Hide Forgot
Description of problem: Can add zone using cmd below: # ipa dnszone-add --name-server=ipaqa64vmc.testrelm.com --admin-email=ipaqar.redhat.com --serial=2010010701 --refresh=303 --retry=101 --expire=1202 --minimum=33 --ttl=55 westford.testrelm.com To this Petr's response: CLI adds implicit dot to end of the name-server parameter. That is a reason why it works in your case. There are two rules: --name-server=host.name.ends.with.dot. --> name has to be resolvable to IP address (i.e. name belongs to existing zone and is resolvable) --> your test case falls to this category because of implicit dot --> test will pass because "ipaqa64vmc.testrelm.com" is resolvable --name-server=relative.hostname --> --ip-address= has to be used because hostname is not resolvable to IP address --> relative.hostname will be expanded to relative.hostname.new.zone. - this name can't be resolvable because that zone doesn't exist yet So tried the below which adds the zone, but has invalid data: # ipa dnszone-add --name-server=pspacek --ip-address=10.34.4.89 q.test Administrator e-mail address [hostmaster.q.test.]: ipa: ERROR: 'dnszoneidnsname' is required [root@pspacek nsupdate-test]# ipa dnszone-show q.test Zone name: q.test Authoritative nameserver: pspacek. <<<<---- that is wrong - there should not be a dot at the end of name Administrator e-mail address: hostmaster.q.test. SOA serial: 1350916014 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; Version-Release number of selected component (if applicable): ipa-server-3.0.0-105.20121016T0259zgitf6bd4b0.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Add a new zone usign relative hostname, and ipaddress 2. 3. Actual results: throws an error, adds the zone, but dnszone-show has a period at the end of the nameserver Expected results: add zone sucessully, with no error and dnszone-show should not have a period at the end of the nameserver. Additional info:
Upstream ticket: https://fedorahosted.org/freeipa/ticket/3204
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/a00109585684fac520c48188298b75df816fbd23 ipa-3-0: https://fedorahosted.org/freeipa/changeset/dc406253821ba7a616dd12e2bcc5dd602247a279 --name-server option now behaves correctly with respect to absolute/relative DNS names. You may need to update your test cases if you do not use it right! Examples: 1) Add new zone using absolute address to nameserver: # ipa dnszone-add new.zone --name-server ns.ipa.testrelm. Effective nameserver will be ns.ipa.testrelm. 2) Add new zone using relative address to nameserver: # ipa dnszone-add new.zone --name-server ns --ip-address 10.0.0.1 Effective nameserver will be ns.new.zone. New A record with IP 10.0.0.1 will be created in new.zone
Verified using ipa-server-3.0.0-20.el6.x86_64 # ipa dnszone-add --name-server=nightcrawler --ip-address=10.16.96.83 qwe Administrator e-mail address [hostmaster.qwe.]: Zone name: qwe Authoritative nameserver: nightcrawler Administrator e-mail address: hostmaster.qwe. SOA serial: 1358182380 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; # ipa dnsrecord-find qwe Record name: @ NS record: nightcrawler Record name: nightcrawler A record: 10.16.96.83 ---------------------------- Number of entries returned 2 ----------------------------
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html