Bug 1314837 - Web interface not showing ipa forwarders
Summary: Web interface not showing ipa forwarders
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.2
Hardware: x86_64
OS: Linux
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
Depends On:
TreeView+ depends on / blocked
Reported: 2016-03-04 16:22 UTC by David Bensimon
Modified: 2016-11-04 05:51 UTC (History)
5 users (show)

Fixed In Version: ipa-4.4.0-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2016-11-04 05:51:45 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description David Bensimon 2016-03-04 16:22:28 UTC
Description of problem: Running `ipa-server-install --forwarder=<host>` creates an entry in /etc/named.conf and a working configuration, however it does not place that entry in 389 Directory, making therefore inaccessible by the IdM Web UI and the `ipa dnsconfig-show` command. 

Version-Release number of selected component (if applicable):
IdM 4.2.0 on RHEL 7.2

How reproducible:
Tested once

Steps to Reproduce:
1. Set up an IdM Sever and specify DNS forwarder.
# ipa-server-install --forwarder=<host>

2. Validate the forwarder host is present in /etc/named.conf [GOOD]

3. Validate name resolution requiring forwarder using dig [GOOD]
Note: pcap confirms resolution is using forwarders

4) Probe 389 Directory for forwarder entries [BROKEN]
# ipa dnsconfig-show
EXPECTED: display forwarder host address

5) Probe WebUI for forwarder entries [BROKEN]
Network Services > DNS > DNS Global Configuration
EXPECTED: display forwarder host address

Actual results:
no forwarder host address displayed

Expected results:
display forwarder host address

Additional info:
We configured IPA server to use 2 DNS forwarders.

Comment 2 Petr Vobornik 2016-03-11 13:03:48 UTC
Upstream ticket:

Comment 3 Petr Vobornik 2016-06-29 10:58:29 UTC
Upstream ticket:

Comment 4 Petr Vobornik 2016-06-29 11:03:29 UTC
With fix implemented in scope of upstream ticket 5732 (comment 2), new installations with IPA 4.4 will have the forwarders which were specified in ipa-server-install visible in Web UI and CLI.

In existing installations the values won't be migrated on upgrade and thus they will be still only in named.conf. It will be possible to migrated them to ldap manually.

Automatic migration is tracked in upstream ticket 5997. But implementation of this ticket is not planned for any upcoming IPA release yet.

Comment 5 Petr Vobornik 2016-07-13 14:34:38 UTC
Moving to modified given that core is done. More details in comment 4.

Comment 7 Martin Bašti 2016-09-19 10:59:05 UTC
Please note that forwarders configured in installation are only for the local DNS server. So Forwarders will not show in global DNS config (dnsconfig-show).

To determine per server forwarders, please use dnsserver-show and counterpart in webUI in servers section.

To verify steps 4) and 5), please use dnsserver-show <ipaDNSserver>

Comment 8 Nikhil Dehadrai 2016-09-19 14:52:54 UTC
IPA-server version: ipa-server-4.4.0-12.el7.x86_64

Verified the bug on the basis of following steps:
1. Verified that ipa-server can be setup with forwarders .
2. Verified that forwarder information is correctly displayed on running following command:
# ipa dnsserver-show `hostname`
  Server name: auto.testrelm.test
  SOA mname override: auto.testrelm.test.
  Forwarders: 10.x.x.x
  Forward policy: only
# ipa dnsserver-find `hostname`
1 DNS server matched
  Server name: auto.testrelm.test
  SOA mname override: auto.testrelm.test.
  Forwarders: 10.x.x.x
  Forward policy: only
Number of entries returned 1

3. Also verified that the DNS forwarder details are available at server UI at path:
"Network Services > DNS > DNS Servers > "Server name" > Forwarders:"

4. Also noticed that the above observations does not work in case of upgrade, thus logged a separate bug "Bz1377392" for it.

Thus on the basis of above observations marking status of bug to "VERIFIED".

Comment 11 errata-xmlrpc 2016-11-04 05:51:45 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.