Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1060349 - IPA: Unable to add host when ipv6 address already exits
IPA: Unable to add host when ipv6 address already exits
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
7.0
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Martin Kosek
Namita Soman
:
Depends On:
Blocks: 1168850
  Show dependency treegraph
 
Reported: 2014-01-31 16:44 EST by Jenny Galipeau
Modified: 2015-03-05 05:10 EST (History)
6 users (show)

See Also:
Fixed In Version: ipa-4.0.3-1.el7
Doc Type: Known Issue
Doc Text:
The "ipa host-add" command does not verify the existence of AAAA records. As a consequence, "ipa host-add" fails if no A record is available for the host even if an AAAA record exists. To work around this problem, run "ipa host-add" with the "--force" option.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-05 05:10:24 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0442 normal SHIPPED_LIVE Moderate: ipa security, bug fix, and enhancement update 2015-03-05 09:50:39 EST

  None (edit)
Description Jenny Galipeau 2014-01-31 16:44:53 EST 
Description of problem:
If you add ipv6 address for a host and then try to add the host, it fails with an error message that the ipv4 address does not exist.
ipa: ERROR: Host does not have corresponding DNS A record


Automated Testing Results

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-089: Delete host without deleting DNS Record
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 15:40:40 ] ::  IPv6 address is 2620:52:0:1060:10:16ff:fe98:245
:: [ 15:40:40 ] ::  Reverse zone: 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
------------------------------------------
Deleted host "mytestipv6host.testrelm.com"
------------------------------------------
:: [ 15:40:42 ] ::  Host mytestIPv6host.testrelm.com deleted successfully.
:: [   PASS   ] :: Deleting host without deleting DNS entries (Expected 0, got 0)
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.GBFCZoR4wL/forward_dns_3.out' should contain 'AAAA record: 2620:52:0:1060:ffff:16ff:fe98:245' 
:: [ 15:40:44 ] ::  Final digit.
  Record name: 5.4.2.0.8.9.e.f.f.f.6.1.f.f.f.f
  PTR record: mytestipv6host.testrelm.com.
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-090: Add host without force option - DNS Record Exists
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 15:40:46 ] ::  IPv6 address is 2620:52:0:1060:10:16ff:fe98:245
:: [ 15:40:46 ] ::  Reverse zone: 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
:: [ 15:40:46 ] ::  EXECUTING: ipa host-add --ip-address=2620:52:0:1060:ffff:16ff:fe98:245 mytestIPv6host.testrelm.com
ipa: ERROR: Host does not have corresponding DNS A record
:: [   FAIL   ] :: Add host DNS entries exist (Expected 0, got 1)
---------------
0 hosts matched
---------------
----------------------------
Number of entries returned 0
----------------------------
:: [ 15:40:49 ] ::  WARNING: Failed to find host.
:: [   FAIL   ] :: Verifying host was added when DNS records exist. (Expected 0, got 1)
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.GBFCZoR4wL/forward_dns_4.out' should contain 'AAAA record: 2620:52:0:1060:ffff:16ff:fe98:245' 
:: [ 15:40:51 ] ::  Final digit.
  Record name: 5.4.2.0.8.9.e.f.f.f.6.1.f.f.f.f
  PTR record: mytestipv6host.testrelm.com.
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)
ipa: ERROR: mytestipv6host.testrelm.com: host not found
:: [ 15:40:54 ] ::  WARNING: Deleting host mytestIPv6host.testrelm.com failed.
:: [   FAIL   ] :: Deleting host without deleting DNS entries (Expected 0, got 2)
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.GBFCZoR4wL/forward_dns_41.out' should contain 'AAAA record: 2620:52:0:1060:ffff:16ff:fe98:245' 
:: [   PASS   ] :: Checking nslookup output (Expected 0, got 0)
:: [ 15:41:06 ] ::  nslookup_msg=name = mytestipv6host.testrelm.com
Server:		10.16.98.245
Address:	10.16.98.245#53

5.4.2.0.8.9.e.f.f.f.6.1.f.f.f.f.0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa	name = mytestipv6host.testrelm.com.

:: [   PASS   ] :: Running 'cat  /tmp/tmp.GBFCZoR4wL/nslookup_2_output.out' (Expected 0, got 0)
5.4.2.0.8.9.e.f.f.f.6.1.f.f.f.f.0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa	name = mytestipv6host.testrelm.com.
:: [   PASS   ] :: nslookup shows IPAddress exist 


Version-Release number of selected component (if applicable):
ipa-server-3.3.3-13.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. add ipv6 reverse zone
# ipa dnszone-add 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa. --admin-email=admin@example.com --name-server `hostname`.
  Zone name: 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
  Authoritative nameserver: ipaqa64vmj.testrelm.com.
  Administrator e-mail address: admin.example.com.
  SOA serial: 1391202431
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TESTRELM.COM krb5-subdomain 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa. PTR;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;

2. make sure the record exists

# ipa dnsrecord-find --name=mytestipv6host
Zone name: testrelm.com    
  Record name: mytestipv6host
  AAAA record: 2620:52:0:1060:ffff:16ff:fe98:245
----------------------------
Number of entries returned 1

# ipa dnsrecord-find
Zone name: 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
  Record name: 5.4.2.0.8.9.e.f.f.f.6.1.f.f.f.f
  PTR record: mytestipv6host.testrelm.com.

