Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1060349 - IPA: Unable to add host when ipv6 address already exits
Summary: IPA: Unable to add host when ipv6 address already exits
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Martin Kosek
QA Contact: Namita Soman
URL:
Whiteboard:
Depends On:
Blocks: 1168850
TreeView+ depends on / blocked
 
Reported: 2014-01-31 21:44 UTC by Jenny Galipeau
Modified: 2015-03-05 10:10 UTC (History)
6 users (show)

Fixed In Version: ipa-4.0.3-1.el7
Doc Type: Known Issue
Doc Text:
The "ipa host-add" command does not verify the existence of AAAA records. As a consequence, "ipa host-add" fails if no A record is available for the host even if an AAAA record exists. To work around this problem, run "ipa host-add" with the "--force" option.
Clone Of:
Environment:
Last Closed: 2015-03-05 10:10:24 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:0442 normal SHIPPED_LIVE Moderate: ipa security, bug fix, and enhancement update 2015-03-05 14:50:39 UTC

Description Jenny Galipeau 2014-01-31 21:44:53 UTC
Description of problem:
If you add ipv6 address for a host and then try to add the host, it fails with an error message that the ipv4 address does not exist.
ipa: ERROR: Host does not have corresponding DNS A record


Automated Testing Results

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-089: Delete host without deleting DNS Record
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 15:40:40 ] ::  IPv6 address is 2620:52:0:1060:10:16ff:fe98:245
:: [ 15:40:40 ] ::  Reverse zone: 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
------------------------------------------
Deleted host "mytestipv6host.testrelm.com"
------------------------------------------
:: [ 15:40:42 ] ::  Host mytestIPv6host.testrelm.com deleted successfully.
:: [   PASS   ] :: Deleting host without deleting DNS entries (Expected 0, got 0)
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.GBFCZoR4wL/forward_dns_3.out' should contain 'AAAA record: 2620:52:0:1060:ffff:16ff:fe98:245' 
:: [ 15:40:44 ] ::  Final digit.
  Record name: 5.4.2.0.8.9.e.f.f.f.6.1.f.f.f.f
  PTR record: mytestipv6host.testrelm.com.
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-090: Add host without force option - DNS Record Exists
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 15:40:46 ] ::  IPv6 address is 2620:52:0:1060:10:16ff:fe98:245
:: [ 15:40:46 ] ::  Reverse zone: 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
:: [ 15:40:46 ] ::  EXECUTING: ipa host-add --ip-address=2620:52:0:1060:ffff:16ff:fe98:245 mytestIPv6host.testrelm.com
ipa: ERROR: Host does not have corresponding DNS A record
:: [   FAIL   ] :: Add host DNS entries exist (Expected 0, got 1)
---------------
0 hosts matched
---------------
----------------------------
Number of entries returned 0
----------------------------
:: [ 15:40:49 ] ::  WARNING: Failed to find host.
:: [   FAIL   ] :: Verifying host was added when DNS records exist. (Expected 0, got 1)
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.GBFCZoR4wL/forward_dns_4.out' should contain 'AAAA record: 2620:52:0:1060:ffff:16ff:fe98:245' 
:: [ 15:40:51 ] ::  Final digit.
  Record name: 5.4.2.0.8.9.e.f.f.f.6.1.f.f.f.f
  PTR record: mytestipv6host.testrelm.com.
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)
ipa: ERROR: mytestipv6host.testrelm.com: host not found
:: [ 15:40:54 ] ::  WARNING: Deleting host mytestIPv6host.testrelm.com failed.
:: [   FAIL   ] :: Deleting host without deleting DNS entries (Expected 0, got 2)
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.GBFCZoR4wL/forward_dns_41.out' should contain 'AAAA record: 2620:52:0:1060:ffff:16ff:fe98:245' 
:: [   PASS   ] :: Checking nslookup output (Expected 0, got 0)
:: [ 15:41:06 ] ::  nslookup_msg=name = mytestipv6host.testrelm.com
Server:		10.16.98.245
Address:	10.16.98.245#53

5.4.2.0.8.9.e.f.f.f.6.1.f.f.f.f.0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa	name = mytestipv6host.testrelm.com.

