RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 962814 - PTR record synchronization doesn't work with IPv6 addresses
Summary: PTR record synchronization doesn't work with IPv6 addresses
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: bind-dyndb-ldap
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Petr Spacek
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-05-14 13:33 UTC by Dmitri Pal
Modified: 2015-01-21 15:41 UTC (History)
2 users (show)

Fixed In Version: bind-dyndb-ldap-3.5-1.el7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-13 10:57:06 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Dmitri Pal 2013-05-14 13:33:04 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/bind-dyndb-ldap/ticket/118

bind-dyndb-ldap uses function that does NOT support IPv6 addresses.

Namely in ldap_helper.c:2804 -> function modify_ldap_common() uses function inet_addr() to convert IP address from string to struct in_addr_t.

Struct in_addr_t is used to store IPv4 address and does not support IPv6 addresses. Also function inet_addr() supports only IPv4 addresses.

To support IPv4 and IPv6 addresses you should use inet_pton() instead of inet_addr(), and also make necessary changes to the code to use struct capable of storing IPv6 address.

If you would like to read more information about porting IPv4 code to support also IPv6, you can check http://uw714doc.sco.com/en/SDK_netapi/sockC.PortIPv4appIPv6.html.
Comment 1 Namita Soman 2013-05-15 12:59:07 UTC 
Please provide steps to verify......thanks!
Comment 2 Petr Spacek 2013-05-15 13:06:10 UTC 
Steps to reproduce and in the upstream ticket:
https://fedorahosted.org/bind-dyndb-ldap/ticket/118#comment:2

Just configure one forward and one reverse zone (as for any other test related to PTR record sychronization) and try do nsupdate with IPv6 address belonging to the reverse zone.
Comment 3 Petr Spacek 2013-05-29 11:36:23 UTC 
Upstream ticket was closed
Comment 4 Xiyang Dong 2014-01-31 19:32:18 UTC 
Verified on :
ipa-server-3.3.3-6.el7.x86_64

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: bz962814 - PTR record synchronization doesn't work with IPv6 addresses 
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 14:22:47 ] ::  execute expect file: /tmp/kinit.18525.exp

set timeout 30
set force_conservative 0 
set send_slow {1 .001} 
spawn /usr/bin/kinit -V admin
expect Password for *
send -s -- Secret123\r
expect eof 
spawn /usr/bin/kinit -V admin
SeUsing existing cache: persistent:0:0
Using principal: admin
cret1Password for admin: 
Authenticated to Kerberos v5
Default principal: admin
:: [ 14:22:47 ] ::  Success: kinit as [admin] with password [Secret123] was successful.
:: [   PASS   ] :: Kinit as admin user (Expected 0, got 0)
  Zone name: example.com
  Authoritative nameserver: ns
  Administrator e-mail address: hostmaster.example.com.
  SOA serial: 1391196168
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TESTRELM.COM krb5-self * A; grant TESTRELM.COM krb5-self * AAAA;
                      grant TESTRELM.COM krb5-self * SSHFP;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;
:: [   PASS   ] :: Add test zone (Expected 0, got 0)
  Zone name: 6.0.0.0.5.0.0.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.ip6.arpa.
  Authoritative nameserver: ns.example.com.
  Administrator e-mail address: hostmaster.6.0.0.0.5.0.0.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.ip6.arpa.
  SOA serial: 1391196170
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TESTRELM.COM krb5-subdomain
                      6.0.0.0.5.0.0.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.ip6.arpa. PTR;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;
:: [   PASS   ] :: Add test reverse zone (Expected 0, got 0)
  Zone name: example.com
  Authoritative nameserver: ns
  Administrator e-mail address: hostmaster.example.com.
  SOA serial: 1391196170
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Dynamic update: TRUE
  Allow query: any;
  Allow transfer: none;
:: [   PASS   ] :: Enable dynamic updates for forward zone (Expected 0, got 0)
  Zone name: example.com
  Authoritative nameserver: ns
  Administrator e-mail address: hostmaster.example.com.
  SOA serial: 1391196170
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Allow query: any;
  Allow transfer: none;
  Allow PTR sync: TRUE
:: [   PASS   ] :: Enable PTR record synchronization (Expected 0, got 0)
  Zone name: 6.0.0.0.5.0.0.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.ip6.arpa.
  Authoritative nameserver: ns.example.com.
  Administrator e-mail address: hostmaster.6.0.0.0.5.0.0.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.ip6.arpa.
  SOA serial: 1391196170
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Dynamic update: TRUE
  Allow query: any;
  Allow transfer: none;
:: [   PASS   ] :: Enable dynamic updates in reverse zone (Expected 0, got 0)
-----------------------------
Added host "test.example.com"
-----------------------------
  Host name: test.example.com
  Principal name: host/test.example.com
  Password: False
  Keytab: False
  Managed by: test.example.com
:: [   PASS   ] :: Add host test.example.com (Expected 0, got 0)
Keytab successfully retrieved and stored in: /tmp/tmp.Oa4Z8qm72K/bz962814.keytab
:: [   PASS   ] :: get keytab for test.example.com (Expected 0, got 0)
:: [   PASS   ] :: kinit use principal for test.example.com (Expected 0, got 0)
Reply from SOA query:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id:  52045
;; flags: qr aa rd ra; QUESTION: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;test.example.com.		IN	SOA

;; AUTHORITY SECTION:
example.com.		0	IN	SOA	70master.testrelm.com. hostmaster.example.com. 1391196170 3600 900 1209600 3600

Found zone name: example.com
The master is: 70master.testrelm.com
start_gssrequest
Found realm from ticket: TESTRELM.COM
send_gssrequest
Outgoing update query:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  56221
;; flags:; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;1066446545.sig-70master.testrelm.com. ANY TKEY

