RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 747612 - [RFE] IPA should support and manage DNS sites
Summary: [RFE] IPA should support and manage DNS sites
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.0
Hardware: All
OS: Linux
unspecified
low
Target Milestone: rc
: 7.1
Assignee: Pavel Picka
QA Contact: Namita Soman
Marc Muehlfeld
URL:
Whiteboard:
: 991229 1044733 (view as bug list)
Depends On: 743503 1204506
Blocks: 1203710 1349053
TreeView+ depends on / blocked
 
Reported: 2011-10-20 13:55 UTC by Dmitri Pal
Modified: 2019-12-16 04:23 UTC (History)
19 users (show)

Fixed In Version: ipa-4.4.0-1.el7
Doc Type: Enhancement
Doc Text:
IdM now supports DNS locations This update adds support for DNS location management to the Identity Management (IdM) integrated DNS server to improve cross-site implementations. Previously, clients using DNS records to locate IdM servers could not distinguish local servers from servers located in remote geographical locations. This update enables clients using DNS discovery to find the nearest servers, and to use the network in an optimized way. As a result, administrators can manage DNS locations and assign servers to them in the IdM web user interface and from the command line. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#dns-locations
Clone Of:
: 1044733 1349053 (view as bug list)
Environment:
Last Closed: 2016-11-04 05:42:46 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
evidence (903 bytes, text/plain)
2016-08-23 11:28 UTC, Pavel Picka 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:2404 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2016-11-03 13:56:18 UTC

Description Dmitri Pal 2011-10-20 13:55:41 UTC 
It is related to bug #743503 but to mange the site on the server side.

The original request is the following:

Has there been given any thought to the concept of sites within IPA to improve cross-site implementations? This should be easy to implement as you are already using DNS SRV records to locate the ldap/kerberos servers.

E.g.
Site: Boston
Site: London


Create a subdomain of the IPA dns domain named _sites, and a subdomain of _sites for each site.

Boston._sites.ipa.domain.com would contain the srv entries for IPA servers in Boston:
_ldap._tcp        in    srv    0 100 389 boston-ipa-server1
_ldap._tcp        in    srv    0 100 389 boston-ipa-server2
.....

London._sites.ipa.domain.com would contain the srv entries for IPA serers in London:
_ldap._tcp        in    srv    0 100 389 london-ipa-server1
_ldap._tcp        in    srv    0 100 389 london-ipa-server2
....

Now point the client's DNS "search" entry to point to the local site first, then search the full name space:
Boston client's /etc/resolv.conf:
search Boston._sites.ipa.domain.com ipa.domain.com

London client's /etc/resolv.conf:
search London._sites.ipa.domain.com ipa.domain.com


The main ipa.domain.com could still contain srv records for all IPA servers, or selected IPA servers at the central hub.

I know I can do this manually within the DNS managment in IPA today, however it would be a lot easier to maintain "Sites" within the IPA webui/cli. *blink* ;)
Comment 1 Dmitri Pal 2011-10-20 14:00:10 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2008
Comment 2 Martin Kosek 2013-08-06 07:25:47 UTC 
*** Bug 991229 has been marked as a duplicate of this bug. ***
Comment 4 Martin Kosek 2015-03-27 13:35:45 UTC 
*** Bug 1044733 has been marked as a duplicate of this bug. ***
Comment 6 Petr Vobornik 2016-04-14 14:10:33 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2956
Comment 7 Petr Vobornik 2016-06-02 10:18:11 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5181
Comment 8 Petr Vobornik 2016-06-02 13:00:56 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/5905
Comment 9 Martin Bašti 2016-06-03 14:00:07 UTC 
master:
https://fedorahosted.org/freeipa/changeset/29a8615cf36cd46e30c6048ee7e3993532e83005
https://fedorahosted.org/freeipa/changeset/180d7458de60af3e9a7256f3242eec9031f4442b
https://fedorahosted.org/freeipa/changeset/bae621415dd15a5569774cbc89ba1747b0d069dc
https://fedorahosted.org/freeipa/changeset/7c3bcafef094d77df698aa0eba8b02e8892ce1c2
https://fedorahosted.org/freeipa/changeset/121e34b90e890285c480a0c89e833d1369d61401
https://fedorahosted.org/freeipa/changeset/15abfcf0f77664f426ba50ebf20e0f6c2a6f8275
https://fedorahosted.org/freeipa/changeset/79544aa51acc6f48117391b1e0ec70e9f4d7d0bb
https://fedorahosted.org/freeipa/changeset/fd2bd60383a739185a0a67fd0fb43338bab17e1d
https://fedorahosted.org/freeipa/changeset/42719acdcebd3ef939587d4af4c3c6ad743ec601
Comment 10 Petr Vobornik 2016-06-09 12:21:28 UTC 
Web UI part:

