Description of problem: Automatic updates using `nsupdate' report error when the target zones do not contain attribute idnsAllowSyncPTR. The update worked when it was set to FALSE or TRUE. LDIF of the failing zones: dn: idnsname=idm.lab.bos.redhat.com,cn=dns,dc=idm,dc=lab,dc=bos,dc=redhat,dc =com idnsAllowDynUpdate: TRUE idnsAllowQuery: any idnsAllowSyncPTR: TRUE idnsAllowTransfer: none idnsName: idm.lab.bos.redhat.com idnsSOAexpire: 1209 idnsSOAmName: vm-068.idm.lab.bos.redhat.com. idnsSOAminimum: 3600 idnsSOArName: hostmaster.idm.lab.bos.redhat.com. idnsSOArefresh: 3600 idnsSOAretry: 900 idnsSOAserial: 2015 idnsUpdatePolicy: grant IDM.LAB.BOS.REDHAT.COM krb5-self * A; grant IDM.LAB. BOS.REDHAT.COM krb5-self * AAAA; idnsZoneActive: TRUE nSRecord: vm-068.idm.lab.bos.redhat.com. objectClass: top objectClass: idnsrecord objectClass: idnszone dn: idnsname=78.16.10.in-addr.arpa.,cn=dns,dc=idm,dc=lab,dc=bos,dc=redhat,dc =com idnsAllowDynUpdate: TRUE idnsAllowQuery: any idnsAllowSyncPTR: TRUE idnsAllowTransfer: none idnsName: 78.16.10.in-addr.arpa. idnsSOAexpire: 1209600 idnsSOAmName: vm-068.idm.lab.bos.redhat.com. idnsSOAminimum: 3600 idnsSOArName: hostmaster.78.16.10.in-addr.arpa. idnsSOArefresh: 3600 idnsSOAretry: 900 idnsSOAserial: 2012260101 idnsUpdatePolicy: grant IDM.LAB.BOS.REDHAT.COM krb5-subdomain 78.16.10.in-ad dr.arpa. PTR; idnsZoneActive: TRUE nSRecord: vm-068.idm.lab.bos.redhat.com. objectClass: top objectClass: idnsrecord objectClass: idnszone nsupdate output: # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: host/vm-138.idm.lab.bos.redhat.com.BOS.REDHAT.COM Valid starting Expires Service principal 01/26/12 05:16:02 01/27/12 05:16:02 krbtgt/IDM.LAB.BOS.REDHAT.COM.BOS.REDHAT.COM 01/26/12 05:16:21 01/27/12 05:16:02 DNS/vm-068.idm.lab.bos.redhat.com.BOS.REDHAT.COM # cat nsupdate.txt zone idm.lab.bos.redhat.com. update delete vm-138.idm.lab.bos.redhat.com. IN A send update add vm-138.idm.lab.bos.redhat.com. 1200 IN A 10.16.78.138 send # /usr/bin/nsupdate -g nsupdate.txt update failed: SERVFAIL update failed: SERVFAIL Version-Release number of selected component (if applicable): bind-9.8.1-4.P1.fc16.x86_64 bind-dyndb-ldap-1.0.0-0.2.b1.fc16.x86_64 How reproducible: Steps to Reproduce: 1. Server: Prepare forward and reverse zone in LDAP (as in the provided example). Make sure the does not have idnsAllowSyncPTR attribute filled. 2. Client: Try to run the nsupdate as in the above example 3. Actual results: Update reports SERVFAIL. Expected results: Update succeeds. Since idnsAllowSyncPTR is not filled it should use the default behavior, i.e. do not create PTR record. Additional info:
bind-dyndb-ldap-1.1.0-0.8.a2.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/FEDORA-2012-1613/bind-dyndb-ldap-1.1.0-0.8.a2.fc16
bind-dyndb-ldap-1.1.0-0.8.a2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.