Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 952689

Summary: DNS install does not create records for existing replicas
Product: Red Hat Enterprise Linux 7 Reporter: Dmitri Pal <dpal>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED CURRENTRELEASE QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.0CC: mkosek, nsoman, spoore
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.2.1-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 10:50:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitri Pal 2013-04-16 13:14:53 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/freeipa/ticket/3564

The DNS installer (both ipa-dns-install and ipa-replica-install --setup-dns) creates DNS records only for the replica it is installed on, but not for any other existing replicas. This breaks replication and other things. DNS records for all existing replicas should be created when DNS is first installed (i.e. when the DNS container is created).
Comment 1 Martin Kosek 2013-04-24 12:39:03 UTC 
Fixed upstream:

63e79a3d86bb302b954571ec881aae06388392cd Add ipa-ca records for existing CA masters when installing DNS f
014f2962740c236c0bc4d14ba785d41dbbfdf78e Add DNS records for existing masters when installing DNS for the
Comment 4 Scott Poore 2014-01-29 16:28:37 UTC 
Verified.

Version ::

ipa-server-3.3.3-15.el7.x86_64

Test Results ::

ON MASTER:

[root@rhel7-4 ~]# ipa-server-install -r $REALM -n $DOMAIN -p Secret123 -P Secret123 -a Secret123 -U
...

ON REPLICA:

[root@rhel7-5 ~]# ssh root@$MASTER "ipa-replica-prepare -p Secret123 $REPLICA1"
...

[root@rhel7-5 ~]# sftp root@$MASTER:/var/lib/ipa/replica-info-$REPLICA1.gpg /dev/shm
root.com's password: 
Connected to rhel7-4.example.com.
Fetching /var/lib/ipa/replica-info-rhel7-5.example.com.gpg to /dev/shm/replica-info-rhel7-5.example.com.gpg
/var/lib/ipa/replica-info-rhel7-5.example.com.gpg                    100%   37KB  37.1KB/s   00:00    

[root@rhel7-5 ~]# ipa-replica-install -U --setup-ca -w Secret123 -p Secret123  /dev/shm/replica-info-$REPLICA1.gpg

ON MASTER:

[root@rhel7-4 ~]# ipa-dns-install -p Secret123 --forwarder=192.168.122.1 -U

The log file for this installation can be found in /var/log/ipaserver-install.log
==============================================================================
This program will setup DNS for the IPA Server.

This includes:
  * Configure DNS (bind)

To accept the default shown in brackets, press the Enter key.

Using reverse zone 122.168.192.in-addr.arpa.
Configuring DNS (named)
  [1/11]: adding DNS container
  [2/11]: setting up our zone
  [3/11]: setting up reverse zone
  [4/11]: setting up our own record
  [5/11]: setting up records for other masters
  [6/11]: setting up CA record
  [7/11]: setting up kerberos principal
  [8/11]: setting up named.conf
  [9/11]: restarting named
  [10/11]: configuring named to start on boot
  [11/11]: changing resolv.conf to point to ourselves
Done configuring DNS (named).
Restarting the web server
==============================================================================
Setup complete

Global DNS configuration in LDAP server is empty
You can use 'dnsconfig-mod' command to set global DNS options that
would override settings in local named.conf files


	You must make sure these network ports are open:
		TCP Ports:
		  * 53: bind
		UDP Ports:
		  * 53: bind

[root@rhel7-4 ~]# cat /etc/resolv.conf 
search example.com
nameserver 192.168.122.74

[root@rhel7-4 ~]# kinit admin
Password for admin: 

[root@rhel7-4 ~]# ipa dnsrecord-find example.com
  Record name: @
  NS record: rhel7-4.example.com.

  Record name: _kerberos
  TXT record: EXAMPLE.COM

  Record name: _kerberos-master._tcp
  SRV record: 0 100 88 rhel7-4, 0 100 88 rhel7-5

  Record name: _kerberos-master._udp
  SRV record: 0 100 88 rhel7-4, 0 100 88 rhel7-5

  Record name: _kerberos._tcp
  SRV record: 0 100 88 rhel7-4, 0 100 88 rhel7-5

  Record name: _kerberos._udp
  SRV record: 0 100 88 rhel7-4, 0 100 88 rhel7-5

  Record name: _kpasswd._tcp
  SRV record: 0 100 464 rhel7-4, 0 100 464 rhel7-5

  Record name: _kpasswd._udp
  SRV record: 0 100 464 rhel7-4, 0 100 464 rhel7-5

  Record name: _ldap._tcp
  SRV record: 0 100 389 rhel7-4, 0 100 389 rhel7-5

  Record name: _ntp._udp
  SRV record: 0 100 123 rhel7-4, 0 100 123 rhel7-5

  Record name: ipa-ca
  A record: 192.168.122.74, 192.168.122.75

  Record name: rhel7-4
  A record: 192.168.122.74

  Record name: rhel7-5
  A record: 192.168.122.75
-----------------------------
Number of entries returned 13
-----------------------------

[root@rhel7-4 ~]# dig +short @$(hostname) rhel7-4.example.com
192.168.122.74

[root@rhel7-4 ~]# dig +short @$(hostname) rhel7-5.example.com
192.168.122.75

[root@rhel7-4 ~]# dig +short @$(hostname) ipa-ca.example.com
192.168.122.75
192.168.122.74
Comment 5 Ludek Smid 2014-06-13 10:50:16 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.