Bug 962815
Summary: | Serving reverse zones for private ranges requires manual change in named.conf | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Dmitri Pal <dpal> |
Component: | bind-dyndb-ldap | Assignee: | Petr Spacek <pspacek> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Namita Soman <nsoman> |
Severity: | unspecified | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | CC: | pspacek, xdong |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | bind-dyndb-ldap-3.5-1.el7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-13 11:25:15 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dmitri Pal
2013-05-14 13:36:01 UTC
Please provide steps to verify...thanks! I updated the upsteam ticket: Steps to reproduce: * Add e.g. reverse zone 8.b.d.0.1.0.0.2.ip6.arpa. to IPA DNS * Add arbitrary record to the reverse zone * Try to dig the record or read logs from named: Zone is not loaded and records are not available to clients, because default empty zones are loaded before zones from IPA DNS Upstream ticket was closed I added the example reverse zone but seems it's loaded [root@70master pki]# rpm -q bind bind-dyndb-ldap bind-9.9.4-9.el7.x86_64 bind-dyndb-ldap-3.5-2.el7.x86_64 [root@70master ~]# testReverseZone=8.B.D.0.1.0.0.2.IP6.ARPA. [root@70master ~]# ipa dnszone-add $testReverseZone --admin-email=hostmaster.$testReverseZone --name-server=70master.testrelm.com. Zone name: 8.b.d.0.1.0.0.2.ip6.arpa. Authoritative nameserver: 70master.testrelm.com. Administrator e-mail address: hostmaster.8.B.D.0.1.0.0.2.IP6.ARPA. SOA serial: 1392819531 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-subdomain 8.b.d.0.1.0.0.2.ip6.arpa. PTR; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; [root@70master ~]# cat /var/log/messages|tail -2 Feb 19 09:18:46 70master avahi-daemon[588]: Registering new address record for fe80::5054:ff:fe22:47c5 on eth0.*. Feb 19 09:18:51 70master named[30360]: zone 8.b.d.0.1.0.0.2.ip6.arpa/IN: loaded serial 1392819531 Please see "Fixed In Version" field in this bug. it's saying fixed in bind-dyndb-ldap-3.5-1.el7 while my machine has bind-dyndb-ldap-3.5-2.el7.x86_64 It means that version you use contains a fix already, so you can't see the problem. Verified on: [root@70master pki]# rpm -q bind bind-dyndb-ldap bind-9.9.4-9.el7.x86_64 bind-dyndb-ldap-3.5-2.el7.x86_64 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz962815 - Serving reverse zones for private ranges requires manual change in named.conf :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 12:16:02 ] :: execute expect file: /tmp/kinit.861.exp set timeout 30 set force_conservative 0 set send_slow {1 .001} spawn /usr/bin/kinit -V admin expect Password for * send -s -- Secret123\r expect eof spawn /usr/bin/kinit -V admin SeUsing existing cache: persistent:0:0 Using principal: admin cretPassword for admin: Authenticated to Kerberos v5 Default principal: admin :: [ 12:16:02 ] :: Success: kinit as [admin] with password [Secret123] was successful. :: [ PASS ] :: Kinit as admin user (Expected 0, got 0) Zone name: 8.b.d.0.1.0.0.2.ip6.arpa Authoritative nameserver: 70master.testrelm.com. Administrator e-mail address: hostmaster.8.b.d.0.1.0.0.2.ip6.arpa. SOA serial: 1392830164 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-subdomain 8.b.d.0.1.0.0.2.ip6.arpa PTR; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; :: [ PASS ] :: Add test reverse zone (Expected 0, got 0) Feb 19 12:16:03 70master named[30360]: zone 8.b.d.0.1.0.0.2.ip6.arpa/IN: loaded serial 1392830163 :: [ PASS ] :: Make sure this zone in the automatic empty zones is loaded after added to IPA DNS (Expected 0, got 0) Unfortunatelly, you didn't follow all the steps to reproduce: (In reply to Petr Spacek from comment #2) > I updated the upsteam ticket: > > Steps to reproduce: > * Add e.g. reverse zone 8.b.d.0.1.0.0.2.ip6.arpa. to IPA DNS > * Add arbitrary record to the reverse zone > * Try to dig the record or read logs from named: Zone is not loaded and > records are not available to clients, because default empty zones are loaded > before zones from IPA DNS Please do second and third step and make sure that added zone really works. Second and third step added: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz962815 - Serving reverse zones for private ranges requires manual change in named.conf :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 15:02:32 ] :: execute expect file: /tmp/kinit.18068.exp set timeout 30 set force_conservative 0 set send_slow {1 .001} spawn /usr/bin/kinit -V admin expect Password for * send -s -- Secret123\r expect eof spawn /usr/bin/kinit -V admin SUsing existing cache: persistent:0:0 Using principal: admin ecrePassword for admin: Authenticated to Kerberos v5 Default principal: admin :: [ 15:02:33 ] :: Success: kinit as [admin] with password [Secret123] was successful. :: [ PASS ] :: Kinit as admin user (Expected 0, got 0) Zone name: 8.b.d.0.1.0.0.2.ip6.arpa Authoritative nameserver: 70master.testrelm.com. Administrator e-mail address: hostmaster.8.b.d.0.1.0.0.2.ip6.arpa. SOA serial: 1392840155 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-subdomain 8.b.d.0.1.0.0.2.ip6.arpa PTR; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; :: [ PASS ] :: Add test reverse zone (Expected 0, got 0) Record name: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR record: test.example.com. :: [ PASS ] :: Adding arbitrary record to the reverse zone (Expected 0, got 0) 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa. 86400 IN PTR test.example.com. :: [ PASS ] :: verify that digging the IP addr has expected PTR record (Expected 0, got 0) Feb 19 15:02:34 70master named[26911]: zone 8.b.d.0.1.0.0.2.ip6.arpa/IN: loaded serial 1392840154 :: [ PASS ] :: Make sure this zone in the automatic empty zones is loaded after added to IPA DNS (Expected 0, got 0) ------------------------------------------- Deleted DNS zone "8.b.d.0.1.0.0.2.ip6.arpa" ------------------------------------------- :: [ PASS ] :: Delete test reverse zone (Expected 0, got 0) This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |