Bug 958141
| Summary: | old update/transfer/query policy stays in effect if new policy contain an error | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Dmitri Pal <dpal> |
| Component: | bind-dyndb-ldap | Assignee: | Petr Spacek <pspacek> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Namita Soman <nsoman> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.0 | CC: | pspacek, xdong |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | bind-dyndb-ldap-3.5-1.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 12:37:52 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Dmitri Pal
2013-04-30 13:24:27 UTC
Please provide steps to verify Please read the description in the upstream ticket. Fixed upstream by commits 0a5051392e218702a37073823101cbb6553b9445 and b21eb8a84e2c02e7dd090d24d68f1e385b0604c3. I'm trying to change query policy to an invalid one but I got [root@70master ipa-ctl]# ipa dnszone-mod example.com --allow-query="192.0.2..0/24" ipa: ERROR: invalid 'allow_query': invalid literal for int() with base 10: '' [root@70master ipa-ctl]# ipa dnszone-mod example.com --allow-query="192.0.999.0/24" ipa: ERROR: invalid 'allow_query': invalid IPNetwork 192.0.999.0/24 Could you provide an invalid query that I can change to,or if not,what's the best way to verify this bug ? Validators were added to FreeIPA CLI so users can't enter invalid values. I would recommend you to use ldapmodify/ldapadd to modify idnsUpdatePolicy/idnsAllowTransfer/idnsAllowQuery attribures in LDAP directly. Hi petr ,
I change idnsAllowQuery to an invalid value but idnsUpdatePolicy/idnsAllowTransfer/idnsAllowQuery attribures were not showing disabled. How to trigger the disable ?
[root@70master ~]# kinit admin
Password for admin:
[root@70master ~]# testZone=example.com
[root@70master ~]# ipa dnszone-add $testZone --admin-email=hostmaster.$testZone --name-server=ns --ip-address=127.0.0.1
Zone name: example.com
Authoritative nameserver: ns
Administrator e-mail address: hostmaster.example.com.
SOA serial: 1390327977
SOA refresh: 3600
SOA retry: 900
SOA expire: 1209600
SOA minimum: 3600
BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA;
grant TESTRELM.COM krb5-self * SSHFP;
Active zone: TRUE
Dynamic update: FALSE
Allow query: any;
Allow transfer: none;
[root@70master ~]# ldapsearch -x -D "cn=Directory Manager" -w Secret123|grep "dn: idnsname=example.com,cn=dns,dc=testrelm,dc=com" -A 15
dn: idnsname=example.com,cn=dns,dc=testrelm,dc=com
idnsZoneActive: TRUE
idnsSOAexpire: 1209600
idnsAllowQuery: any;
nSRecord: ns
idnsSOAserial: 1390327980
idnsAllowTransfer: none;
idnsSOAretry: 900
idnsSOAminimum: 3600
idnsUpdatePolicy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-se
lf * AAAA; grant TESTRELM.COM krb5-self * SSHFP;
idnsSOArefresh: 3600
objectClass: top
objectClass: idnsrecord
objectClass: idnszone
idnsName: example.com
[root@70master ~]# cat >modifyAllowQuery.ldif << EOF
> dn: idnsname=example.com,cn=dns,dc=testrelm,dc=com
> changetype: modify
> replace: idnsAllowQuery
> idnsAllowQuery: 192.0.2..0/24
> EOF
[root@70master ~]# ldapmodify -x -D "cn=Directory Manager" -w Secret123 -f modifyAllowQuery.ldif
modifying entry "idnsname=example.com,cn=dns,dc=testrelm,dc=com"
[root@70master ~]# ldapsearch -x -D "cn=Directory Manager" -w Secret123|grep "dn: idnsname=example.com,cn=dns,dc=testrelm,dc=com" -A 15
dn: idnsname=example.com,cn=dns,dc=testrelm,dc=com
idnsZoneActive: TRUE
idnsSOAexpire: 1209600
idnsAllowQuery: 192.0.2..0/24
nSRecord: ns
idnsSOAserial: 1390327980
idnsAllowTransfer: none;
idnsSOAretry: 900
idnsSOAminimum: 3600
idnsUpdatePolicy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-se
lf * AAAA; grant TESTRELM.COM krb5-self * SSHFP;
idnsSOArefresh: 3600
objectClass: top
objectClass: idnsrecord
objectClass: idnszone
idnsName: example.com
Hi Xiyang. Comment #0 tells: > Proposed fix: > * Disable all updates/transfers/queries if the new policy contain an error. This should prevent nasty surprises for admins. This is not related to values in LDAP - whatever user puts to LDAP stays here. The difference is in the way how bind-dyndb-ldap interprets invalid values. Try to query the zone with invalid query policy - the query should be refused. The same applies to updates and zone transfers. Always configure a valid policy, do the action to verify that it works (e.g. do a zone transfer), then change the policy to something invalid and try the action again. Replying to question from IRC: Syntax for allow-transfer configuration is: http://www.zytrax.com/books/dns/ch7/xfer.html#allow-transfer For zone transfer you can use dig: dig @server_IP -t AXFR zone.example.com. Verified on: ipa-server-3.3.3-6.el7.x86_64 bind-dyndb-ldap-3.5-2.el7.x86_64 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: bz958141 - old update/transfer/query policy stays in effect if new policy contain an error :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ 15:29:49 ] :: execute expect file: /tmp/kinit.25832.exp set timeout 30 set force_conservative 0 set send_slow {1 .001} spawn /usr/bin/kinit -V admin expect Password for * send -s -- Secret123\r expect eof spawn /usr/bin/kinit -V admin SUsing existing cache: persistent:0:0 Using principal: admin ecretPassword for admin: Authenticated to Kerberos v5 Default principal: admin :: [ 15:29:50 ] :: Success: kinit as [admin] with password [Secret123] was successful. :: [ PASS ] :: Kinit as admin user (Expected 0, got 0) Zone name: example.com Authoritative nameserver: ns Administrator e-mail address: hostmaster.example.com. SOA serial: 1390595391 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Dynamic update: FALSE Allow query: any; Allow transfer: none; :: [ PASS ] :: Add test zone (Expected 0, got 0) :: [ PASS ] :: get the original BIND update policy (Expected 0, got 0) Record name: test A record: 1.2.3.4 :: [ PASS ] :: Add A rec for test.example.com (Expected 0, got 0) Zone name: example.com Authoritative nameserver: ns Administrator e-mail address: hostmaster.example.com. SOA serial: 1390595394 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Dynamic update: TRUE Allow query: any; Allow transfer: none; :: [ PASS ] :: Enable dynamic updates for forward zone (Expected 0, got 0) ----------------------------- Added host "test.example.com" ----------------------------- Host name: test.example.com Principal name: host/test.example.com Password: False Keytab: False Managed by: test.example.com :: [ PASS ] :: Add host test.example.com (Expected 0, got 0) Keytab successfully retrieved and stored in: /tmp/tmp.Zjy6tPPzQG/bz958141.keytab :: [ PASS ] :: get keytab for test.example.com (Expected 0, got 0) :: [ PASS ] :: kinit use principal for test.example.com (Expected 0, got 0) Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25078 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;test.example.com. IN