master:
https://fedorahosted.org/freeipa/changeset/5a8ad3e9828c67e8ff9cc9dfc05458003f19c985
https://fedorahosted.org/freeipa/changeset/5f48df48d4af740ba09197d0f07415e8e76e608e
Comment 11 Martin Bašti 2016-06-13 15:54:41 UTC 
master:
https://fedorahosted.org/freeipa/changeset/7e2bef0b9f36a90902784be9363cbcb5ba4221b4
https://fedorahosted.org/freeipa/changeset/d07b7e0f6fe62eb10edcc7d3a4e884e5c8fd1d29
https://fedorahosted.org/freeipa/changeset/40d8dded7fc1e71621516da9197c736057c0b6e4
https://fedorahosted.org/freeipa/changeset/80cbddaa37241e5c762edb656e4c658e652c87ef
https://fedorahosted.org/freeipa/changeset/b9aa31191b3067aced1432daa06d18b4382cd77f
https://fedorahosted.org/freeipa/changeset/5f7086e7183f0fcfece2bdd5be3d1ea17384717b
https://fedorahosted.org/freeipa/changeset/21def4fde0b09a256fad3231a9042219f707fc8a
Comment 12 Martin Bašti 2016-06-17 13:23:52 UTC 
master:
https://fedorahosted.org/freeipa/changeset/0f5cca0e45481520d25b20b48f939b2581f4d27b
https://fedorahosted.org/freeipa/changeset/d7671ee66786b674454b7b58c9558e0c7c853cd5
https://fedorahosted.org/freeipa/changeset/745a2e6471b27faabeb5479b9d2845b18606d8b0
https://fedorahosted.org/freeipa/changeset/87c23ba029df9227384b3f5e2028f3f0e429e9ab
https://fedorahosted.org/freeipa/changeset/394b094fc22ef67742824ec03d4e851a2876fd81
https://fedorahosted.org/freeipa/changeset/cf634a4ff8a100589f99e57c51b2c4591853e88a
https://fedorahosted.org/freeipa/changeset/e23159596e1851f156461d00b9f9f99dc698e12b
https://fedorahosted.org/freeipa/changeset/45a93265740fdfc14e6ee8785f844f8d34508fc4
https://fedorahosted.org/freeipa/changeset/a5a6ceafcd3418a6242bbf948d825f2b61c95f23
https://fedorahosted.org/freeipa/changeset/a7e463948db5870d264f59954c9a2e9b5b59e1dd
https://fedorahosted.org/freeipa/changeset/4076e8e4e50d527f613536138cd851cd068cd2d9
https://fedorahosted.org/freeipa/changeset/88a0952f26f9d1e2ee9d02126b27f3075dbad46a
https://fedorahosted.org/freeipa/changeset/2157ea0e6d0d762bdc71022ddd55045406c4b300
https://fedorahosted.org/freeipa/changeset/52590d6fa581e3b53e2c9350dc307a1f360c40a3
https://fedorahosted.org/freeipa/changeset/08265f1e92bd91d9e4ba3285b953ff9ccd79040b
https://fedorahosted.org/freeipa/changeset/d70e52b61b35f42ca2d34ef05310fd2c18c882ce
Comment 13 Martin Bašti 2016-06-17 16:05:47 UTC 
master:
https://fedorahosted.org/freeipa/changeset/ef12cad30b3fc867b3b09abe6521c168dbc3ceaf
https://fedorahosted.org/freeipa/changeset/1997733cdf60bbd5fee8a5286d567580fa4e0198
https://fedorahosted.org/freeipa/changeset/8dde1201ed9b0ca839ffe7421be7efd04b666e11
https://fedorahosted.org/freeipa/changeset/b2931210eb794e52eac4b0e295fcbdfc5bb07f87
https://fedorahosted.org/freeipa/changeset/bbf8227e3fd678d4bd6659a12055ba3dbe1c8230
https://fedorahosted.org/freeipa/changeset/3c50e42036427d7c5e36828f24bd3c180e18a677
