Bug 1412760 - Issue when adding dns entry on main map and reverse (DNS reverse zone <rev zone>. for IP address <ip addr> is not managed by this server)
Summary: Issue when adding dns entry on main map and reverse (DNS reverse zone <rev zo...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Kaleem
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-12 17:38 UTC by Waldirio M Pinheiro
Modified: 2020-02-14 18:27 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-01-20 17:35:49 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Waldirio M Pinheiro 2017-01-12 17:38:38 UTC
Description of problem:
IDM installed and running, when adding a new dns entry and check the option *Create reverse* we receive the message according above
"The host was added but the DNS update failed with: DNS reverse zone 192.in-addr.arpa. for IP address 192.168.59.141 is not managed by this server"

Version-Release number of selected component (if applicable):
4.4.0

How reproducible:


Steps to Reproduce:
1. Login on IDM
2. Network Service - DNS - DNS Zones - <click over your zone> - <+ Add>
3. Create one new entry *A type* and check the option *Create reverse*

Actual results:
"The host was added but the DNS update failed with: DNS reverse zone 192.in-addr.arpa. for IP address 192.168.59.141 is not managed by this server"

Expected results:
Create the correct entry on both maps.

Additional info:

Comment 2 Martin Bašti 2017-01-12 18:21:19 UTC
Hello

Please provide:

* journalctl named-pkcs11
* dig @IPADNS -x 192.168.59.141
* dig @IPADNS <your-reverse-zone>.in-addr.arpa. SOA


The error during from host removal is caused by the same DNS issue as the adding, because zone is determined from DNS

Comment 7 Petr Vobornik 2017-01-16 11:15:34 UTC
Waldirio, 

do I understand it correctly, that it was purely configuration issue - the principal(in this case host) did not have rights to read and edit related DNS zone.  

It was solved by adding assigning the principal into a role with "System: Read DNS Entries" permission. Which allows the principal to read all IPA DNS entries.

Btw, if you would let the princiapl to read only some DNS zones, then you add a permission only for that zone using command:
 `ipa dnszone-add-permission`


In other words nothing to fix and we can close this bug as "NOT A BUG"?

Or is there something to fix. E.g. on RH Satellite side?


Note You need to log in before you can comment on or make changes to this bug.