Hello,
Automatically reload invalid zone after each change in zone data.
https://fedorahosted.org/bind-dyndb-ldap/ticket/102
How to test:
# create a invalid zone, e.g. zone without A records for names in NS records
ipa dnszone-add zone.test --admin-email=blah.nonsense
--name-server=ns.zone.test. --force
# now dig ns.zone.test. should return SERVFAIL because zone doesn't have
proper NS+A/AAAA records
dig ns.zone.test.
# addition of arbitrary record should not crash the server
ipa dnsrecord-add zone.test ns --txt-rec=blah
# after this modification some error message should appear in log and dig
ns.zone.test. should still return SERVFAIL
dig ns.zone.test.
# addition of valid A record should fix the problem
ipa dnsrecord-add zone.test ns --a-rec=127.0.0.1
# now dig -t ANY ns.zone.test. should return NOERROR and zone should work
# TXT and also A record should be visible
dig -t ANY ns.zone.test.
--
Petr^2 Spacek
From de083cd61471384ccdcc0f02303390d92928a506 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Tue, 12 Feb 2013 12:42:29 +0100
Subject: [PATCH] Automatically reload invalid zone after each change in zone
data.
https://fedorahosted.org/bind-dyndb-ldap/ticket/102
Signed-off-by: Petr Spacek <pspa...@redhat.com>
---
NEWS | 3 +++
src/ldap_helper.c | 38 ++++++++++++++++++++++++++++++++++++--
2 files changed, 39 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 9f50db12de760ccaa7f4adb5cc03534ae72c47be..6dd09c118c86c4f5daf44bfbc5978600092b3d7f 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,6 @@
+[1] Automatically reload invalid zone after each change in zone data.
+ https://fedorahosted.org/bind-dyndb-ldap/ticket/102
+
2.5
=====
[1] Fix crash during per-zone cache flush.
diff --git a/src/ldap_helper.c b/src/ldap_helper.c
index 71b96ce5eef2a249f7d16c448c70e2c2068d271d..491817813229f988161f3cedc6c83055040ad3ae 100644
--- a/src/ldap_helper.c
+++ b/src/ldap_helper.c
@@ -3411,8 +3411,11 @@ update_record(isc_task_t *task, isc_event_t *event)
ldap_psearchevent_t *pevent = (ldap_psearchevent_t *)event;
isc_result_t result;
ldap_instance_t *inst = NULL;
- ldap_cache_t *cache = NULL;
+ ldap_cache_t *cache;
isc_mem_t *mctx;
+ dns_zone_t *zone_ptr = NULL;
+ isc_boolean_t zone_found = ISC_FALSE;
+ isc_boolean_t zone_reloaded = ISC_FALSE;
mctx = pevent->mctx;
UNUSED(task);
@@ -3431,13 +3434,16 @@ update_record(isc_task_t *task, isc_event_t *event)
dns_name_init(&prevname, NULL);
dns_name_init(&prevorigin, NULL);
CHECK(dn_to_dnsname(mctx, pevent->dn, &name, &origin));
+ zone_found = ISC_TRUE;
+update_restart:
if (PSEARCH_DEL(pevent->chgtype) || PSEARCH_MODDN(pevent->chgtype)) {
log_debug(5, "psearch_update: removing name from cache, dn: '%s'",
pevent->dn);
}
/* Get cache instance & clean old record */
+ cache = NULL;
CHECK(zr_get_zone_cache(inst->zone_register, &name, &cache));
CHECK(discard_from_cache(cache, &name));
@@ -3486,11 +3492,39 @@ update_record(isc_task_t *task, isc_event_t *event)
if (inst->serial_autoincrement && PSEARCH_ANY(pevent->chgtype)) {
CHECK(soa_serial_increment(mctx, inst, &origin));
}
+
cleanup:
- if (result != ISC_R_SUCCESS)
+ if (result != ISC_R_SUCCESS && zone_found && !zone_reloaded &&
+ (result == DNS_R_NOTLOADED || result == DNS_R_BADZONE)) {
+ log_debug(1, "reloading invalid zone after a change; "
+ "reload triggered by change in '%s'",
+ pevent->dn);
+
+ result = zr_get_zone_ptr(inst->zone_register, &origin, &zone_ptr);
+ if (result == ISC_R_SUCCESS)
+ result = dns_zone_load(zone_ptr);
+ if (zone_ptr != NULL)
+ dns_zone_detach(&zone_ptr);
+
+ if (result == ISC_R_SUCCESS || result == DNS_R_UPTODATE ||
+ result == DNS_R_DYNAMIC || result == DNS_R_CONTINUE) {
+ /* zone reload succeeded, fire current event again */
+ log_debug(1, "restarting update_record after zone reload "
+ "caused by change in '%s'", pevent->dn);
+ zone_reloaded = ISC_TRUE;
+ goto update_restart;
+ } else {
+ log_error_r("unable to reload invalid zone; "
+ "reload triggered by change in '%s'",
+ pevent->dn);
+ }
+
+ } else if (result != ISC_R_SUCCESS) {
+ /* error other than invalid zone */
log_error_r("update_record (psearch) failed, dn '%s' change type 0x%x. "
"Records can be outdated, run `rndc reload`",
pevent->dn, pevent->chgtype);
+ }
if (dns_name_dynamic(&name))
dns_name_free(&name, inst->mctx);
--
1.7.11.7
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