  Record name: @
  NS record: ipaqa64vmj.testrelm.com.
----------------------------
Number of entries returned 2
----------------------------

Make sure the host does not exist

# ipa host-find mytestipv6host.testrelm.com
---------------
0 hosts matched
---------------
----------------------------
Number of entries returned 0

3. Try to add the host

]# ipa host-add mytestipv6host.testrelm.com
ipa: ERROR: Host does not have corresponding DNS A record

]# ipa host-add --ip-address=2620:52:0:1060:ffff:16ff:fe98:245 mytestIPv6host.testrelm.com
ipa: ERROR: IP address 2620:52:0:1060:ffff:16ff:fe98:245 is already assigned in domain testrelm.com.

Only one host exists ..

# ipa host-find
--------------
1 host matched
--------------
  Host name: ipaqa64vmj.testrelm.com
  Principal name: host/ipaqa64vmj.testrelm.com@TESTRELM.COM
  Password: False
  Keytab: True
  Managed by: ipaqa64vmj.testrelm.com
  SSH public key fingerprint: 5F:66:46:2F:6A:86:D1:D4:94:9F:54:66:9D:3B:24:CF (ecdsa-sha2-nistp256), 22:8B:BF:E8:56:62:E3:E3:93:B7:36:3F:67:3D:0B:C9 (ssh-rsa)
----------------------------
Number of entries returned 1


Actual results:
Can not add host

Expected results:
Host add command recognizes that the dns record exist - should behave the same as when adding with ipv4 address already exist

Additional info:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-47 Delete host without deleting DNS Record
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Host myhost.testrelm.com deleted successfully.
:: [   PASS   ] :: Deleting host without deleting DNS entries (Expected 0, got 0)
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)
:: [   LOG    ] :: Duration: 2s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-host-cli-47 Delete host without deleting DNS Record

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-48 Add host without force option - DNS Record Exists
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: EXECUTING: ipa host-add myhost.testrelm.com
:: [   PASS   ] :: Add host DNS entries exist (Expected 0, got 0)
:: [   LOG    ] :: Host name is as expected.
:: [   LOG    ] :: Principal name is as expected.
:: [   PASS   ] :: Verifying host was added when DNS records exist. (Expected 0, got 0)
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)
:: [   LOG    ] :: Duration: 5s
:: [   LOG    ] :: Assertions: 4 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-host-cli-48 Add host without force option - DNS Record Exists
Comment 1 Rob Crittenden 2014-01-31 17:22:59 EST 
Well, I guess from one perspective the error is very clear: there is no A record, just an AAAA record. So I guess the question is, should we extend this test to look for both A and AAAA recoreds? Is that what you're proposing?
Comment 2 Dmitri Pal 2014-02-01 14:22:34 EST 
(In reply to Rob Crittenden from comment #1)
> Well, I guess from one perspective the error is very clear: there is no A
> record, just an AAAA record. So I guess the question is, should we extend
> this test to look for both A and AAAA records? Is that what you're
> proposing?

If I read it right the command fails if the AAAA for the same host is created manually in advance. IMO the logic would be 
a) To check both A and AAAA records when the host is added without specific address. In this case the first attempt to add the host would see that there is already an entry and if the entry with the same name it should proceed. If the entry is with a different name it should fail as now.
Comment 3 Martin Kosek 2014-02-06 04:26:01 EST 
I think we just want to change the check in host-add command to check both A and AAAA records, as Rob said (by doing DNS resolve query, not searching for records in IPA DNS).

Currently, host-add does not respect IPv6-only networks and fails with the described error as it only checks IPv4 address. When host has already IPv6 address defined, admin would always need to add hosts with --force flag to workaround it.

I will file an upstream ticket.
Comment 4 Martin Kosek 2014-02-06 04:26:21 EST 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4164
Comment 8 Namita Soman 2015-01-26 00:37:38 EST 
Verified automated test passed using ipa-server-4.1.0-15.el7.x86_64


