Hide Forgot
Description of problem: add forward and reverse entries for a host and try to add the host without --force option. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-host-cli-48: Add host without force option - DNS Record Exists :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [09:09:36] :: EXECUTING: ipa host-add myhost.testrelm.com ipa: ERROR: Host does not have corresponding DNS A record :: [ FAIL ] :: Add host DNS entries exist (Expected 0, got 1) --------------- 0 hosts matched --------------- ---------------------------- Number of entries returned 0 ---------------------------- :: [09:09:39] :: WARNING: Failed to find host. :: [ FAIL ] :: Verifying host was added when DNS records exist. (Expected 0, got 1) Record name: myhost A record: 10.16.187.99 ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Checking for forward DNS entry Record name: 99 PTR record: myhost.testrelm.com. ---------------------------- Number of entries returned 1 ---------------------------- :: [ PASS ] :: Checking for reverse DNS entry Version-Release number of selected component (if applicable): ipa-server-2.2.0-103.20120302T0507zgitc611d89.el6.x86_64 How reproducible: always Steps to Reproduce: 1. see description 2. 3. Actual results: Expected results: Additional info:
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2481
I found the reason why this issue happens. We call acutil.res_send() to send a DNS query to find A record of the new hostname. However, the request may not be sent to the current resolver in /etc/resolv.conf but to the old one that was configure there before. Which apparently does not know this hostname. So if you run ipa-dns-install and then tried this use case right after it, it resulted to this error. As a workaround, one can reload httpd process after ipa-dns-install.
I installed the ipa-server with --setup-dns ... why should I have to run ipa-dns-isntall ?
however, fresh install behaves the same, see acceptance tests results when they come in on list.
Oh, its the same with --setup-dns. The problem is in change of /etc/resolv.conf and unability of acutil to realize it.
Fixed upstream. master: c956b3cd2ba12d87054909af3dce7d231f034240 ipa-2-2: 453dbdc0dd412ed90950f10ffd8be895ff7b2ded This was addressed by restarting Apache after configuring bind so it gets an updated resolv.conf.
verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipa-host-cli-48: Add host without force option - DNS Record Exists :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: EXECUTING: ipa host-add myhost.testrelm.com :: [ PASS ] :: Add host DNS entries exist :: [ LOG ] :: Host name is as expected. :: [ LOG ] :: Principal name is as expected. :: [ PASS ] :: Verifying host was added when DNS records exist. :: [ PASS ] :: Checking for forward DNS entry :: [ PASS ] :: Checking for reverse DNS entry :: [ LOG ] :: Duration: 13s :: [ LOG ] :: Assertions: 4 good, 0 bad :: [ PASS ] :: RESULT: ipa-host-cli-48: Add host without force option - DNS Record Exists version :: ipa-server-2.2.0-4.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html