[Freeipa-devel] [PATCH] 0645 ipa-replica-prepare: Wait for the DNS entry to be resolvable
Petr Spacek
pspacek at redhat.com
Wed Sep 24 11:54:53 UTC 2014
On 24.9.2014 13:47, Petr Viktorin wrote:
> On 09/23/2014 06:00 PM, Petr Spacek wrote:
>> On 22.9.2014 14:09, Petr Viktorin wrote:
>>> On 09/22/2014 01:48 PM, Petr Spacek wrote:
>>>> On 22.9.2014 10:38, Martin Kosek wrote:
>>>>> On 09/22/2014 10:31 AM, Petr Spacek wrote:
>>>>>> On 22.9.2014 10:14, Martin Kosek wrote:
>>>>>>> On 09/19/2014 07:29 PM, Petr Viktorin wrote:
>>>>>>>> https://fedorahosted.org/freeipa/ticket/4551
>>>>>>>>
>>>>>>>> See ticket & commit message for details.
>>>>>>>
>>>>>>> Shouldn't we add a 1 sec sleep between tries? Wouldn't current
>>>>>>> version just
>>>>>>> hammer DNS server with as many DNS queries as it can send?
>>>>>>
>>>>>> Oh yes, please add some time.sleep() call :-)
>>>
>>> Wow, no idea how that slipped out. Thanks for the catch.
>>>
>>>>>> Also I would like to see more detailed message:
>>>>>> + self.log.info('Waiting for hostname %s to be resolvable',
>>>>>> + self.replica_fqdn)
>>>>>>
>>>>>> => 'Waiting for hostname %s to be resolvable to A or AAAA record'
>>>>>
>>>>> <bikeshed>
>>>>>
>>>>> Really? Shouldn't term "resolvable" already have that covered? A good
>>>>> software
>>>>> should work on all network types, whether it is IPv4, IPv6 or IPv8.
>>>>> So I
>>>>> personally do not think we need to be that specific and can stick to
>>>>> original
>>>>> proposal.
>>>>
>>>> I will agree with you if you post magic code which will work with DNS
>>>> records for IPv8 :-) The code is not going to work with IPv8 just
>>>> because we didn't mention 'A/AAAA' in the error message, A and AAAA
>>>> RRtypes are hardcoded in the code.
>>>
>>> +1; we're checking A and AAAA so that's what we should say we're doing.
>>>
>>> Is this wording OK?
>> Little NACK. (However, the wording is fine.)
>>
>> Tcpdump revealed this:
>>
>> IP vm-117.test.34067 > vm-133.test.domain: 38467+ A? vm-092.test. (51)
>> IP vm-133.test.domain > vm-117.test.34067: 38467 NXDomain* 0/1/0 (116)
>> IP vm-117.test.36006 > vm-133.test.domain: 20194+ A?
>> vm-092.test.ipa.example. (63)
>> IP vm-133.test.domain > vm-117.test.36006: 20194 NXDomain* 0/1/0 (143)
>> IP vm-117.test.51333 > vm-133.test.domain: 34027+ AAAA? vm-092.test. (51)
>> IP vm-133.test.domain > vm-117.test.51333: 34027 NXDomain* 0/1/0 (116)
>> IP vm-117.test.60373 > vm-133.test.domain: 45679+ AAAA?
>> vm-092.test.ipa.example. (63)
>>
>> You can see that the query for each A/AAAA type is repeated twice, the
>> second time with 'ipa.example.' suffix.
>>
>> This is caused by search list processing (search directive in
>> /etc/resolv.conf) and is highly undesirable. (Read this [1] e-mail if
>> you want to hear it from Paul Vixie.)
>>
>> The fix is simple: You have to be sure that self.replica_fqdn is
>> actually absolute FQDN - with the trailing period.
>>
>> Naive solution would be to use
>> dns_answer = resolver.query(self.replica_fqdn + '.', 'A', 'IN')
>> but I don't know if self.replica_fqdn variable can contain trailing
>> period or not.
>>
>> Mbasti can show you more advanced code snippets using 'dns.name'.
>>
>> [1]
>> https://lists.dns-oarc.net/pipermail/dns-operations/2014-September/012157.html
>
> Does this version look good?
LGTM except one nitpick I didn't see before:
> + if not options.wait_for_dns or self.check_dns(replica_fqdn):
> + self.log.debug('%s A/AAAA record resolvable', replica_fqdn)
> + return
This will print message
'%s A/AAAA record resolvable', replica_fqdn
even if I use switch --no-wait-for-dns
This is sooo minor detail that it can be deferred, please open a ticket if you
don't plan to send new version of the patch.
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list