Red Hat Bugzilla – Bug 690473
Installing ipa-client indicates DNS is updated for this unknown hostname, but is not on server
Last modified: 2015-01-04 18:47:30 EST
Description of problem: When installing specifying hostname that is unknown, install indicates DNS is updated on server, but it is not updated on server. install using command as below: ipa-client-install --hostname qqq.www -d The output includes: root : DEBUG stderr= Warning: Hostname (qqq.www) not found in DNS root : DEBUG args=/usr/bin/kinit -k -t /etc/krb5.keytab host/qqq.www root : DEBUG stdout= root : DEBUG stderr= root : DEBUG args=/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt root : DEBUG stdout= root : DEBUG stderr=specified zone 'www' does not exist (NXDOMAIN) specified zone 'www' does not exist (NXDOMAIN) DNS server record set to: qqq.www -> 10.16.19.131 And when not using the -d option, the output includes: root : DEBUG stderr= Warning: Hostname (qqq.www) not found in DNS DNS server record set to: qqq.www -> 10.16.19.131 But ipa dnsrecord-find --all testrelm doesn't list the above Record also running the command below: ipa host-del qqq.www --updatedns gives error: ipa: ERROR: DNS zone www not found but host can be deleted without using --updatedns ipa host-del qqq.www ---------------------- Deleted host "qqq.www" ---------------------- Version-Release number of selected component (if applicable): ipa-client-2.0.0-16.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. ipa-client-install --hostname qqq.www which indicates DNS server record set to: qqq.www -> 10.16.19.131 2.ipa dnsrecord-find --all testrelm which doesn't list this record 3. ipa host-del qqq.www --updatedns which throws error ERROR: DNS zone www not found Actual results: Server is not updated with a DNS record for this client Expected results: If server cannot be updated, the message when installing shouldn't be displayed. And is it okay if the server doesn't have the DNS record for this? Additional info:
https://fedorahosted.org/freeipa/ticket/1121
When client hostname is set to "qqq.www" nsupdate tries to update DNS record "qqq" in DNS zone www. See command list for nsupdate: # cat .nsupdate zone www. update delete qqq.www. IN A send update add qqq.www. 1200 IN A 10.16.78.134 send However, DNS zone www is neither managed by IPA nor exists at all. Maybe the problem is that you forgot to enter a fully qualified hostname, e.g. qqq.www.testrelm, where testrelm and www.testrelm are valid zones. The command should work then. I tried this with client hostname named "foo.bar" where "bar." was a DNS zone managed by my IPA server and the installation succeeded then: CLIENT: # ipa-client-install --hostname foo.bar ... Configured /etc/krb5.conf for IPA realm IDM.LAB.BOS.REDHAT.COM Warning: Hostname (foo.bar) not found in DNS DNS server record set to: foo.bar -> 10.16.78.134 SSSD enabled ... Client configuration complete. SERVER: # ipa dnsrecord-find bar ... Record name: foo A record: 10.16.78.134 The only problem I found is that nsupdate returns success even when the zone is not found (your case). This makes ipa-client-install without the -d flag to report a success in updating the DNS record even though there was an error. I filed a BZ for this one: https://bugzilla.redhat.com/show_bug.cgi?id=700097
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/806a40846b8848ffe2f23e216949d7a8babc5c79 ipa-2-1: https://fedorahosted.org/freeipa/changeset/290bc6a7682b9744e927b772f8f36f67eb6ff5e5 When updated bind-utils (9.7.3-6.P3.el6) package installed, nsupdate will not return success return code and ipa-client-install should correctly report problem with DNS server record.
Verified using ipa-client-2.1.2-2.el6.x86_64 Installed using hostname ipaclient.testrelm, where testrelm is a dns zone managed by IPA, client install indiacted: Warning: Hostname (ipaclient.testrelm) not found in DNS DNS server record set to: ipaclient.testrelm -> 10.16.18.91 Installed using hostname qqq.www, where www is not a dns zone managed by IPA, client install indicated: Warning: Hostname (qqq.www) not found in DNS Failed to update DNS A record. (Command '/usr/bin/nsupdate -g /etc/ipa/.dns_update.txt' returned non-zero exit status 2)
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: Using the --hostname to set a value outside an IPA-managed DNS domain does not return an error and does not add the host to DNS. Consequence: It appears to the user that the hostname was added to DNS but it was not. Fix: The DNS updating utility nsupdate was modified to properly return an error when an update fails. Result: The user will see an error that nsupdate failed to add add the DNS entry.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html