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-089: Delete host without deleting DNS Record
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 00:31:47 ] :: IPv6 address is 2620:52:0:1007:221:5eff:fe86:834
:: [ 00:31:47 ] :: Reverse zone: 7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
:: [  BEGIN   ] :: Deleting host without deleting DNS entries :: actually running 'deleteHost mytestIPv6host.testrelm.test'
-------------------------------------------
Deleted host "mytestipv6host.testrelm.test"
-------------------------------------------
:: [ 00:31:49 ] :: Host mytestIPv6host.testrelm.test deleted successfully.
:: [   PASS   ] :: Deleting host without deleting DNS entries (Expected 0, got 0)
:: [  BEGIN   ] :: Checking for forward DNS entry :: actually running 'ipa dnsrecord-find testrelm.test mytestIPv6host > /tmp/tmp.lX7g8QbUBW/forward_dns_3.out'
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.lX7g8QbUBW/forward_dns_3.out' should contain 'AAAA record: 2620:52:0:1007:ffff:5eff:fe86:834' 
:: [ 00:31:50 ] :: Final digit.
:: [  BEGIN   ] :: Checking for reverse DNS entry :: actually running 'ipa dnsrecord-find 7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa. 4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f'
  Record name: 4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f
  PTR record: mytestipv6host.testrelm.test.
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-090: Add host without force option - DNS Record Exists bz1060349
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 00:31:52 ] :: IPv6 address is 2620:52:0:1007:221:5eff:fe86:834
:: [ 00:31:53 ] :: Reverse zone: 7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
:: [ 00:31:53 ] :: EXECUTING: ipa host-add --ip-address=2620:52:0:1007:ffff:5eff:fe86:834 mytestIPv6host.testrelm.test
:: [  BEGIN   ] :: Add host DNS entries exist :: actually running 'ipa host-add mytestIPv6host.testrelm.test'
-----------------------------------------
Added host "mytestipv6host.testrelm.test"
-----------------------------------------
  Host name: mytestipv6host.testrelm.test
  Principal name: host/mytestipv6host.testrelm.test@TESTRELM.TEST
  Password: False
  Keytab: False
  Managed by: mytestipv6host.testrelm.test
:: [   PASS   ] :: Add host DNS entries exist (Expected 0, got 0)
:: [  BEGIN   ] :: Verifying host was added when DNS records exist. :: actually running 'findHost mytestIPv6host.testrelm.test'
--------------
1 host matched
--------------
  Host name: mytestipv6host.testrelm.test
  Principal name: host/mytestipv6host.testrelm.test@TESTRELM.TEST
  Password: False
  Keytab: False
  Managed by: mytestipv6host.testrelm.test
----------------------------
Number of entries returned 1
----------------------------
-------------- 1 host matched -------------- Host name: mytestipv6host.testrelm.test Principal name: host/mytestipv6host.testrelm.test@TESTRELM.TEST Password: False Keytab: False Managed by: mytestipv6host.testrelm.test ---------------------------- Number of entries returned 1 ----------------------------
:: [ 00:31:57 ] :: Host name is as expected.
-------------- 1 host matched -------------- Host name: mytestipv6host.testrelm.test Principal name: host/mytestipv6host.testrelm.test@TESTRELM.TEST Password: False Keytab: False Managed by: mytestipv6host.testrelm.test ---------------------------- Number of entries returned 1 ----------------------------
:: [ 00:31:57 ] :: Principal name is as expected.
:: [   PASS   ] :: Verifying host was added when DNS records exist. (Expected 0, got 0)
:: [  BEGIN   ] :: Checking for forward DNS entry :: actually running 'ipa dnsrecord-find testrelm.test mytestIPv6host > /tmp/tmp.lX7g8QbUBW/forward_dns_4.out'
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.lX7g8QbUBW/forward_dns_4.out' should contain 'AAAA record: 2620:52:0:1007:ffff:5eff:fe86:834' 
:: [ 00:31:59 ] :: Final digit.
:: [  BEGIN   ] :: Checking for reverse DNS entry :: actually running 'ipa dnsrecord-find 7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa. 4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f'
  Record name: 4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f
  PTR record: mytestipv6host.testrelm.test.
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)
:: [  BEGIN   ] :: Deleting host without deleting DNS entries :: actually running 'deleteHost mytestIPv6host.testrelm.test'
-------------------------------------------
Deleted host "mytestipv6host.testrelm.test"
-------------------------------------------
:: [ 00:32:01 ] :: Host mytestIPv6host.testrelm.test deleted successfully.
:: [   PASS   ] :: Deleting host without deleting DNS entries (Expected 0, got 0)
:: [  BEGIN   ] :: Checking for forward DNS entry :: actually running 'ipa dnsrecord-find testrelm.test mytestIPv6host > /tmp/tmp.lX7g8QbUBW/forward_dns_41.out'
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.lX7g8QbUBW/forward_dns_41.out' should contain 'AAAA record: 2620:52:0:1007:ffff:5eff:fe86:834' 
:: [  BEGIN   ] :: Checking nslookup output :: actually running 'nslookup 2620:52:0:1007:ffff:5eff:fe86:834  > /tmp/tmp.lX7g8QbUBW/nslookup_2_output.out'
:: [   PASS   ] :: Checking nslookup output (Expected 0, got 0)
:: [ 00:32:13 ] :: nslookup_msg=name = mytestipv6host.testrelm.test
:: [  BEGIN   ] :: Running 'cat  /tmp/tmp.lX7g8QbUBW/nslookup_2_output.out'
Server:		127.0.0.1
Address:	127.0.0.1#53

4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f.7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa	name = mytestipv6host.testrelm.test.

:: [   PASS   ] :: Command 'cat  /tmp/tmp.lX7g8QbUBW/nslookup_2_output.out' (Expected 0, got 0)
4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f.7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa	name = mytestipv6host.testrelm.test.
:: [   PASS   ] :: nslookup shows IPAddress exist
Comment 10 errata-xmlrpc 2015-03-05 05:10:24 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.