:: [   PASS   ] :: Running 'cat  /tmp/tmp.GBFCZoR4wL/nslookup_2_output.out' (Expected 0, got 0)
5.4.2.0.8.9.e.f.f.f.6.1.f.f.f.f.0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa	name = mytestipv6host.testrelm.com.
:: [   PASS   ] :: nslookup shows IPAddress exist 


Version-Release number of selected component (if applicable):
ipa-server-3.3.3-13.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. add ipv6 reverse zone
# ipa dnszone-add 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa. --admin-email=admin@example.com --name-server `hostname`.
  Zone name: 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
  Authoritative nameserver: ipaqa64vmj.testrelm.com.
  Administrator e-mail address: admin.example.com.
  SOA serial: 1391202431
  SOA refresh: 3600
  SOA retry: 900
  SOA expire: 1209600
  SOA minimum: 3600
  BIND update policy: grant TESTRELM.COM krb5-subdomain 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa. PTR;
  Active zone: TRUE
  Dynamic update: FALSE
  Allow query: any;
  Allow transfer: none;

2. make sure the record exists

# ipa dnsrecord-find --name=mytestipv6host
Zone name: testrelm.com    
  Record name: mytestipv6host
  AAAA record: 2620:52:0:1060:ffff:16ff:fe98:245
----------------------------
Number of entries returned 1

# ipa dnsrecord-find
Zone name: 0.6.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
  Record name: 5.4.2.0.8.9.e.f.f.f.6.1.f.f.f.f
  PTR record: mytestipv6host.testrelm.com.

  Record name: @
  NS record: ipaqa64vmj.testrelm.com.
----------------------------
Number of entries returned 2
----------------------------

Make sure the host does not exist

# ipa host-find mytestipv6host.testrelm.com
---------------
0 hosts matched
---------------
----------------------------
Number of entries returned 0

3. Try to add the host

]# ipa host-add mytestipv6host.testrelm.com
ipa: ERROR: Host does not have corresponding DNS A record

]# ipa host-add --ip-address=2620:52:0:1060:ffff:16ff:fe98:245 mytestIPv6host.testrelm.com
ipa: ERROR: IP address 2620:52:0:1060:ffff:16ff:fe98:245 is already assigned in domain testrelm.com.

Only one host exists ..

# ipa host-find
--------------
1 host matched
--------------
  Host name: ipaqa64vmj.testrelm.com
  Principal name: host/ipaqa64vmj.testrelm.com@TESTRELM.COM
  Password: False
  Keytab: True
  Managed by: ipaqa64vmj.testrelm.com
  SSH public key fingerprint: 5F:66:46:2F:6A:86:D1:D4:94:9F:54:66:9D:3B:24:CF (ecdsa-sha2-nistp256), 22:8B:BF:E8:56:62:E3:E3:93:B7:36:3F:67:3D:0B:C9 (ssh-rsa)
----------------------------
Number of entries returned 1


Actual results:
Can not add host

Expected results:
Host add command recognizes that the dns record exist - should behave the same as when adding with ipv4 address already exist

Additional info:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-47 Delete host without deleting DNS Record
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Host myhost.testrelm.com deleted successfully.
:: [   PASS   ] :: Deleting host without deleting DNS entries (Expected 0, got 0)
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)
:: [   LOG    ] :: Duration: 2s
:: [   LOG    ] :: Assertions: 3 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-host-cli-47 Delete host without deleting DNS Record

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-48 Add host without force option - DNS Record Exists
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: EXECUTING: ipa host-add myhost.testrelm.com
:: [   PASS   ] :: Add host DNS entries exist (Expected 0, got 0)
:: [   LOG    ] :: Host name is as expected.
:: [   LOG    ] :: Principal name is as expected.
:: [   PASS   ] :: Verifying host was added when DNS records exist. (Expected 0, got 0)
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)
:: [   LOG    ] :: Duration: 5s
:: [   LOG    ] :: Assertions: 4 good, 0 bad
:: [   PASS   ] :: RESULT: ipa-host-cli-48 Add host without force option - DNS Record Exists

Comment 1 Rob Crittenden 2014-01-31 22:22:59 UTC
Well, I guess from one perspective the error is very clear: there is no A record, just an AAAA record. So I guess the question is, should we extend this test to look for both A and AAAA recoreds? Is that what you're proposing?

Comment 2 Dmitri Pal 2014-02-01 19:22:34 UTC
(In reply to Rob Crittenden from comment #1)
> Well, I guess from one perspective the error is very clear: there is no A
> record, just an AAAA record. So I guess the question is, should we extend
> this test to look for both A and AAAA records? Is that what you're
> proposing?

If I read it right the command fails if the AAAA for the same host is created manually in advance. IMO the logic would be 
a) To check both A and AAAA records when the host is added without specific address. In this case the first attempt to add the host would see that there is already an entry and if the entry with the same name it should proceed. If the entry is with a different name it should fail as now.

Comment 3 Martin Kosek 2014-02-06 09:26:01 UTC
I think we just want to change the check in host-add command to check both A and AAAA records, as Rob said (by doing DNS resolve query, not searching for records in IPA DNS).

Currently, host-add does not respect IPv6-only networks and fails with the described error as it only checks IPv4 address. When host has already IPv6 address defined, admin would always need to add hosts with --force flag to workaround it.

I will file an upstream ticket.

Comment 4 Martin Kosek 2014-02-06 09:26:21 UTC
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/4164

Comment 8 Namita Soman 2015-01-26 05:37:38 UTC
Verified automated test passed using ipa-server-4.1.0-15.el7.x86_64


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-089: Delete host without deleting DNS Record
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 00:31:47 ] :: IPv6 address is 2620:52:0:1007:221:5eff:fe86:834
:: [ 00:31:47 ] :: Reverse zone: 7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
:: [  BEGIN   ] :: Deleting host without deleting DNS entries :: actually running 'deleteHost mytestIPv6host.testrelm.test'
-------------------------------------------
Deleted host "mytestipv6host.testrelm.test"
-------------------------------------------
:: [ 00:31:49 ] :: Host mytestIPv6host.testrelm.test deleted successfully.
:: [   PASS   ] :: Deleting host without deleting DNS entries (Expected 0, got 0)
:: [  BEGIN   ] :: Checking for forward DNS entry :: actually running 'ipa dnsrecord-find testrelm.test mytestIPv6host > /tmp/tmp.lX7g8QbUBW/forward_dns_3.out'
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.lX7g8QbUBW/forward_dns_3.out' should contain 'AAAA record: 2620:52:0:1007:ffff:5eff:fe86:834' 
:: [ 00:31:50 ] :: Final digit.
:: [  BEGIN   ] :: Checking for reverse DNS entry :: actually running 'ipa dnsrecord-find 7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa. 4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f'
  Record name: 4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f
  PTR record: mytestipv6host.testrelm.test.
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-host-cli-090: Add host without force option - DNS Record Exists bz1060349
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [ 00:31:52 ] :: IPv6 address is 2620:52:0:1007:221:5eff:fe86:834
:: [ 00:31:53 ] :: Reverse zone: 7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa.
:: [ 00:31:53 ] :: EXECUTING: ipa host-add --ip-address=2620:52:0:1007:ffff:5eff:fe86:834 mytestIPv6host.testrelm.test
:: [  BEGIN   ] :: Add host DNS entries exist :: actually running 'ipa host-add mytestIPv6host.testrelm.test'
-----------------------------------------
Added host "mytestipv6host.testrelm.test"
-----------------------------------------
  Host name: mytestipv6host.testrelm.test
  Principal name: host/mytestipv6host.testrelm.test@TESTRELM.TEST
  Password: False
  Keytab: False
  Managed by: mytestipv6host.testrelm.test
:: [   PASS   ] :: Add host DNS entries exist (Expected 0, got 0)
:: [  BEGIN   ] :: Verifying host was added when DNS records exist. :: actually running 'findHost mytestIPv6host.testrelm.test'
--------------
1 host matched
--------------
  Host name: mytestipv6host.testrelm.test
  Principal name: host/mytestipv6host.testrelm.test@TESTRELM.TEST
  Password: False
  Keytab: False
  Managed by: mytestipv6host.testrelm.test
----------------------------
Number of entries returned 1
----------------------------
-------------- 1 host matched -------------- Host name: mytestipv6host.testrelm.test Principal name: host/mytestipv6host.testrelm.test@TESTRELM.TEST Password: False Keytab: False Managed by: mytestipv6host.testrelm.test ---------------------------- Number of entries returned 1 ----------------------------
:: [ 00:31:57 ] :: Host name is as expected.
-------------- 1 host matched -------------- Host name: mytestipv6host.testrelm.test Principal name: host/mytestipv6host.testrelm.test@TESTRELM.TEST Password: False Keytab: False Managed by: mytestipv6host.testrelm.test ---------------------------- Number of entries returned 1 ----------------------------
:: [ 00:31:57 ] :: Principal name is as expected.
:: [   PASS   ] :: Verifying host was added when DNS records exist. (Expected 0, got 0)
:: [  BEGIN   ] :: Checking for forward DNS entry :: actually running 'ipa dnsrecord-find testrelm.test mytestIPv6host > /tmp/tmp.lX7g8QbUBW/forward_dns_4.out'
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.lX7g8QbUBW/forward_dns_4.out' should contain 'AAAA record: 2620:52:0:1007:ffff:5eff:fe86:834' 
:: [ 00:31:59 ] :: Final digit.
:: [  BEGIN   ] :: Checking for reverse DNS entry :: actually running 'ipa dnsrecord-find 7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa. 4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f'
  Record name: 4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f
  PTR record: mytestipv6host.testrelm.test.
----------------------------
Number of entries returned 1
----------------------------
:: [   PASS   ] :: Checking for reverse DNS entry (Expected 0, got 0)
:: [  BEGIN   ] :: Deleting host without deleting DNS entries :: actually running 'deleteHost mytestIPv6host.testrelm.test'
-------------------------------------------
Deleted host "mytestipv6host.testrelm.test"
-------------------------------------------
:: [ 00:32:01 ] :: Host mytestIPv6host.testrelm.test deleted successfully.
:: [   PASS   ] :: Deleting host without deleting DNS entries (Expected 0, got 0)
:: [  BEGIN   ] :: Checking for forward DNS entry :: actually running 'ipa dnsrecord-find testrelm.test mytestIPv6host > /tmp/tmp.lX7g8QbUBW/forward_dns_41.out'
:: [   PASS   ] :: Checking for forward DNS entry (Expected 0, got 0)
:: [   PASS   ] :: File '/tmp/tmp.lX7g8QbUBW/forward_dns_41.out' should contain 'AAAA record: 2620:52:0:1007:ffff:5eff:fe86:834' 
:: [  BEGIN   ] :: Checking nslookup output :: actually running 'nslookup 2620:52:0:1007:ffff:5eff:fe86:834  > /tmp/tmp.lX7g8QbUBW/nslookup_2_output.out'
:: [   PASS   ] :: Checking nslookup output (Expected 0, got 0)
:: [ 00:32:13 ] :: nslookup_msg=name = mytestipv6host.testrelm.test
:: [  BEGIN   ] :: Running 'cat  /tmp/tmp.lX7g8QbUBW/nslookup_2_output.out'
Server:		127.0.0.1
Address:	127.0.0.1#53

4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f.7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa	name = mytestipv6host.testrelm.test.

:: [   PASS   ] :: Command 'cat  /tmp/tmp.lX7g8QbUBW/nslookup_2_output.out' (Expected 0, got 0)
4.3.8.0.6.8.e.f.f.f.e.5.f.f.f.f.7.0.0.1.0.0.0.0.2.5.0.0.0.2.6.2.ip6.arpa	name = mytestipv6host.testrelm.test.
:: [   PASS   ] :: nslookup shows IPAddress exist

Comment 10 errata-xmlrpc 2015-03-05 10:10:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2015-0442.html


Note You need to log in before you can comment on or make changes to this bug.