#155 PTR record synchronization for A/AAAA record tuple can fail mysteriously
Closed: Fixed None Opened 9 years ago by pspacek.

Problem

What does not work as expected?

Martin Basti discovered that PTR record synchronization does not work properly for updates with multiple A/AAAA records in one batch.

It can fail mysteriously if at least one A/AAAA record doesn't belong to a reverse zone managed by the plugin (or if at least one reverse zone is not properly configured for [[BIND9/SyncPTR|SyncPTR feature]]).

This bug does not affect cases where everything is properly configured.

Steps to Reproduce

  • Configure a test zone which will contain A/AAAA records
  • Enable dynamic updates for given zone
  • Enable [[BIND9/SyncPTR|SyncPTR feature]] for given zone
  • Do not create reverse zones
  • Send a dynamic update with multiple IP addresses in one batch. These addresses should not belong to any reverse zone configured for SyncPTR feature. E.g.

    $ nsupdate -g
    update add a4.example.com 666 IN AAAA ::1
    update add a4.example.com 666 IN AAAA ::2
    update add a4.example.com 666 IN AAAA ::3
    send

  • Result: Only one record will be added to LDAP and the rest will be ignored.

The problem equally applies to deleting multiple records at once using:

update del a4.example.com IN AAAA

In that case only one record will be deleted.


This bug shuold be fixed in the same timeframe as https://fedorahosted.org/freeipa/ticket/4249.

combined packet capture from DNS & LDAP servers and client; use Wireshark filter "dns.count.update || ldap" and look at DNS update request in packet #1264 and resulting object in LDAP in packet #1277
all.pcap

Metadata Update from @pspacek:
- Issue assigned to pspacek
- Issue set to the milestone: Fedora 22

7 years ago

Login to comment on this ticket.

Metadata