[Freeipa-devel] [PATCH] 791 don't add IP address when creating zone

Martin Kosek mkosek at redhat.com
Fri May 27 10:06:08 UTC 2011 

On Thu, 2011-05-26 at 15:11 -0400, Rob Crittenden wrote:
> When creating a DNS zone if an IP address was passed in that address was 
> added to the record of the IPA server.
> 
> This was causing problems when creating new reverse zones for different 
> subnets with ipa-replica-prepare. If you padded in --ip_address then a 
> new reverse DNS zone would be created and the new IP would be added to 
> the IPA master. Installing the replica file would fail with odd errors.
> 
> ticket 1223
> 
> rob

NACK. This breaks current --ip-address option functionality for
dnszone-add added in ticket #838. It is a shortcut to add a new zone
with a non-resolvable name server and the A/AAAA record of the new name
server at the same time.

This is behavior with your patch (ns.example.com is not resolvable):
# ipa dnszone-add example.com --name-server=ns.example.com --admin-email=admin at example.com --ip-address=1.2.3.4
  Zone name: example.com
  Authoritative nameserver: ns.example.com.
  Administrator e-mail address: admin.example.com.
  SOA serial: 2011270501
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Dynamic update: FALSE
# ipa dnsrecord-show example.com ns
ipa: ERROR: ns: DNS resource record not found

And without it:
# ipa dnszone-add example2.com --name-server=ns.example2.com --admin-email=admin at example2.com --ip-address=1.2.3.4
  Zone name: example2.com
  Authoritative nameserver: ns.example2.com.
  Administrator e-mail address: admin.example2.com.
  SOA serial: 2011270501
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  Active zone: TRUE
  Dynamic update: FALSE
# ipa dnsrecord-show example2.com ns  Record name: ns
  A record: 1.2.3.4

I think all we have to do is to fix ipa-replica-prepare:
...
    if options.ip_address:
        print "Adding DNS records for %s" % replica_fqdn
        api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dirman_password)

        domain = replica_fqdn.split(".")
        name = domain.pop(0)
        domain = ".".join(domain)

        zone = add_zone(domain, nsaddr=options.ip_address)
        add_rr(zone, name, "A", options.ip_address)
        add_reverse_zone(options.ip_address)       <== BUG
        add_ptr_rr(options.ip_address, replica_fqdn)

Currently, we are adding a reverse zone with a name server IP address
pointing to the new replica instead of the current master. And this is
just wrong.

Martin

More information about the Freeipa-devel mailing list