SOA ;; AUTHORITY SECTION: example.com. 3600 IN SOA 70master.testrelm.com. hostmaster.example.com. 1390595394 3600 900 1209600 3600 Found zone name: example.com The master is: 70master.testrelm.com start_gssrequest Found realm from ticket: TESTRELM.COM send_gssrequest Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24648 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;3714725673.sig-70master.testrelm.com. ANY TKEY ;; ADDITIONAL SECTION: 3714725673.sig-70master.testrelm.com. 0 ANY TKEY gss-tsig. 1390595396 1390595396 3 NOERROR 623 YIICawYJKoZIhvcSAQICAQBuggJaMIICVqADAgEFoQMCAQ6iBwMFACAA AACjggFcYYIBWDCCAVSgAwIBBaEOGwxURVNUUkVMTS5DT02iJzAloAMC AQGhHjAcGwNETlMbFTcwbWFzdGVyLnRlc3RyZWxtLmNvbaOCARIwggEO oAMCARKhAwIBAqKCAQAEgf1qYUF/xRjTKtf5BPqZ4gQPw/u3hvX+LjOZ TcO+hcfZC3xFGU9wgsGdDNhuIUreYQubSHGm7QxM+7aJ7fYXoVCOxw7F RNHSFai58UV3rjQ/pqY3DQqlgRf5d2LptvozoqSHNX1NlA13692cQp42 tmQeECtpiS/syzWqUNDgh9n8JykLpEQkHNTAoqJ8g3M8RLs7Th3Sgyft wnnmkhek/VEDAwmAjBX3bJ0KkJjo4Vav0STCio8OlfaDXR8GF8sXvw/V nqR0Q1Qn0YKB4/WgeVHfLL+/flma40rV55lz31OH/R5tDyrAhCfpob76 QuxMZRAGMUJS/NPBeROqNoaopIHgMIHdoAMCARKigdUEgdK2vsS8Bdu4 FCCj6WBcyoLC8ewcxy+7AhYCF269iLKOuXCE7A4kt50/aBf6kPBgfxEq SxhqoGjb6NuGjrWG4j/K12jr2dom0K6d46dbdi1PcHtuwS2VDPr3i41i jv2+tM1rhToKc5Ksp+xqM0Zv4KorvXOBVnpXby4TVXX/TUteU8KVhWyb fdzOLv05KRFRrPBcavR3CQ/PEiWRdsQD5P2GqIPYQx0G8IukENqmpdrG zuO7VvXee9b9MVu+VpGXVFUvI9s7jwoQTA/s77ffDhG3oAU= 0 recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24648 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;3714725673.sig-70master.testrelm.com. ANY TKEY ;; ANSWER SECTION: 3714725673.sig-70master.testrelm.com. 0 ANY TKEY gss-tsig. 1390595396 1390598996 3 NOERROR 156 YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKi cQRvYMkBCbrYwt8Cb5KiqO3aCWfR374LMggdCD8wDk72C54ctHUeh+PT Pkpbe+Pt0/eUbonTG5uzzHbiaIpA1lcVLfE3RGdDxUMt7W+1eWtJkTYu Zg/FJKHpKUnmAsgkRWPNSWIBg6UFLTrTDWeyBzZQ 0 Sending update to 10.18.57.215#53 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 59932 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: test.example.com. 0 NONE A 1.2.3.4 ;; TSIG PSEUDOSECTION: 3714725673.sig-70master.testrelm.com. 0 ANY TSIG gss-tsig. 1390595396 300 28 BAQE//////8AAAAALYqyNtqkIUxMrL6YXXm8aQ== 59932 NOERROR 0 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 59932 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;example.com. IN SOA ;; TSIG PSEUDOSECTION: 3714725673.sig-70master.testrelm.com. 0 ANY TSIG gss-tsig. 1390595397 300 28 BAQF//////8AAAAAFWKybz0Xk0jfZ5DDc0u3bg== 59932 NOERROR 0 :: [ PASS ] :: EXECUTING: nsupdate -g /tmp/tmp.Zjy6tPPzQG/nsupdate.txt,verify a valid dynamic update with valid BIND update policy (Expected 0, got 0) :: [ 15:29:57 ] :: execute expect file: /tmp/kinit.11211.exp set timeout 30 set force_conservative 0 set send_slow {1 .001} spawn /usr/bin/kinit -V admin expect Password for * send -s -- Secret123\r expect eof spawn /usr/bin/kinit -V admin Using existing cache: persistent:0:0 Using principal: admin SecrPassword for admin: Authenticated to Kerberos v5 Default principal: admin :: [ 15:29:57 ] :: Success: kinit as [admin] with password [Secret123] was successful. :: [ PASS ] :: Kinit as admin user (Expected 0, got 0) Zone name: example.com Authoritative nameserver: ns Administrator e-mail address: hostmaster.example.com. SOA serial: 1390595396 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: invalid value Active zone: