#4674 ipa-server-install fails when hostname resolves to IPv6 address which does not resolve back
Opened 7 years ago by adelton. Modified 4 years ago

One of my installs that was run like

/usr/sbin/ipa-server-install --hostname=my-original-name.example.com -r EXAMPLE.TEST -n example.test --ip-address= -U

failed with

Unable to resolve the reverse ip address, check /etc/hosts or DNS name resolution

Both my {{{/etc/hosts}}} and DNS setup looked sane.

Only reruning with {{{--debug}}} (and tcpdumping) gave some hints:

ipa         : DEBUG    Check if my-original-name.example.com is a primary hostname for localhost
ipa         : DEBUG    socket.gethostbyaddr() error: 1: Unknown host
ipa         : DEBUG    Search DNS for my-original-name.example.com
ipa         : DEBUG    Check if my-original-name.example.com is not a CNAME
ipa         : DEBUG    Check reverse address of fec0:0:a10:6000:10:16ff:fe98:187
ipa         : DEBUG    Check failed: [Errno 1] Unknown host

The problem seems to be caused by the fact that the hostname has both A and AAAA records, of which I want that A record to be used (hence the {{{--ip-address}}} option), and the {{{verify_fqdn}}} fails when checking that AAAA record, without getting to check the address at all.

The {{{verify_fqdn}}} really should check the IP address that the user wants to use first (or only).

While investigating, I came across the line

            ex_name = socket.gethostbyaddr(host_name)

which is also strange -- while it will resolve the hostname to IP address, it will do that behind the scenes and if it picks up the IPv6 address, the error message will be Unknown host, which is very confusing because {{{dig}}} and {{{dig -x}}} will say otherwise and the error message does not help in any way pointing the user at the fact that it was AAAA record which was picked up for the lookup.

This can be a stretch goal in 4.2. Patch would be very welcome!

Processing leftovers from 4.2 backlog - this ticket was found as suitable for consideration in next big feature release - 4.4.

Metadata Update from @adelton:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.5 backlog

5 years ago

Metadata Update from @mbasti:
- Issue assigned to stlaz (was: mbasti)
- Issue close_status updated to: None

4 years ago

Login to comment on this ticket.