The invalid option --reverse-zone=in-addr.arpa is not rejected before a replica is prepared, leading to a traceback later.
--reverse-zone=in-addr.arpa
ipa-replica-prepare machine.example.com -p 12345678 --ip-address 1.2.3.4 --reverse-zone=in-addr.arpa. Preparing replica for machine.example.com from vm-095.idm.lab.bos.redhat.com Creating SSL certificate for the Directory Server Creating SSL certificate for the dogtag Directory Server Creating SSL certificate for the Web Server Exporting RA certificate Copying additional files Finalizing configuration Packaging replica information into /var/lib/ipa/replica-info-machine.example.com.gpg Adding DNS records for machine.example.com Using reverse zone in-addr.arpa. preparation of replica failed: invalid 'ptrrecord': Reverse zone for PTR record should be a sub-zone of one the following fully qualified domains: .ip6.arpa., .in-addr.arpa. invalid 'ptrrecord': Reverse zone for PTR record should be a sub-zone of one the following fully qualified domains: .ip6.arpa., .in-addr.arpa. File "/sbin/ipa-replica-prepare", line 476, in <module> main() File "/sbin/ipa-replica-prepare", line 470, in main add_ptr_rr(reverse_zone, ip_address, replica_fqdn) File "/usr/lib/python2.7/site-packages/ipaserver/install/bindinstance.py", line 363, in add_ptr_rr add_rr(zone, name, "PTR", fqdn+".", dns_backup) File "/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 2055, in run_precallback_validators rtype_cb(ldap, dn, entry_attrs, *keys, **options) File "/usr/lib/python2.7/site-packages/ipalib/plugins/dns.py", line 2039, in _ptrrecord_pre_callback error=unicode(_('Reverse zone for PTR record should be a sub-zone of one the following fully qualified domains: %s') % allowed_zones))
According to [http://tools.ietf.org/html/rfc2317|RFC2317] there are valid use cases for reverse zones outside usual sub-trees. This check should not produce a hard error but only a warning like this:
Warning: Non-standard names for reverse zones will not work if you will not follow RFC 2317.
Releasing tickets from distant milestones.
Metadata Update from @pviktori: - Issue assigned to someone - Issue set to the milestone: Ticket Backlog
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.