https://fedorahosted.org/freeipa/changeset/4155eb7b13b20605886ba79c02c232f83a7b439c
https://fedorahosted.org/freeipa/changeset/313e63e3e4ba1aa3dd2ae5de54f6d277329fffee
https://fedorahosted.org/freeipa/changeset/88ac58a1ce0641e65bcc7934020f85ef39d8e82b
https://fedorahosted.org/freeipa/changeset/e82ce439c4c8a4d2f5b4ef384158de93de1644cc
https://fedorahosted.org/freeipa/changeset/8253727de1f823bb6c06d4687019e64dab825ec3
Comment 14 Martin Bašti 2016-06-17 17:01:41 UTC 
master:
https://fedorahosted.org/freeipa/changeset/a540c909a7f63e7b0c19207eec69bd5914cb186e
Comment 15 Martin Bašti 2016-06-21 10:39:07 UTC 
master:
https://fedorahosted.org/freeipa/changeset/eefdcc6b076e4305a14f231865636d46e4f16cf5
https://fedorahosted.org/freeipa/changeset/f2974b8d965c14247d8a9d03e0df3b5183e20d76
Comment 16 Martin Bašti 2016-06-21 11:04:50 UTC 
master:
https://fedorahosted.org/freeipa/changeset/894be1bd50905b86d87244d0ede3f266e9737b9a
Comment 17 Martin Bašti 2016-06-21 14:55:35 UTC 
master:
https://fedorahosted.org/freeipa/changeset/cc6a3325d497286620cada12dca22fe5e5cf15e7
Comment 19 Martin Bašti 2016-06-23 10:37:50 UTC 
master:
https://fedorahosted.org/freeipa/changeset/926462d335ea49857732f1cf2fd2a1956c5b57d8
Comment 20 Martin Bašti 2016-06-27 08:24:08 UTC 
master:
https://fedorahosted.org/freeipa/changeset/c6f7d94d5b39c213483909de34c61016b8eba0ac
Comment 21 Martin Bašti 2016-06-27 11:37:01 UTC 
master:
https://fedorahosted.org/freeipa/changeset/e42f662b78d9a9d9c0ca786e69d7c203e6863462
https://fedorahosted.org/freeipa/changeset/218734ba5ac3326daaf1097ef98217f6c86f526c
https://fedorahosted.org/freeipa/changeset/7bf3b1d546f22eeb61dce58cb69d471f834b8aac
Comment 22 Martin Bašti 2016-06-28 13:25:47 UTC 
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/104040cf363ec50d8006474422f2c13e44266806
Comment 23 Martin Bašti 2016-06-28 14:59:19 UTC 
master:
https://fedorahosted.org/freeipa/changeset/5693d195501611c6abe9dbdf1370b898ffa6b3c7
ipa-4-3:
https://fedorahosted.org/freeipa/changeset/8502fe4883d33afab57cfc4cb4695ed8061daa7e
Comment 24 Petr Vobornik 2016-06-29 14:36:20 UTC 
additonal webui part:

master:
https://fedorahosted.org/freeipa/changeset/31a13c9e9849eca794aa7908bc252185c4b36678
Comment 26 Petr Spacek 2016-07-07 10:35:43 UTC 
All the information we have about the feature can be found on
http://www.freeipa.org/page/V4/DNS_Location_Mechanism

Please let me or mbasti know if something is unclear or if an infomation is missing.
Comment 36 Pavel Picka 2016-08-23 11:28:45 UTC 
Created attachment 1193302 [details]
evidence

Verified using upstream test on 4.4.0-8.el7
Comment 38 errata-xmlrpc 2016-11-04 05:42:46 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2404.html
Note You need to log in before you can comment on or make changes to this bug.