Description of problem: The new dispatcher script adds functionality that checks if forward zones configured in unbound are validated or not. This requires a patch for unbound that is accepted upstream, but not yet in Fedora and in the latest stable version of unbound. The new script should be backwards compatible and don't rely on the functionality. The new script ends with traceback: # python3 /usr/libexec/dnssec-trigger-script --update Global forwarders: 192.168.1.1 2001:4de8:fa4d::1 Traceback (most recent call last): File "/usr/libexec/dnssec-trigger-script", line 435, in <module> Application(sys.argv).run() File "/usr/libexec/dnssec-trigger-script", line 349, in run self.method() File "/usr/libexec/dnssec-trigger-script", line 383, in run_update self.run_update_connection_zones() File "/usr/libexec/dnssec-trigger-script", line 403, in run_update_connection_zones unbound_zones = UnboundZoneConfig() File "/usr/libexec/dnssec-trigger-script", line 193, in __init__ if fields[0] == '+i': IndexError: list index out of range As a result the script does not adds forward zones for connection provided zones! Version-Release number of selected component (if applicable): dnssec-trigger-0.12-1.fc20.x86_64 How reproducible: Always
(In reply to Tomas Hozza from comment #0) > Description of problem: > The new dispatcher script adds functionality that checks if forward zones > configured in unbound are validated or not. This requires a patch for unbound > that is accepted upstream, but not yet in Fedora and in the latest stable > version of unbound. > > The new script should be backwards compatible and don't rely on the > functionality. The new script ends with traceback: > > # python3 /usr/libexec/dnssec-trigger-script --update > Global forwarders: 192.168.1.1 2001:4de8:fa4d::1 > Traceback (most recent call last): > File "/usr/libexec/dnssec-trigger-script", line 435, in <module> > Application(sys.argv).run() > File "/usr/libexec/dnssec-trigger-script", line 349, in run > self.method() > File "/usr/libexec/dnssec-trigger-script", line 383, in run_update > self.run_update_connection_zones() > File "/usr/libexec/dnssec-trigger-script", line 403, in > run_update_connection_zones > unbound_zones = UnboundZoneConfig() > File "/usr/libexec/dnssec-trigger-script", line 193, in __init__ > if fields[0] == '+i': > IndexError: list index out of range > > As a result the script does not adds forward zones for connection provided > zones! I would guess the bug itself refers to forward zone removal rather than addition. I will look at it but if you could provide output of '... --debug ---update', that might help a bit.
(In reply to Pavel Šimerda (pavlix) from comment #1) > (In reply to Tomas Hozza from comment #0) > > Description of problem: > > The new dispatcher script adds functionality that checks if forward zones > > configured in unbound are validated or not. This requires a patch for unbound > > that is accepted upstream, but not yet in Fedora and in the latest stable > > version of unbound. > > > > The new script should be backwards compatible and don't rely on the > > functionality. The new script ends with traceback: > > > > # python3 /usr/libexec/dnssec-trigger-script --update > > Global forwarders: 192.168.1.1 2001:4de8:fa4d::1 > > Traceback (most recent call last): > > File "/usr/libexec/dnssec-trigger-script", line 435, in <module> > > Application(sys.argv).run() > > File "/usr/libexec/dnssec-trigger-script", line 349, in run > > self.method() > > File "/usr/libexec/dnssec-trigger-script", line 383, in run_update > > self.run_update_connection_zones() > > File "/usr/libexec/dnssec-trigger-script", line 403, in > > run_update_connection_zones > > unbound_zones = UnboundZoneConfig() > > File "/usr/libexec/dnssec-trigger-script", line 193, in __init__ > > if fields[0] == '+i': > > IndexError: list index out of range > > > > As a result the script does not adds forward zones for connection provided > > zones! > > I would guess the bug itself refers to forward zone removal rather than > addition. I will look at it but if you could provide output of '... --debug > ---update', that might help a bit. Sorry, I'm not able to do so. After dnssec-trigger not working I downgraded to the latest stable version. Now I'm not able to reproduce the issue.
Created attachment 901864 [details] a fix It has been sent upstream as well.
Fixed in rawhide, we'll issue an update for F20 when ready.
dnssec-trigger-0.12-12.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/dnssec-trigger-0.12-12.fc20
Package dnssec-trigger-0.12-12.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing dnssec-trigger-0.12-12.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-7942/dnssec-trigger-0.12-12.fc20 then log in and leave karma (feedback).
dnssec-trigger-0.12-13.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/dnssec-trigger-0.12-13.fc20
dnssec-trigger-0.12-13.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.