Current code in the host plugin uses following block of code to detect zone/domain part of hostname
parts = keys[-1].split('.') host = parts[0] domain = unicode('.'.join(parts[1:]))
The returned domain may not be the zone where host belongs.
This also prevents us to use dot ('.') in hostname.
An example:
This can be created using:
$ ipa dnszone-add example.com. $ ipa dnsrecord-add example.com. myhost.osproject --a-rec=192.0.2.1
Resulting DNS record:
myhost.osproject.example.com. A 192.0.2.1
However, IPA host plugin will choke on this:
i.e.
keys[-1] = 'myhost.osproject.example.com.' parts = ['myhost', 'osproject', 'example', 'com', ''] domain = u'osproject.example.com.'
Now the obvious problem is that variable domain != what was entered in dnszone-add.
domain
The result: The code using this logic will blow up because DNS zone osproject.example.com. does not exist in LDAP. Correct zone name is example.com.
osproject.example.com.
example.com.
happens also in ipa-replica-manage del while deleting DNS records, could be reproduced in lab where DNS zone is different then hostname suffix
Metadata Update from @mbasti: - Issue assigned to someone - Issue set to the milestone: Future Releases
Login to comment on this ticket.