;; ADDITIONAL SECTION:
1066446545.sig-70master.testrelm.com. 0	ANY TKEY gss-tsig. 1391196175 1391196175 3 NOERROR 643 YIICfwYJKoZIhvcSAQICAQBuggJuMIICaqADAgEFoQMCAQ6iBwMFACAA AACjggFwYYIBbDCCAWigAwIBBaEOGwxURVNUUkVMTS5DT02iJzAloAMC AQGhHjAcGwNETlMbFTcwbWFzdGVyLnRlc3RyZWxtLmNvbaOCASYwggEi oAMCARKhAwIBAqKCARQEggEQygwNyKpH/9oO6BmiXnvWd/bmNEDMOk2z jsHMD26nCyzWrBo+o6BT4R9zNrdYIDRRnSo9st2uO9JPO5iZXTnHeWPe bCLL4SdPdZ45lHoyCq7XGJvn6JzFuUBUr2igGIVr8yK0cPY/f+Ds7/iy EwIj/8YfWalzQJkMqRUBN2E+UU4CFfC6090RIHtswKD8vGwjFzAmSsrJ d2C9jJqIGZFHtudPEPKKVxOOFaNLKy6CUPmRfW4Q4689xnQLs2KqvGzE Ststz2lC5VqQ5OEkMhMTtsECUBKNWMzAqWuUz0FpcVpoDYc7ZqEeL2XD IpVDdCS09OtQoD4aRu3lG+HxMg3ymYJc2hyVmxUByA1AuFgnl7GkgeAw gd2gAwIBEqKB1QSB0na+oTd3Kpe9iEOB4ypCJGyaq8UECDUOenWIYeWh 05cIhmO8vN6lNFBmFkB8iEpzhVPPmiRIS3H2lSRDMorWr/NBIlCv/ZuI 500HMXNNZGS98lZWsuydRx1Ng6xZ5ubayl4V4+0FwZ2M/FPxxjsqzZ2V rGD/XS+jIDGQ71kthQsSbQsxsqK3HXd+ysrAdIJSkPAV8moQuh2tsBGF LM86CF7pmoz5yWVCzDXetFDuBwUvh7oozh+FWaAts7W3O1X1WKEBvPVV XhHPGn7u++ztrysVzw== 0

recvmsg reply from GSS-TSIG query
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:  56221
;; flags: qr ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;1066446545.sig-70master.testrelm.com. ANY TKEY

;; ANSWER SECTION:
1066446545.sig-70master.testrelm.com. 0	ANY TKEY gss-tsig. 1391196175 1391199775 3 NOERROR 156 YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKi cQRvWC53Ke+yNRgaz0mxfHpo1K4DYBOLCdClBBnO38qWDzKjc2W8ZiQQ b5fJT/LZQJPsQsSo8cyhyCFe4vBX9FK/svVdmbmIPAeLFW4Oti/0npSr G1QdlktPDEc0sUz7UeR/LH69nbg4LN7aYKX2hvYJ 0

Sending update to 10.18.57.215#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  27109
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; UPDATE SECTION:
test.example.com.	3600	IN	AAAA	1:2:3:4:5:6:7:8

;; TSIG PSEUDOSECTION:
1066446545.sig-70master.testrelm.com. 0	ANY TSIG gss-tsig. 1391196175 300 28 BAQE//////8AAAAANTJZ3xL3Qpx2V0yHFSw33w== 27109 NOERROR 0 


Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  27109
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;example.com.			IN	SOA

;; TSIG PSEUDOSECTION:
1066446545.sig-70master.testrelm.com. 0	ANY TSIG gss-tsig. 1391196175 300 28 BAQF//////8AAAAAKOkviZsp1zNkuUjzgRtK9Q== 27109 NOERROR 0 

:: [   PASS   ] :: EXECUTING: nsupdate -g /tmp/tmp.Oa4Z8qm72K/nsupdate.txt (Expected 0, got 0)
:: [ 14:22:55 ] ::  execute expect file: /tmp/kinit.26389.exp

set timeout 30
set force_conservative 0 
set send_slow {1 .001} 
spawn /usr/bin/kinit -V admin
expect Password for *
send -s -- Secret123\r
expect eof 
spawn /usr/bin/kinit -V admin
Using existing cache: persistent:0:0
Using principal: admin
SecrPassword for admin: 
Authenticated to Kerberos v5
Default principal: admin
:: [ 14:22:55 ] ::  Success: kinit as [admin] with password [Secret123] was successful.
:: [   PASS   ] :: Kinit as admin user (Expected 0, got 0)
  AAAA record: 1:2:3:4:5:6:7:8
:: [   PASS   ] :: Verify that AAAA record for forward zone was added (Expected 0, got 0)
  PTR record: test.example.com.
:: [   PASS   ] :: Verify that PTR record for reverse zone was add (Expected 0, got 0)
-------------------------------
Deleted host "test.example.com"
-------------------------------
:: [   PASS   ] :: Delete host test.example.com (Expected 0, got 0)
------------------------------
Deleted DNS zone "example.com"
------------------------------
:: [   PASS   ] :: Delete test zone (Expected 0, got 0)
----------------------------------------------------------------------------
Deleted DNS zone "6.0.0.0.5.0.0.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.ip6.arpa."
----------------------------------------------------------------------------
:: [   PASS   ] :: Delete test reverse zone (Expected 0, got 0)
Comment 5 Ludek Smid 2014-06-13 10:57:06 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.
Note You need to log in before you can comment on or make changes to this bug.