Bug 920663

Summary: Zone without idnsUpdatePolicy causes error message during each zone_refresh
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: bind-dyndb-ldapAssignee: Petr Spacek <pspacek>
Status: CLOSED CURRENTRELEASE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: chhudson, dpal, nsoman, pspacek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: bind-dyndb-ldap-3.5-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 908780 Environment:
Last Closed: 2014-06-13 13:09:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 908780    
Bug Blocks:    

Comment 1 Petr Spacek 2013-03-12 14:29:03 UTC 
+++ This bug was initially created as a clone of Bug #908780 +++

This bug is created as a clone of upstream ticket:
https://fedorahosted.org/bind-dyndb-ldap/ticket/79

Zone without `idnsUpdatePolicy` attribute causes following error message each `zone_refresh` seconds:

{{{
07-Jun-2012 17:15:56.140 zone zone.example/IN: zone serial (2012060301) unchanged. zone may fail to transfer to slaves.
}}}

LDIF with example zone is attached.


Workaround:

For each zone (e.g. "example.com") which spams the log execute:

    $ ipa dnszone-mode example.com --dynamic-update=FALSE
    $ ipa dnszone-mode example.com --update-policy='/**/'


This bug was fixed in upstrem release 2.4.
Comment 3 Namita Soman 2014-01-30 19:18:52 UTC 
Verified using ipa-server-3.3.3-8.el7.x86_64, bind-dyndb-ldap.x86_64 0:3.5-2.el7

Test automation results:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz908780 - Zone without idnsUpdatePolicy causes error message during each zone_refresh
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 15:39:09 ] ::  execute expect file: /tmp/kinit.30683.exp

set timeout 30
set force_conservative 0 
set send_slow {1 .001} 
spawn /usr/bin/kinit -V admin
expect Password for *
send -s -- Secret123\r
expect eof 
spawn /usr/bin/kinit -V admin
SUsing existing cache: persistent:0:0
Using principal: admin
ecrePassword for admin: 
Authenticated to Kerberos v5
Default principal: admin
:: [ 15:39:09 ] ::  Success: kinit as [admin] with password [Secret123] was successful.
:: [   PASS   ] :: Kinit as admin user (Expected 0, got 0)
  Zone name: bz908780zone
  Authoritative nameserver: nu1.testrelm.com.
  Administrator e-mail address: ipaqar.redhat.com.
  SOA serial: 1389213550
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;
:: [   PASS   ] :: Add test zone: bz908780Zone (Expected 0, got 0)
  Zone name: bz908780zone
  Authoritative nameserver: nu1.testrelm.com.
  Administrator e-mail address: ipaqar.redhat.com.
  SOA serial: 1389213552
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Allow query: any;
  Allow transfer: none;
:: [   PASS   ] :: Modify zone to not have  idnsUpdatePolicy attribute (Expected 0, got 0)
:: [   PASS   ] :: File '/etc/named.conf' should contain 'serial_autoincrement yes' 
:: [   PASS   ] :: File '/etc/named.conf' should not contain 'zone_refresh' 
:: [   PASS   ] :: File '/etc/named.conf' should not contain 'psearch' 
:: [ 15:39:11 ] ::  Initial /etc/named.conf
	arg "serial_autoincrement yes";
:: [ 15:39:11 ] ::  With no psearch, serial_autoincrement, and with zone_refresh at 5
	arg "zone_refresh 5";
 	arg "psearch no";
 	arg "serial_autoincrement no";
:: [   PASS   ] :: Running 'systemctl restart named' (Expected 0, got 0)
  Zone name: bz908780zone
  Authoritative nameserver: nu1.testrelm.com.
  Administrator e-mail address: abc.testrelm.com.
  SOA serial: 1389213552
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Allow query: any;
  Allow transfer: none;
:: [   PASS   ] :: Running ' ipa dnszone-mod --admin-email=abc bz908780Zone' (Expected 0, got 0)
:: [   PASS   ] :: File '/var/log/messages' should not contain 'unchanged. zone may fail to transfer to slaves.' 
:: [ 15:39:22 ] ::  Back to starting named.conf
 	arg "serial_autoincrement yes";
:: [   PASS   ] :: Running 'systemctl restart named' (Expected 0, got 0)
-------------------------------
Deleted DNS zone "bz908780zone"
-------------------------------
:: [   PASS   ] :: Delete zone added for this bz908780 verification (Expected 0, got 0)
'706c0db8-2b22-49b6-b7bb-da20678b81c4'
bz908780-Zone-without-idnsUpdatePolicy-causes-error-message-during-each-zone-refresh result: PASS
Comment 4 Ludek Smid 2014-06-13 13:09:22 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.