Bug 784815 - Dynamic update for zone without idnsAllowSyncPTR does not work
Summary: Dynamic update for zone without idnsAllowSyncPTR does not work
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: bind-dyndb-ldap
Version: 16
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Petr Spacek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-26 10:48 UTC by Martin Kosek
Modified: 2012-03-01 09:34 UTC (History)
3 users (show)

Fixed In Version: bind-dyndb-ldap-1.1.0-0.8.a2.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-03-01 09:34:48 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Martin Kosek 2012-01-26 10:48:10 UTC 
Description of problem:
Automatic updates using `nsupdate' report error when the target zones do not contain attribute idnsAllowSyncPTR. The update worked when it was set to FALSE or TRUE.

LDIF of the failing zones:

dn: idnsname=idm.lab.bos.redhat.com,cn=dns,dc=idm,dc=lab,dc=bos,dc=redhat,dc
 =com
idnsAllowDynUpdate: TRUE
idnsAllowQuery: any
idnsAllowSyncPTR: TRUE
idnsAllowTransfer: none
idnsName: idm.lab.bos.redhat.com
idnsSOAexpire: 1209
idnsSOAmName: vm-068.idm.lab.bos.redhat.com.
idnsSOAminimum: 3600
idnsSOArName: hostmaster.idm.lab.bos.redhat.com.
idnsSOArefresh: 3600
idnsSOAretry: 900
idnsSOAserial: 2015
idnsUpdatePolicy: grant IDM.LAB.BOS.REDHAT.COM krb5-self * A; grant IDM.LAB.
 BOS.REDHAT.COM krb5-self * AAAA;
idnsZoneActive: TRUE
nSRecord: vm-068.idm.lab.bos.redhat.com.
objectClass: top
objectClass: idnsrecord
objectClass: idnszone

dn: idnsname=78.16.10.in-addr.arpa.,cn=dns,dc=idm,dc=lab,dc=bos,dc=redhat,dc
 =com
idnsAllowDynUpdate: TRUE
idnsAllowQuery: any
idnsAllowSyncPTR: TRUE
idnsAllowTransfer: none
idnsName: 78.16.10.in-addr.arpa.
idnsSOAexpire: 1209600
idnsSOAmName: vm-068.idm.lab.bos.redhat.com.
idnsSOAminimum: 3600
idnsSOArName: hostmaster.78.16.10.in-addr.arpa.
idnsSOArefresh: 3600
idnsSOAretry: 900
idnsSOAserial: 2012260101
idnsUpdatePolicy: grant IDM.LAB.BOS.REDHAT.COM krb5-subdomain 78.16.10.in-ad
 dr.arpa. PTR;
idnsZoneActive: TRUE
nSRecord: vm-068.idm.lab.bos.redhat.com.
objectClass: top
objectClass: idnsrecord
objectClass: idnszone

nsupdate output:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: host/vm-138.idm.lab.bos.redhat.com.BOS.REDHAT.COM

Valid starting     Expires            Service principal
01/26/12 05:16:02  01/27/12 05:16:02  krbtgt/IDM.LAB.BOS.REDHAT.COM.BOS.REDHAT.COM
01/26/12 05:16:21  01/27/12 05:16:02  DNS/vm-068.idm.lab.bos.redhat.com.BOS.REDHAT.COM

# cat nsupdate.txt 
zone idm.lab.bos.redhat.com.
update delete vm-138.idm.lab.bos.redhat.com. IN A
send
update add vm-138.idm.lab.bos.redhat.com. 1200 IN A 10.16.78.138
send
# /usr/bin/nsupdate -g nsupdate.txt
update failed: SERVFAIL
update failed: SERVFAIL

Version-Release number of selected component (if applicable):
bind-9.8.1-4.P1.fc16.x86_64
bind-dyndb-ldap-1.0.0-0.2.b1.fc16.x86_64

How reproducible:

Steps to Reproduce:
1. Server: Prepare forward and reverse zone in LDAP (as in the provided example). Make sure the does not have idnsAllowSyncPTR attribute filled.
2. Client: Try to run the nsupdate as in the above example
3.
  
Actual results:
Update reports SERVFAIL.

Expected results:
Update succeeds. Since idnsAllowSyncPTR is not filled it should use the default behavior, i.e. do not create PTR record.

Additional info:
Comment 1 Fedora Update System 2012-02-20 12:16:03 UTC 
bind-dyndb-ldap-1.1.0-0.8.a2.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/FEDORA-2012-1613/bind-dyndb-ldap-1.1.0-0.8.a2.fc16
Comment 2 Fedora Update System 2012-03-01 09:34:48 UTC 
bind-dyndb-ldap-1.1.0-0.8.a2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.