TRUE Allow query: any; Allow transfer: none; :: [ PASS ] :: change update policy to some invalid value (Expected 0, got 0) Record name: test A record: 1.2.3.4 :: [ PASS ] :: Add A rec for test.example.com (Expected 0, got 0) :: [ PASS ] :: kinit use principal for test.example.com (Expected 0, got 0) Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10324 ;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;test.example.com. IN SOA ;; AUTHORITY SECTION: example.com. 3600 IN SOA 70master.testrelm.com. hostmaster.example.com. 1390595399 3600 900 1209600 3600 Found zone name: example.com The master is: 70master.testrelm.com start_gssrequest Found realm from ticket: TESTRELM.COM send_gssrequest Outgoing update query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35116 ;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;4176817492.sig-70master.testrelm.com. ANY TKEY ;; ADDITIONAL SECTION: 4176817492.sig-70master.testrelm.com. 0 ANY TKEY gss-tsig. 1390595400 1390595400 3 NOERROR 642 YIICfgYJKoZIhvcSAQICAQBuggJtMIICaaADAgEFoQMCAQ6iBwMFACAA AACjggFwYYIBbDCCAWigAwIBBaEOGwxURVNUUkVMTS5DT02iJzAloAMC AQGhHjAcGwNETlMbFTcwbWFzdGVyLnRlc3RyZWxtLmNvbaOCASYwggEi oAMCARKhAwIBAqKCARQEggEQy2AiQUgmHCcRIS2pczY0iI7+QL9GF96N B4u09c3RmXNE7QHfvHz5G1/3gD4/WJf3yhMalrejdvsVtLjgyykZ6fjB NVNvLL7ZkDdNi+K4hwc4+aThcFW+F8BKdvxBGrjEFyNTxXJsb75WmQpA cLYLmyJ4wdfKyw1o0DI5z+hOwNn4H2XTjRLwmUdihQ/c5mOvLMAwGtZx LM6Qdmi7klFF1dGgsdoTsoPmhkuEy/BBSqut2X/kN6VbXSIKj0XLCnZx jQ5u+gj0E2CezAaryeg8P1fbcd4otSp94Y+Vb9PiDvIhmgB7cOuErwI0 kag5tYypCE0t6hIcQ5NADt3BUFCeYFaDc/ipS6XvEnKQy1w6F5mkgd8w gdygAwIBEqKB1ASB0UfvkP0UzYXnf3ksnlxz3DVrPHf+K5PSLGojd1hs 3prgNSgSifsa/KZv8GSXc2TQW3auCiZhoWvm76E/PUh47v3f3xFMMnjy xfTS+87ich8BfqewOJNAAGqNQtX6hCmruM4MWH8GgyZxYtBZAtKdqsYH f8DioG0spWQ4a84w26PSKi5wTSw4sienVP1WK7qoazr2MIfaUCNEA4V9 feZO/Ou7jeYmQlxkTisruodvikKNPd3zwLRLCxmeWycXhACw9kC+uZXb 7qTSyF5gNDGDWYom 0 recvmsg reply from GSS-TSIG query ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35116 ;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;4176817492.sig-70master.testrelm.com. ANY TKEY ;; ANSWER SECTION: 4176817492.sig-70master.testrelm.com. 0 ANY TKEY gss-tsig. 1390595400 1390599000 3 NOERROR 156 YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKi cQRvb8zSydpmH5FTsxyt+bv6vKX6pdzQiIaAfv/meMo4Y2tqKCKPuswl rASOg5U3AyJ3A+zCYng3tOUwAZzrS6I03gp392pGkG/EaYTykuHDpQHB aetA7r4826QI1wXJjWlLPz6fbKPT9Bp78LNQ9PoE 0 Sending update to 10.18.57.215#53 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 59512 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1 ;; UPDATE SECTION: test.example.com. 0 NONE A 1.2.3.4 ;; TSIG PSEUDOSECTION: 4176817492.sig-70master.testrelm.com. 0 ANY TSIG gss-tsig. 1390595400 300 28 BAQE//////8AAAAAABMCXtWtJqK1xRfnjnGbGQ== 59512 NOERROR 0 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: REFUSED, id: 59512 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1 ;; ZONE SECTION: ;example.com. IN SOA ;; TSIG PSEUDOSECTION: 4176817492.sig-70master.testrelm.com. 0 ANY TSIG gss-tsig. 1390595400 300 28 BAQF//////8AAAAAILgTm/C4CtoXQV+a+EnVfQ== 59512 NOERROR 0 :: [ PASS ] :: EXECUTING: nsupdate -g /tmp/tmp.Zjy6tPPzQG/nsupdate.txt,verify a dynamic update is disabled with invalid BIND update policy (Expected 2, got 2) :: [ 15:30:00 ] :: execute expect file: /tmp/kinit.24755.exp set timeout 30 set force_conservative 0 set send_slow {1 .001} spawn /usr/bin/kinit -V admin expect Password for * send -s -- Secret123\r expect eof spawn /usr/bin/kinit -V admin Using existing cache: persistent:0:0 Using principal: admin SecrPassword for admin: Authenticated to Kerberos v5 Default principal: admin :: [ 15:30:00 ] :: Success: kinit as [admin] with password [Secret123] was successful. :: [ PASS ] :: Kinit as admin user (Expected 0, got 0) Zone name: example.com Authoritative nameserver: ns Administrator e-mail address: hostmaster.example.com. SOA serial: 1390595399 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA; grant TESTRELM.COM krb5-self * SSHFP; Active zone: TRUE Allow query: any; Allow transfer: none; :: [ PASS ] :: change back to original BIND update policy (Expected 0, got 0) Zone name: example.com Authoritative nameserver: ns Administrator e-mail address: hostmaster.example.com. SOA serial: 1390595399 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: any; :: [ PASS ] :: default allow transfer is none, change to any (Expected 0, got 0) ; <<>> DiG 9.9.4-RedHat-9.9.4-9.el7 <<>> @127.0.0.1 -t AXFR example.com ; (1 server found) ;; global options: +cmd example.com. 86400 IN SOA 70master.testrelm.com. hostmaster.example.com. 1390595399 3600 900 1209600 3600 example.com. 86400 IN NS ns.example.com. ns.example.com. 86400 IN A 127.0.0.1 _kerberos.example.com. 86400 IN TXT "TESTRELM.COM" test.example.com. 86400 IN A 1.2.3.4 example.com. 86400 IN SOA 70master.testrelm.com. hostmaster.example.com. 1390595399 3600 900 1209600 3600 ;; Query time: 7 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Jan 24 15:30:03 EST 2014 ;; XFR size: 6 records (messages 1, bytes 219) :: [ PASS ] :: verify that zone transfer works with valid allow transfer policy (Expected 0, got 0) :: [ 15:30:04 ] :: dn for zone example.com is dn: idnsname=example.com,cn=dns,dc=testrelm,dc=com modifying entry "idnsname=example.com,cn=dns,dc=testrelm,dc=com" :: [ PASS ] :: Change idnsAllowTransfer to an invalid value (Expected 0, got 0) ; Transfer failed. :: [ PASS ] :: Verify that zone transfer fails with invalid allow transfer policy (Expected 0, got 0) Zone name: example.com Authoritative nameserver: ns Administrator e-mail address: hostmaster.example.com. SOA serial: 1390595399 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; :: [ PASS ] :: change back to original zone transfer policy :none (Expected 0, got 0) ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36812 :: [ PASS ] :: verify that query works (Expected 0, got 0) modifying entry "idnsname=example.com,cn=dns,dc=testrelm,dc=com" :: [ PASS ] :: Change idnsAllowQuery to an invalid value (Expected 0, got 0) ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 59668 :: [ PASS ] :: verify that query is disabled (Expected 0, got 0) Zone name: example.com Authoritative nameserver: ns Administrator e-mail address: hostmaster.example.com. SOA serial: 1390595399 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Allow query: any; Allow transfer: none; :: [ PASS ] :: change back to original zone transfer policy :any (Expected 0, got 0) ------------------------------- Deleted host "test.example.com" ------------------------------- :: [ PASS ] :: delete host test.example.com (Expected 0, got 0) ------------------------------ Deleted DNS zone "example.com" ------------------------------ :: [ PASS ] :: delete test zone example.com (Expected 0, got 0) This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |