#128 Records deleted when connection to LDAP is down are not refreshed properly
Closed: Fixed None Opened 8 years ago by pspacek.

Zones and records deleted when connection to LDAP is down are not refreshed properly after re-connection. You have to restart BIND to restore consistency.

This is limitation of initial implementation of [wiki:BIND9/Design/RBTDB RBTDB].


Note: This limitation can cause inconsistencies during FreeIPA upgrade (because of DS restarts). Workaround: Restart named after each ns-slapd restart.

Results of planning meeting held on 2014-11-04.

Steps to test

  • Add a record to a zone
  • Break connection between bind-dyndb-ldap and LDAP server somehow
  • Delete a record
  • Restore connection to LDAP server
  • Use dig to verify that removed/changed record is not visible in DNS

Design

[session]] can be restarted at some point by opening a new connection to the server and by presenting a SyncRepl cookie to the server. LDAP server can provide client with [http://tools.ietf.org/html/rfc4533#section-3.3.2|list of entry UUIDs of deleted entries] without their respective LDAP DNs. In that case the LDAP UUID has to be mapped to to (DNS zone, DNS FQDN) pair and referenced DNS object has to be deleted.

See [[wiki:Design/MetaDB]] for details about the mapping.

Naturally the plugin needs to store last successfully processed ​SyncRepl cookie somewhere otherwise partial refresh after reconnection would not be possible.

Metadata Update from @pspacek:
- Issue assigned to pspacek
- Issue set to the milestone: Fedora 22

5 years ago

Login to comment on this ticket.

Metadata