Bug 798493 - adding reverse zones in gui fails to create correct zone
adding reverse zones in gui fails to create correct zone
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.2
Unspecified Linux
medium Severity medium
: rc
: ---
Assigned To: Rob Crittenden
Namita Soman
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-28 22:27 EST by Brian J. Atkisson
Modified: 2015-05-20 11:43 EDT (History)
4 users (show)

See Also:
Fixed In Version: ipa-3.0.0-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 04:10:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Brian J. Atkisson 2012-02-28 22:27:02 EST
Description of problem:
When adding a reverse zone in the IPA web gui, the zoned is not named correctly.  As such, when adding hosts, IPA complains that no reverse zone can be found.  Moreover, the reverse zone fails to function.

Version-Release number of selected component (if applicable): ipa-server-2.1.3-9.el6.x86_64


How reproducible:
Always

Steps to Reproduce:
1. Add a new zone, select 'Reverse zone IP Network'
2. Add the zone '192.168.12' or '192.168.12.0', fill in the nameserver/email address fields and click add.
3. The zone is created as '0.12.168.192.in-addr.arpa' rather than '12.168.192.in-addr.arpa'.  This is regardless of entering 192.168.12.0 or 192.168.12 in step 2.
  
Actual results:
The created zone 0.12.168.192.in-addr.arpa fails to function properly. Adding new hosts yields an error message that a reverse zone cannot be found.

Expected results:
The zone to be created as 12.168.192.in-addr.arpa.

Additional info:
*NOTE* the command line util 'ipa dnszone-add' has similar issues, however, tipa dnszone-add gives you a chance to change the zone name prior to creation.
Comment 2 Martin Kosek 2012-02-29 03:40:20 EST
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2461
Comment 3 Martin Kosek 2012-02-29 03:45:13 EST
I created a ticket as this behavior can be improved. Until we fix the issue, please try using the IP address in format <network-IP-addr>/<nr-of-network-bits>. If you use network address "192.168.12.0/24" in your case, the reverse zone will be created correctly.
Comment 4 Petr Vobornik 2012-02-29 10:29:05 EST
Recent DNS zone patch added a network validator to 'Reverse zone IP network:'. It will allow to enter value only in <network-IP-addr>/<nr-of-network-bits> format. It effectively solves the UI part of this issue.
Comment 5 Petr Spacek 2012-08-28 10:06:15 EDT
Will it work with following network?

Network=128.128.128.0/20
Mask=255.255.240.0, i.e. prefix 20 bits

WebUI and CLI have to allow to add following reverse zones:
128.128.128.in-addr.arpa.
129.128.128.in-addr.arpa.
.
and all between
.
142.128.128.in-addr.arpa.
143.128.128.in-addr.arpa.
Comment 6 Martin Kosek 2012-09-05 03:55:10 EDT
If you use a prefix that is not divisible by 8 for IPv4 or by 4 for IPv6 it will be rounded:

# ipa dnszone-add --name-server=`hostname` --name-from-ip=128.128.128.0/20
Zone name [128.128.in-addr.arpa.]: 
Administrator e-mail address [hostmaster.128.128.in-addr.arpa.]: 
  Zone name: 128.128.in-addr.arpa.
...


If you need to create a reverse zone with precisely this prefix (20), you can simply create it with multiple reverse zones of longer prefix as you already pointed out:

# ipa dnszone-add --name-server=`hostname` --name-from-ip=128.128.128.0/24
Zone name [128.128.128.in-addr.arpa.]: 
Administrator e-mail address [hostmaster.128.128.128.in-addr.arpa.]: 
  Zone name: 128.128.128.in-addr.arpa.
...

# ipa dnszone-add --name-server=`hostname` --name-from-ip=128.128.129.0/24
Zone name [129.128.128.in-addr.arpa.]: 
Administrator e-mail address [hostmaster.129.128.128.in-addr.arpa.]: 
  Zone name: 129.128.128.in-addr.arpa.
  Authoritative nameserver: vm-086.idm.lab.bos.redhat.com.
...
...
...
Comment 7 Martin Kosek 2012-09-19 11:38:10 EDT
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/ef7b8ab764420baa4e959c0bf060e390b314c18f
ipa-3-0: https://fedorahosted.org/freeipa/changeset/7b7946d69bdb5606ff00c5e733a18c1e788d4796

After a discussion, we decided instead of rejecting IP address without a netmask rather choosing a more sensible default netmask. That is
 * 24b for IPv4
 * 64b for IPv6
A reasoning behind that decision is that for IPv6, vast majority of the networks has 64b netmask, so using this default makes perfect sense. IPv4 address just carried on in order to have a consistent behavior.

Note: The same computation of a default reverse zone is used in ipa-{server,replica-dns}-install.
Comment 8 Jenny Galipeau 2012-09-25 12:43:17 EDT
regression tests added to DNS test suite
Comment 11 Jenny Galipeau 2013-01-15 16:49:12 EST
verified ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Bug 798493 - adding reverse zones in gui fails to create correct zone
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   PASS   ] :: Make sure dnszone-find seems to find the reverse zone
:: [   PASS   ] :: Make sure dnszone-find outputs teh correct zone name.
:: [   PASS   ] :: Make sure dnszone-find seems to find the reverse zone
:: [   PASS   ] :: Make sure dnszone-find outputs teh correct zone name.
:: [   PASS   ] :: Make sure dnszone-find seems to find the reverse zone
:: [   PASS   ] :: Make sure dnszone-find outputs teh correct zone name.
:: [   LOG    ] :: Duration: 7s
:: [   LOG    ] :: Assertions: 6 good, 0 bad
:: [   PASS   ] :: RESULT: Bug 798493 - adding reverse zones in gui fails to create correct zone


version ::
ipa-server-3.0.0-19.el6
Comment 13 errata-xmlrpc 2013-02-21 04:10:16 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html

Note You need to log in before you can comment on or make changes to this bug.