This bug is created as a clone of upstream ticket: https://fedorahosted.org/bind-dyndb-ldap/ticket/49 The plugin should support IPv6 forwarders.
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux.
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
please add steps to reproduce / verify this bug
Just put IPv6 address to idnsForwarders attribute. It should work in exactly same way as with IPv4 address. Older version (without IPv6 support) should work with IPv4 address only.
Verified with the following steps against ipa-server-3.0.0-9.el6.x86_64 and bind-dyndb-ldap-2.3-1.el6.x86_64 On the first server: [root@zippyvm11 ~]# ipa dnszone-add --name-server=$MASTER. newtzoneAdministrator e-mail address [hostmaster.newtzone.]: Zone name: newtzone Authoritative nameserver: zippyvm11.testrelm.com. Administrator e-mail address: hostmaster.newtzone. SOA serial: 1358903541 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; [root@zippyvm11 ~]# server2ipv6='3ffe:1111:2222:2000:230:48ff:fe8c:100' [root@zippyvm11 ~]# ipa dnszone-mod $tzone --addattr=idnsForwarders="$server2ipv6" Zone name: newtzone Authoritative nameserver: zippyvm11.testrelm.com. Administrator e-mail address: hostmaster.newtzone. SOA serial: 1358903542 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; Zone forwarders: 3ffe:1111:2222:2000:230:48ff:fe8c:100 Now to the second server: [root@zippyvm4 ~]# ipa dnszone-add --name-server=$MASTER. newtzone Administrator e-mail address [hostmaster.newtzone.]: Zone name: newtzone Authoritative nameserver: zippyvm4.testrelm.com. Administrator e-mail address: hostmaster.newtzone. SOA serial: 1358903658 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; [root@zippyvm4 ~]# ipa dnsrecord-add $tzone aaaatest --aaaa-rec='3ffe:1111:2222:2000:230:48ff:fe8c:100' Record name: aaaatest AAAA record: 3ffe:1111:2222:2000:230:48ff:fe8c:100 [root@zippyvm4 ~]# dig aaaatest.$tzone aaaa @127.0.0.1 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.16.rc1.el6 <<>> aaaatest.newtzone aaaa @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26068 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;aaaatest.newtzone. IN AAAA ;; ANSWER SECTION: aaaatest.newtzone. 86400 IN AAAA 3ffe:1111:2222:2000:230:48ff:fe8c:100 ;; AUTHORITY SECTION: newtzone. 86400 IN NS zippyvm4.testrelm.com. ;; ADDITIONAL SECTION: zippyvm4.testrelm.com. 1200 IN A 10.14.5.136 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jan 22 20:16:53 2013 ;; MSG SIZE rcvd: 114 Back to the first server: [root@zippyvm11 ~]# dig aaaatest.$tzone aaaa @127.0.0.1 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.16.rc1.el6 <<>> aaaatest.newtzone aaaa @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56218 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;aaaatest.newtzone. IN AAAA ;; ANSWER SECTION: aaaatest.newtzone. 86400 IN AAAA 3ffe:1111:2222:2000:230:48ff:fe8c:100 ;; AUTHORITY SECTION: newtzone. 86400 IN NS zippyvm4.testrelm.com. ;; ADDITIONAL SECTION: zippyvm4.testrelm.com. 1200 IN A 10.14.5.136 ;; Query time: 15 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jan 22 20:17:04 2013 ;; MSG SIZE rcvd: 114 Forward works through the AAAA forwarder.
Could you please replace syntax # ipa dnszone-mod $tzone --addattr=idnsForwarders="$server2ipv6" with # ipa dnszone-mod $tzone --forwarder="$server2ipv6" ? I'm not sure if --addattr is supported. Anyway, addattr it is not the recommended way :-) Thank you.
That is correct that using addattr is not the recommended way, but it is working, and using that value is part of the ticket description. I can reverify this bug using the dnszone-mod --forwarder method if you would like.
reverified using ipa dnszone-mod $tzone --forwarder="$server2ipv6" [root@zippyvm11 ~]# ipa dnszone-add --name-server=$MASTER. newtzone Administrator e-mail address [hostmaster.newtzone.]: Zone name: newtzone Authoritative nameserver: zippyvm11.testrelm.com. Administrator e-mail address: hostmaster.newtzone. SOA serial: 1358985423 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; [root@zippyvm11 ~]# server2ipv6='3ffe:1111:2222:2000:230:48ff:fe8c:100' [root@zippyvm11 ~]# ipa dnszone-mod $tzone --forwarder="$server2ipv6" Zone name: newtzone Authoritative nameserver: zippyvm11.testrelm.com. Administrator e-mail address: hostmaster.newtzone. SOA serial: 1358985424 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; Zone forwarders: 3ffe:1111:2222:2000:230:48ff:fe8c:100 [root@zippyvm11 ~]# [root@zippyvm4 ~]# ipa dnszone-add --name-server=$MASTER. newtzone Administrator e-mail address [hostmaster.newtzone.]: Zone name: newtzone Authoritative nameserver: zippyvm4.testrelm.com. Administrator e-mail address: hostmaster.newtzone. SOA serial: 1358985519 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; [root@zippyvm4 ~]# ipa dnsrecord-add $tzone aaaatest --aaaa-rec='3ffe:1111:2222:2000:230:48ff:fe8c:100' Record name: aaaatest AAAA record: 3ffe:1111:2222:2000:230:48ff:fe8c:100 [root@zippyvm4 ~]# dig aaaatest.$tzone aaaa @127.0.0.1 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.16.rc1.el6 <<>> aaaatest.newtzone aaaa @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54157 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;aaaatest.newtzone. IN AAAA ;; ANSWER SECTION: aaaatest.newtzone. 86400 IN AAAA 3ffe:1111:2222:2000:230:48ff:fe8c:100 ;; AUTHORITY SECTION: newtzone. 86400 IN NS zippyvm4.testrelm.com. ;; ADDITIONAL SECTION: zippyvm4.testrelm.com. 1200 IN A 10.14.5.136 ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jan 23 18:59:12 2013 ;; MSG SIZE rcvd: 114 [root@zippyvm11 ~]# dig aaaatest.$tzone aaaa @127.0.0.1 ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.16.rc1.el6 <<>> aaaatest.newtzone aaaa @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39253 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;aaaatest.newtzone. IN AAAA ;; ANSWER SECTION: aaaatest.newtzone. 86400 IN AAAA 3ffe:1111:2222:2000:230:48ff:fe8c:100 ;; AUTHORITY SECTION: newtzone. 86400 IN NS zippyvm4.testrelm.com. ;; ADDITIONAL SECTION: zippyvm4.testrelm.com. 1200 IN A 10.14.5.136 ;; Query time: 4 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Wed Jan 23 18:59:55 2013 ;; MSG SIZE rcvd: 114 forwarding with a IPV6 address works.
Perfect, thank you!
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0359.html