On Thu, 2011-05-26 at 15:11 -0400, Rob Crittenden wrote: > When creating a DNS zone if an IP address was passed in that address was > added to the record of the IPA server. > > This was causing problems when creating new reverse zones for different > subnets with ipa-replica-prepare. If you padded in --ip_address then a > new reverse DNS zone would be created and the new IP would be added to > the IPA master. Installing the replica file would fail with odd errors. > > ticket 1223 > > rob
NACK. This breaks current --ip-address option functionality for dnszone-add added in ticket #838. It is a shortcut to add a new zone with a non-resolvable name server and the A/AAAA record of the new name server at the same time. This is behavior with your patch (ns.example.com is not resolvable): # ipa dnszone-add example.com --name-server=ns.example.com --admin-email=ad...@example.com --ip-address=1.2.3.4 Zone name: example.com Authoritative nameserver: ns.example.com. Administrator e-mail address: admin.example.com. SOA serial: 2011270501 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Dynamic update: FALSE # ipa dnsrecord-show example.com ns ipa: ERROR: ns: DNS resource record not found And without it: # ipa dnszone-add example2.com --name-server=ns.example2.com --admin-email=ad...@example2.com --ip-address=1.2.3.4 Zone name: example2.com Authoritative nameserver: ns.example2.com. Administrator e-mail address: admin.example2.com. SOA serial: 2011270501 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 Active zone: TRUE Dynamic update: FALSE # ipa dnsrecord-show example2.com ns Record name: ns A record: 1.2.3.4 I think all we have to do is to fix ipa-replica-prepare: ... if options.ip_address: print "Adding DNS records for %s" % replica_fqdn api.Backend.ldap2.connect(bind_dn="cn=Directory Manager", bind_pw=dirman_password) domain = replica_fqdn.split(".") name = domain.pop(0) domain = ".".join(domain) zone = add_zone(domain, nsaddr=options.ip_address) add_rr(zone, name, "A", options.ip_address) add_reverse_zone(options.ip_address) <== BUG add_ptr_rr(options.ip_address, replica_fqdn) Currently, we are adding a reverse zone with a name server IP address pointing to the new replica instead of the current master. And this is just wrong. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel