> | |
| Status: | CLOSED ERRATA | QA Contact: | Namita Soman <nsoman> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 6.3 | CC: | chhudson, dpal, pspacek | |
| Target Milestone: | rc | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: |
Cause:
The bind-dyndb-ldap plug-in didn't handle DNS zones without 'idnsUpdatePolicy' attribute properly.
Consequence:
Harmless, but misleading error message "zone serial (<zone serial>) unchanged. zone may fail to transfer to slaves." was logged after each zone reload or potentially after each change in the affected DNS zone.
Fix:
The bind-dyndb-ldap plug-in was fixed to not print any error message if 'idnsUpdatePolicy' attribute is not defined in the DNS zone.
Result:
DNS zones without 'idnsUpdatePolicy' attribute are processed correctly and no error message is logged.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 920663 (view as bug list) | Environment: | ||
| Last Closed: | 2013-11-21 12:10:27 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 960054, 883504, 920663 | |||
|
Description
Petr Spacek
2013-02-07 14:00:41 UTC
Clearer workaround:
For each zone (e.g. "example.com") which spams the log execute:
$ ipa dnszone-mode example.com --dynamic-update=FALSE
$ ipa dnszone-mode example.com --update-policy='/**/'
This bug was fixed in upstrem release 2.4.
Verified using bind-dyndb-ldap-2.3-5.el6.i686, ipa-server-3.0.0-37.el6.i686 1> Added a new zone: # ipa dnszone-add Authoritative nameserver: ipaqa64vmj.testrelm.com. Zone name: example Administrator e-mail address [hostmaster.example.]: Zone name: example Authoritative nameserver: <$serverhostname>. Administrator e-mail address: hostmaster.example. SOA serial: 1381865595 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; 2> Made sure this zone does not have the `idnsUpdatePolicy` attribute # ipa dnszone-mod example --update-policy="" Zone name: example Authoritative nameserver: <$serverhostname>. Administrator e-mail address: hostmaster.example. SOA serial: 1381865667 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; 3> Updated /etc/named.conf to have: arg "zone_refresh 5"; arg "psearch no"; arg "serial_autoincrement no"; Then: # service named restart # tail -f /var/log/messages Nothing logged 4> Also tried with /etc/named as: arg "zone_refresh 5"; arg "psearch yes"; arg "serial_autoincrement yes"; Then: # service named restart # ipa dnszone-mod --admin-email=nk@testrelm.com example where example is the zone without idnsUpdatePolicy # tail -f /var/log/messages No error logged Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-1636.html |