Hide Forgot
Description of problem: Zone serial number is not incremented after adding DNS record. (Same problem probably occurs with all DNS operations.) Version-Release number of selected component (if applicable): ipa-server-2.1.3-9.el6.x86_64 bind-9.7.3-8.P3.el6.x86_64 bind-dyndb-ldap-0.2.0-7.el6.x86_64 How reproducible: Add any DNS record and watch DNS zone serial number. Steps to Reproduce: 1. ipa dnszone-show localnet 2. ipa dnsrecord-add localnet test3 --a-rec=1.2.3.4 3. ipa dnszone-show localnet Actual results: # ipa dnszone-show localnet Zone name: localnet Authoritative nameserver: el621.localnet. Administrator e-mail address: root.el621.localnet. SOA serial: 2012190301 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE # ipa dnsrecord-add localnet test3 --a-rec=1.2.3.4 Record name: test3 A record: 1.2.3.4 # ipa dnszone-show localnet Zone name: localnet Authoritative nameserver: el621.localnet. Administrator e-mail address: root.el621.localnet. SOA serial: 2012190301 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Expected results: "SOA serial" value was incremented. Additional info: BIND LDAP plugin only read value from LDAP. SOA serial # change has to be handled in UI (or via dirsrv plugin?).
Correct SOA record are necessary for various DNS utilities. E.g. zone transfers (and DNSSEC "Inline Signing" in newer BIND versions).
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2554
*** Bug 811248 has been marked as a duplicate of this bug. ***
Fixed upstream. master: 9d69db80a3d1fc46236a4546988176cdd7939b82 67dbde01567f5df414d4e5f6ac694c9b04170c45 e578183ea25a40aedf6dcc3e1ee4bcb19b73e70f 8c7556db8339cf64f1c80e4ffec30ac3646f177e SOA serial autoincrement attribute is now automatically updated by bind-dyndb-ldap whenever an DNS entry is added or modified. Please note, that in order to avoid replication issues, SOA serial attribute (idnsSOAserial) had to be added to replication agreement exclude list as serial will be incremented on each DNS server separately and won't be shared. Thus, resulting serial number may be different between different IPA replicas with DNS support.
Verified using:ipa-server-3.0.0-11.el6.x86_64 test output: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz804619 DNS zone serial number is not updated :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Zone name: testrelm.com Authoritative nameserver: nightcrawler.testrelm.com. Administrator e-mail address: hostmaster.testrelm.com. SOA serial: 1355368096 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; :: [ PASS ] :: Running 'ipa dnszone-show testrelm.com' Record name: dns175 A record: 192.168.0.1 :: [ PASS ] :: Running 'ipa dnsrecord-add testrelm.com dns175 --a-rec=192.168.0.1' :: [ PASS ] :: idnssoaserial has changed as expected, GOT: 1355368101
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html