Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1175384

Summary: DNS zones are not migrated into forward zones if 4.0+ replica is added
Product: Red Hat Enterprise Linux 7 Reporter: Martin Bašti <mbasti>
Component: ipaAssignee: IPA Maintainers <ipa-maint>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.1CC: mbasti, mkosek, rcritten, spoore
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: ipa-4.1.0-14.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 10:19:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1114013    

Description Martin Bašti 2014-12-17 15:52:14 UTC 
Trac: https://fedorahosted.org/freeipa/ticket/4818

Special IPA 3.x zones are migrated into forward zones, only once (if idnsforwardzone), during first replica upgrade.

If new replica with version 4.0+ is added, upgrade will not happen, due false positive detection if migration is required.


Steps to Reproduce:
1. master(ipa 3.x)# ipa-server-install --setup-dns
2. master# ipa dnszone-add testzone --forwarder=192.0.2.1
3. master# ipa-replica-prepare ipa-replica
4. replica (ipa 4.x)# ipa-replica-install

Actual results:
'testzone' is still master zone

Expected result:
'testzone' is forward zone (was migrated)
Comment 2 Martin Kosek 2015-01-09 13:28:53 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/bb405bd9721de205cbc3f640ad2c758acf8ed8d4
https://fedorahosted.org/freeipa/changeset/af6aece39b4804b9974098d5688a969d053548bc
ipa-4-1:
https://fedorahosted.org/freeipa/changeset/11740bcd187ad698877d2e836d80ef87f24965a1
https://fedorahosted.org/freeipa/changeset/39a4f683fc441165c3154481f1a6b174ff3b8271
ipa-4-0:
https://fedorahosted.org/freeipa/changeset/c2932f9714c1496a3b4998f6dc7490c8a0d6c0ab
https://fedorahosted.org/freeipa/changeset/7c70bac3afe663d11ce274759571db6d96f8eb14
Comment 4 Scott Poore 2015-01-20 01:17:19 UTC 
Could this one be affected by bug 1176995?  Or more precisely by bug 1183655?

I tried following the steps to reproduce but, I'm hitting bug 1176995 where I can't see host/dns data on the master.  If I check on the replica though, I still see it as a regular zone and not a forward zone:

[root@rhel7-1 ~]# rpm -q ipa-server
ipa-server-3.3.3-28.el7.x86_64

[root@rhel7-2 ~]# rpm -q ipa-server
ipa-server-4.1.0-10.el7.x86_64

[root@rhel7-2 ~]#  ipa dnszone-show testzone
ipa: WARNING: DNS forwarder semantics changed since IPA 4.0.
You may want to use forward zones (dnsforwardzone-*) instead.
For more details read the docs.
  Zone name: testzone
  Active zone: TRUE
  Zone forwarders: 192.0.2.1
  Authoritative nameserver: rhel7-1.example.com
  Administrator e-mail address: hostmaster.testzone.
  SOA serial: 1421716043
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Allow query: any;
  Allow transfer: none;

[root@rhel7-2 ~]# ipa dnsforwardzone-find
----------------------------
Number of entries returned 0
----------------------------

So, is this a failure or is this bug dependent on bug 1176995 or bug 1183655?
Comment 5 Martin Bašti 2015-01-20 09:07:29 UTC 
Hi Scott, IMO it is you tested it with old IPA build.

Fixed In Version: ipa-4.1.0-14.el7

[root@rhel7-2 ~]# rpm -q ipa-server
ipa-server-4.1.0-10.el7.x86_64

HTH
Comment 6 Scott Poore 2015-01-20 13:10:16 UTC 
I misread the version there.  Let me recheck this one.

Thanks
Comment 7 Scott Poore 2015-01-20 13:48:59 UTC 
Verified.

Version ::

ipa-server-4.1.0-15.el7.x86_64

Results ::

on MASTER before replica install:

[root@rhel7-1 ~]# ipa dnszone-add testzone --forwarder=192.0.2.1
Authoritative nameserver: rhel7-1.example.com 
Administrator e-mail address [hostmaster.testzone.]: 
Nameserver IP address: 192.168.122.71
  Zone name: testzone
  Authoritative nameserver: rhel7-1.example.com
  Administrator e-mail address: hostmaster.testzone.
  SOA serial: 1421760369
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant EXAMPLE.COM krb5-self * A; grant EXAMPLE.COM krb5-self * AAAA; grant
                      EXAMPLE.COM krb5-self * SSHFP;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;
  Zone forwarders: 192.0.2.1
[root@rhel7-1 ~]# ipa dnszone-find
  Zone name: 122.168.192.in-addr.arpa.
  Authoritative nameserver: rhel7-1.example.com.
  Administrator e-mail address: hostmaster.example.com.
  SOA serial: 1421760274
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Allow query: any;
  Allow transfer: none;

  Zone name: example.com
  Authoritative nameserver: rhel7-1.example.com.
  Administrator e-mail address: hostmaster.example.com.
  SOA serial: 1421760280
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Allow query: any;
  Allow transfer: none;

  Zone name: testzone
  Authoritative nameserver: rhel7-1.example.com
  Administrator e-mail address: hostmaster.testzone.
  SOA serial: 1421760369
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Allow query: any;
  Allow transfer: none;
  Zone forwarders: 192.0.2.1
----------------------------
Number of entries returned 3
----------------------------


on REPLICA:

[root@rhel7-2 ~]# ipa dnszone-show testzone
ipa: ERROR: testzone.: DNS zone not found
[root@rhel7-2 ~]# ipa dnsforwardzone-show testzone
  Zone name: testzone.
  Active zone: TRUE
  Zone forwarders: 192.0.2.1
  Forward policy: first
[root@rhel7-2 ~]# ipa dnszone-find
  Zone name: example.com
  Active zone: TRUE
  Authoritative nameserver: rhel7-1.example.com.
  Administrator e-mail address: hostmaster.example.com.
  SOA serial: 1421761252
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Allow query: any;
  Allow transfer: none;

  Zone name: 122.168.192.in-addr.arpa.
  Active zone: TRUE
  Authoritative nameserver: rhel7-1.example.com.
  Administrator e-mail address: hostmaster.example.com.
  SOA serial: 1421761241
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Allow query: any;
  Allow transfer: none;
----------------------------
Number of entries returned 2
----------------------------

So, I am now seeing it as a new forward zone.
Comment 9 errata-xmlrpc 2015-03-05 10:19:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html