Hide Forgot
Description of problem: Running `ipa-server-install --forwarder=<host>` creates an entry in /etc/named.conf and a working configuration, however it does not place that entry in 389 Directory, making therefore inaccessible by the IdM Web UI and the `ipa dnsconfig-show` command. Version-Release number of selected component (if applicable): IdM 4.2.0 on RHEL 7.2 How reproducible: Tested once Steps to Reproduce: 1. Set up an IdM Sever and specify DNS forwarder. # ipa-server-install --forwarder=<host> 2. Validate the forwarder host is present in /etc/named.conf [GOOD] 3. Validate name resolution requiring forwarder using dig [GOOD] Note: pcap confirms resolution is using forwarders 4) Probe 389 Directory for forwarder entries [BROKEN] # ipa dnsconfig-show EXPECTED: display forwarder host address 5) Probe WebUI for forwarder entries [BROKEN] Network Services > DNS > DNS Global Configuration EXPECTED: display forwarder host address Actual results: no forwarder host address displayed Expected results: display forwarder host address Additional info: We configured IPA server to use 2 DNS forwarders.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5732
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5997
With fix implemented in scope of upstream ticket 5732 (comment 2), new installations with IPA 4.4 will have the forwarders which were specified in ipa-server-install visible in Web UI and CLI. In existing installations the values won't be migrated on upgrade and thus they will be still only in named.conf. It will be possible to migrated them to ldap manually. Automatic migration is tracked in upstream ticket 5997. But implementation of this ticket is not planned for any upcoming IPA release yet.
Moving to modified given that core is done. More details in comment 4.
Please note that forwarders configured in installation are only for the local DNS server. So Forwarders will not show in global DNS config (dnsconfig-show). To determine per server forwarders, please use dnsserver-show and counterpart in webUI in servers section. To verify steps 4) and 5), please use dnsserver-show <ipaDNSserver>
IPA-server version: ipa-server-4.4.0-12.el7.x86_64 Verified the bug on the basis of following steps: FRESH-Setup -------------- 1. Verified that ipa-server can be setup with forwarders . 2. Verified that forwarder information is correctly displayed on running following command: # ipa dnsserver-show `hostname` Server name: auto.testrelm.test SOA mname override: auto.testrelm.test. Forwarders: 10.x.x.x Forward policy: only # ipa dnsserver-find `hostname` -------------------- 1 DNS server matched -------------------- Server name: auto.testrelm.test SOA mname override: auto.testrelm.test. Forwarders: 10.x.x.x Forward policy: only ---------------------------- Number of entries returned 1 ---------------------------- 3. Also verified that the DNS forwarder details are available at server UI at path: "Network Services > DNS > DNS Servers > "Server name" > Forwarders:" Upgrade: ----------- 4. Also noticed that the above observations does not work in case of upgrade, thus logged a separate bug "Bz1377392" for it. Thus on the basis of above observations marking status of bug to "VERIFIED".
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html