[Freeipa-devel] [PATCH] 0645 ipa-replica-prepare: Wait for the DNS entry to be resolvable
Petr Spacek
pspacek at redhat.com
Tue Sep 23 16:00:04 UTC 2014
On 22.9.2014 14:09, Petr Viktorin wrote:
> On 09/22/2014 01:48 PM, Petr Spacek wrote:
>> On 22.9.2014 10:38, Martin Kosek wrote:
>>> On 09/22/2014 10:31 AM, Petr Spacek wrote:
>>>> On 22.9.2014 10:14, Martin Kosek wrote:
>>>>> On 09/19/2014 07:29 PM, Petr Viktorin wrote:
>>>>>> https://fedorahosted.org/freeipa/ticket/4551
>>>>>>
>>>>>> See ticket & commit message for details.
>>>>>
>>>>> Shouldn't we add a 1 sec sleep between tries? Wouldn't current
>>>>> version just
>>>>> hammer DNS server with as many DNS queries as it can send?
>>>>
>>>> Oh yes, please add some time.sleep() call :-)
>
> Wow, no idea how that slipped out. Thanks for the catch.
>
>>>> Also I would like to see more detailed message:
>>>> + self.log.info('Waiting for hostname %s to be resolvable',
>>>> + self.replica_fqdn)
>>>>
>>>> => 'Waiting for hostname %s to be resolvable to A or AAAA record'
>>>
>>> <bikeshed>
>>>
>>> Really? Shouldn't term "resolvable" already have that covered? A good
>>> software
>>> should work on all network types, whether it is IPv4, IPv6 or IPv8. So I
>>> personally do not think we need to be that specific and can stick to
>>> original
>>> proposal.
>>
>> I will agree with you if you post magic code which will work with DNS
>> records for IPv8 :-) The code is not going to work with IPv8 just
>> because we didn't mention 'A/AAAA' in the error message, A and AAAA
>> RRtypes are hardcoded in the code.
>
> +1; we're checking A and AAAA so that's what we should say we're doing.
>
> Is this wording OK?
Little NACK. (However, the wording is fine.)
Tcpdump revealed this:
IP vm-117.test.34067 > vm-133.test.domain: 38467+ A? vm-092.test. (51)
IP vm-133.test.domain > vm-117.test.34067: 38467 NXDomain* 0/1/0 (116)
IP vm-117.test.36006 > vm-133.test.domain: 20194+ A? vm-092.test.ipa.example. (63)
IP vm-133.test.domain > vm-117.test.36006: 20194 NXDomain* 0/1/0 (143)
IP vm-117.test.51333 > vm-133.test.domain: 34027+ AAAA? vm-092.test. (51)
IP vm-133.test.domain > vm-117.test.51333: 34027 NXDomain* 0/1/0 (116)
IP vm-117.test.60373 > vm-133.test.domain: 45679+ AAAA?
vm-092.test.ipa.example. (63)
You can see that the query for each A/AAAA type is repeated twice, the second
time with 'ipa.example.' suffix.
This is caused by search list processing (search directive in
/etc/resolv.conf) and is highly undesirable. (Read this [1] e-mail if you want
to hear it from Paul Vixie.)
The fix is simple: You have to be sure that self.replica_fqdn is actually
absolute FQDN - with the trailing period.
Naive solution would be to use
dns_answer = resolver.query(self.replica_fqdn + '.', 'A', 'IN')
but I don't know if self.replica_fqdn variable can contain trailing period or not.
Mbasti can show you more advanced code snippets using 'dns.name'.
[1] https://lists.dns-oarc.net/pipermail/dns-operations/2014-September/012157.html
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list