Hide Forgot
Description of problem: dnsrecord-add allows you to create ptr records in @ zones. Version-Release number of selected component (if applicable): ipa-server-2.0-0.2011011418gita68b2d2.fc14.x86_64 How reproducible: always Steps to Reproduce: 1. Create zone: ipa dnszone-add 4.4.4.in-addr.arpa 2. create a bad record: ipa dnsrecord-add 4.4.4.in-addr.arpa @ --ptr-rec=domain.awesome.times.now. Actual results: This creates a PTR record in the @ zone. That's a illegal place for a ptr record to go. It's kind of allowing a A record in the root zone. It makes no sense, and could cause issues with outer resolves. Expected results: I expect that there would be some sort of keepout list for the @ zone. I also expect that the tools would allow this when a --force option is specified.
https://fedorahosted.org/freeipa/ticket/841
In my opinion this is not a bug. DNS specifies no restrictions which resource records (A/PTR/AAAA etc) can be bound to certain names. It's absolutely valid to have for example A or PTR record in the zone with the same name as the zone's. ---- Example: Consider zone "example.com." which contains following record: example.com. IN A 1.1.1.1 then consider zone "1.1.1.in-addr.arpa." which contains following record: 1.1.1.1.in-addr.arpa. IN CNAME example.com. then zone "example.com." must contain following PTR record: example.com. IN PTR example.com. ---- Example above (usage of the CNAME record for reverse lookup) is not "exotic" setup, it is widely used for reverse records (more info on http://en.wikipedia.org/wiki/Reverse_DNS_lookup#Classless_reverse_DNS_method). I would rather not introduce IPA-specific limitations for DNS.