#5675 ipa host-del --updatedns should remove related dns entries.
Closed: Fixed None Opened 8 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1301586

Description of problem:

using the command

"ipa host-del <client machine> --updatedns" is not deleting completely the dns
entries.

For instance, this entry remains:

dn: idnsName=ipaclient,idnsname=example.com.,cn=dns,dc=example,dc=com

The entry is modified with "--updatedns":

======================================
time: 20160125074150
dn: idnsName=ipaclient,idnsname=example.com.,cn=dns,dc=example,dc=com
changetype: modify
delete: aAAARecord
-
replace: modifiersname
modifiersname: uid=admin,cn=users,cn=accounts,dc=example,dc=com
-
======================================

and

=======================================
time: 20160125074150
dn: idnsname=example.com.,cn=dns,dc=example,dc=com
changetype: modify
replace: idnsSOAserial
idnsSOAserial: 1453725712
-
replace: modifiersname
modifiersname: krbprincipalname=dns/ipaserver.example.com@example.com,cn=servi
 ces,cn=accounts,dc=example,dc=com
-
=======================================

but it's not clear to me yet why the entry is not completely deleted.

Feel free to close this bug if you think it's irrelevant.

Version-Release number of selected component (if applicable):

ipa-server-4.2.0-15.el7_2.3.x86_64


How reproducible: always


Additional info:

workaround:

ipa dnsrecord-del example.com. ipaclient

which will finish to do:

======================================
time: 20160125075333
dn: idnsname=ipaclient,idnsname=example.com.,cn=dns,dc=example,dc=com
changetype: delete
modifiersname: uid=admin,cn=users,cn=accounts,dc=example,dc=com
=======================================

development summary for host-del/client uninstall changes, as agreed on devel meeting:

  • host-del --updatedns will become ENUM, listing records that should be deleted, including "all" option to delete whole DNS entry. Default will be "a,aaaa,SSHFP". It won't do any other searches (for SRV for example) #5675
  • Allow host to delete it's own host and service entries instead of just disabling the host.
    • It was agreed that this should be the default of "ipa-client-install --uninstall". There should be also an option to not delete it (would be used by junior admin for example, when uninstalling and re-enrolling the client) #5676
    • Make sure that we only remove services with the same name as the client, not all managed by host (think about cluster case)
  • Honza: should host be in it's own managedBy which would be the default and admin could choose to not add it there and thus not allow it to delete itself.
  • simo: maybe keeping backward compatibility is more important, discuss later if --remove option would be better

due backward compatibility --updatedns cannot be migrated to ENUM.
I propose to use new option --updatedns-type

Summary of internal discussion

  1. It is a good idea to have an option to clean DNS record on the host-del
  2. Since there are already expectations about system behavior this option would not be enabled by default.

master:

  • 40e3a0b host_del: fix removal of host records
  • 9a0f92b host_del: replace dns-record find command with show
  • bea066c host_del: remove unneeded dnszone-show command call
  • 1e70d6b host_del: split removing A/AAAA and PTR records to separate functions
  • e8c8134 host_del: remove only A, AAAA, SSHFP, PTR records
  • 54e3859 host_del: update help for --updatedns option

Metadata Update from @pvoborni:
- Issue assigned to mbasti
- Issue set to the milestone: FreeIPA 4.4

7 years ago

Login to comment on this ticket.

Metadata