Red Hat Bugzilla – Bug 798493
adding reverse zones in gui fails to create correct zone
Last modified: 2015-05-20 11:43:43 EDT
Description of problem: When adding a reverse zone in the IPA web gui, the zoned is not named correctly. As such, when adding hosts, IPA complains that no reverse zone can be found. Moreover, the reverse zone fails to function. Version-Release number of selected component (if applicable): ipa-server-2.1.3-9.el6.x86_64 How reproducible: Always Steps to Reproduce: 1. Add a new zone, select 'Reverse zone IP Network' 2. Add the zone '192.168.12' or '192.168.12.0', fill in the nameserver/email address fields and click add. 3. The zone is created as '0.12.168.192.in-addr.arpa' rather than '12.168.192.in-addr.arpa'. This is regardless of entering 192.168.12.0 or 192.168.12 in step 2. Actual results: The created zone 0.12.168.192.in-addr.arpa fails to function properly. Adding new hosts yields an error message that a reverse zone cannot be found. Expected results: The zone to be created as 12.168.192.in-addr.arpa. Additional info: *NOTE* the command line util 'ipa dnszone-add' has similar issues, however, tipa dnszone-add gives you a chance to change the zone name prior to creation.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2461
I created a ticket as this behavior can be improved. Until we fix the issue, please try using the IP address in format <network-IP-addr>/<nr-of-network-bits>. If you use network address "192.168.12.0/24" in your case, the reverse zone will be created correctly.
Recent DNS zone patch added a network validator to 'Reverse zone IP network:'. It will allow to enter value only in <network-IP-addr>/<nr-of-network-bits> format. It effectively solves the UI part of this issue.
Will it work with following network? Network=128.128.128.0/20 Mask=255.255.240.0, i.e. prefix 20 bits WebUI and CLI have to allow to add following reverse zones: 128.128.128.in-addr.arpa. 129.128.128.in-addr.arpa. . and all between . 142.128.128.in-addr.arpa. 143.128.128.in-addr.arpa.
If you use a prefix that is not divisible by 8 for IPv4 or by 4 for IPv6 it will be rounded: # ipa dnszone-add --name-server=`hostname` --name-from-ip=128.128.128.0/20 Zone name [128.128.in-addr.arpa.]: Administrator e-mail address [hostmaster.128.128.in-addr.arpa.]: Zone name: 128.128.in-addr.arpa. ... If you need to create a reverse zone with precisely this prefix (20), you can simply create it with multiple reverse zones of longer prefix as you already pointed out: # ipa dnszone-add --name-server=`hostname` --name-from-ip=128.128.128.0/24 Zone name [128.128.128.in-addr.arpa.]: Administrator e-mail address [hostmaster.128.128.128.in-addr.arpa.]: Zone name: 128.128.128.in-addr.arpa. ... # ipa dnszone-add --name-server=`hostname` --name-from-ip=128.128.129.0/24 Zone name [129.128.128.in-addr.arpa.]: Administrator e-mail address [hostmaster.129.128.128.in-addr.arpa.]: Zone name: 129.128.128.in-addr.arpa. Authoritative nameserver: vm-086.idm.lab.bos.redhat.com. ... ... ...
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/ef7b8ab764420baa4e959c0bf060e390b314c18f ipa-3-0: https://fedorahosted.org/freeipa/changeset/7b7946d69bdb5606ff00c5e733a18c1e788d4796 After a discussion, we decided instead of rejecting IP address without a netmask rather choosing a more sensible default netmask. That is * 24b for IPv4 * 64b for IPv6 A reasoning behind that decision is that for IPv6, vast majority of the networks has 64b netmask, so using this default makes perfect sense. IPv4 address just carried on in order to have a consistent behavior. Note: The same computation of a default reverse zone is used in ipa-{server,replica-dns}-install.
regression tests added to DNS test suite
verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Bug 798493 - adding reverse zones in gui fails to create correct zone :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ PASS ] :: Make sure dnszone-find seems to find the reverse zone :: [ PASS ] :: Make sure dnszone-find outputs teh correct zone name. :: [ PASS ] :: Make sure dnszone-find seems to find the reverse zone :: [ PASS ] :: Make sure dnszone-find outputs teh correct zone name. :: [ PASS ] :: Make sure dnszone-find seems to find the reverse zone :: [ PASS ] :: Make sure dnszone-find outputs teh correct zone name. :: [ LOG ] :: Duration: 7s :: [ LOG ] :: Assertions: 6 good, 0 bad :: [ PASS ] :: RESULT: Bug 798493 - adding reverse zones in gui fails to create correct zone version :: ipa-server-3.0.0-19.el6
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html