[Freeipa-devel] [PATCH] 0035 client: Update DNS with all available local IP addresses.

David Kupka dkupka at redhat.com
Thu Jan 15 16:13:54 UTC 2015 

On 01/15/2015 03:22 PM, David Kupka wrote:
> On 01/15/2015 12:43 PM, David Kupka wrote:
>> On 01/12/2015 06:34 PM, Martin Basti wrote:
>>> On 09/01/15 14:43, David Kupka wrote:
>>>> On 01/07/2015 04:15 PM, Martin Basti wrote:
>>>>> On 07/01/15 12:27, David Kupka wrote:
>>>>>> https://fedorahosted.org/freeipa/ticket/4249
>>>>>
>>>>> Thank you for patch:
>>>>>
>>>>> 1)
>>>>> -        root_logger.error("Cannot update DNS records! "
>>>>> -                          "Failed to connect to server '%s'.",
>>>>> server)
>>>>> +        ips = get_local_ipaddresses()
>>>>> +    except CalledProcessError as e:
>>>>> +        root_logger.error("Cannot update DNS records. %s" % e)
>>>>>
>>>>> IMO the error message should be more specific,  add there something
>>>>> like
>>>>> "Unable to get local IP addresses". at least in log.debug()
>>>>>
>>>>> 2)
>>>>> +    lines = ipresult[0].replace('\\', '').split('\n')
>>>>>
>>>>> .replace() is not needed
>>>>>
>>>>> 3)
>>>>> +    if len(ips) == 0:
>>>>>
>>>>> if not ips:
>>>>>
>>>>> is more pythonic by PEP8
>>>>>
>>>>>
>>>> Thanks for catching these. Updated patch attached.
>>>>
>>> merciful NACK
>>>
>>> Thank you for the patch, unfortunately I hit one issue which needs to be
>>> resolved.
>>>
>>> If "sync PTR" is activated in zone settings, and reverse zone doesn't
>>> exists, nsupdate/BIND returns SERVFAIL and ipa-client-install print
>>> Error message, 'DNS update failed'. In fact, all A/AAAA records was
>>> succesfully updated, only PTR records failed.
>>>
>>> Bind log:
>>> named-pkcs11[28652]: updating zone 'example.com/IN': adding an RR at
>>> 'vm-101.example.com' AAAA
>>>
>>> named-pkcs11[28652]: PTR record synchronization (addition) for A/AAAA
>>> 'vm-101.example.com.' refused: unable to find active reverse zone for IP
>>> address '2620:52:0:104c:21a:4aff:fe10:4eaa': not found
>>>
>>> With IPv6 we have several addresses from different reverse zones and
>>> this situation may happen often.
>>> I suggest following:
>>> 1) Print list of addresses which will be updated. (Now if update fails,
>>> user needs to read log, which addresses installer tried to update)
>>> 2) Split nsupdates per A/AAAA record.
>>> 3a) If failed, check with DNS query if A/AAAA and PTR record are there
>>> and print proper error message
>>> 3b) Just print A/AAAA (or PTR) record may not be updated for particular
>>> IP address.
>>>
>>> Any other suggestions are welcome.
>>>
>>
>> After long discussion with DNS and UX guru I've implemented it this way:
>> 1. Call nsupdate only once with all updates.
>> 2. Verify that the expected records are resolvable.
>> 3. If no print list of missing A/AAAA, list of missing PTR records and
>> list to mismatched PTR record.
>>
>> As this is running inside client we can't much more and it's up to user
>> to check what's rotten in his DNS setup.
>>
>> Updated patch attached.
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>
>
> One more change to behave well in -crazy- exotic environments that
> resolves more PTR records for single IP.
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>

Yet another change to make language nerds and our UX guru happy :-)
-- 
David Kupka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-dkupka-0035-5-client-Update-DNS-with-all-available-local-IP-addres.patch
Type: text/x-patch
Size: 8249 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20150115/2d6e859b/attachment.bin>

More information about the Freeipa-devel mailing list