https://bugzilla.redhat.com/show_bug.cgi?id=750947
This is a tracking ticket for https://bugzilla.redhat.com/show_bug.cgi?id=751776.
When bind-dyndb-ldap plugin is updated to rather ignore invalid records instead of ignoring an entire zone we should bump bind-dynd-ldap version in spec file and change 750947 to Doc bug.
The fix was already pushed upstream.
Wait until the bind-dyndb-ldap release in Fedora is done. The bind-dyndb-ldap version in the spec file should be bumped then along with the new schema.
attachment freeipa-mkosek-195-update-schema-for-bind-dyndb-ldap.patch
How to test:
Create a new zone
ipa dnszone-add example.com --name-server=hostname
hostname
Add some invalid record to the zone (use ldapmodify as ipa dnsrecord-add command does not allow invalid values). I used invalid MX record "foo:
ldapmodify
...
dn: idnsname=example.com,cn=dns,SUFFIX idnsZoneActive: TRUE idnsSOAexpire: 1209600 nSRecord: ns.example.com. objectClass: top objectClass: idnsrecord objectClass: idnszone idnsSOAretry: 900 idnsSOAminimum: 3600 idnsSOArefresh: 3600 idnsSOAserial: 2012250101 idnsName: example.com idnsAllowDynUpdate: FALSE idnsSOAmName: ns.example.com. idnsSOArName: hostmaster.example.com. mXRecord: foo <=====
Restart named to make sure the zone is reloaded
named
Make sure it is still resolvable, for example:
dig -t soa example.com
/var/log/messages should contain a message about invalid value:
/var/log/messages
Jan 25 11:00:25 vm-068 named[17269]: Failed to parse RR entry (foo)
Moving to next month iteration.
master: 1816643[[BR]] ipa-2-2: bd09e54
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02
Login to comment on this ticket.