As admin , I want to create a host entry with an IP address on my IPA server configured with no reverse zone and forwarder disabled.
ipa host-add --ip-address fails with an internal error and a Traceback is seen in /var/log/httpd/error_log
ipa host-add --ip-address
--setup-dns --forwarder $FWD_ADDRESS --no-reverse
kinit admin
ipa dnserver-mod $MASTER --forward-policy none
ipa host-add testhost.ipadomain.com --ip-address 172.16.30.22
$ ipa host-add testhost.ipadomain.com --ip-address 172.16.30.22 ipa: ERROR: an internal error has occurred
The error log for httpd show the following:
[...] ipa: DEBUG: raw: host_add('testhost.ipadomain.com', ip_address='172.16.30.22', version='2.229') [...] ipa: DEBUG: host_add('testhost.ipadomain.com', random=False, force=False, no_reverse=False, ip_address='172.16.30.22', all=False, raw=False, version='2.229', no_members=False) [...] ipa: DEBUG: raw: dnszone_show(<DNS name ipadomain.com.>, version='2.229') [...] ipa: DEBUG: dnszone_show(<DNS name ipadomain.com.>, rights=False, all=False, raw=False, version='2.229') [...] ipa: DEBUG: raw: dnsrecord_find(<DNS name ipadomain.com.>, None, arecord='172.16.30.22', version='2.229') [...] ipa: DEBUG: dnsrecord_find(<DNS name ipadomain.com.>, None, arecord=('172.16.30.22',), structured=False, all=False, raw=False, version='2.229', pkey_only=False) [...] ipa: ERROR: non-public: NoNameservers: All nameservers failed to answer the query 22.30.16.172.in-addr.arpa. IN SOA: Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered SERVFAIL [...] Traceback (most recent call last): [...] File "/usr/lib/python3.6/site-packages/ipaserver/rpcserver.py", line 367, in wsgi_execute [...] result = command(*args, **options) [...] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 450, in __call__ [...] return self.__do_call(*args, **options) [...] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 478, in __do_call [...] ret = self.run(*args, **options) [...] File "/usr/lib/python3.6/site-packages/ipalib/frontend.py", line 800, in run [...] return self.execute(*args, **options) [...] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/baseldap.py", line 1187, in execute [...] *keys, **options) [...] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/host.py", line 666, in pre_callback [...] check_reverse=check_reverse) [...] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line 587, in add_records_for_host_validation [...] revzone, revname = get_reverse_zone(ip) [...] File "/usr/lib/python3.6/site-packages/ipaserver/plugins/dns.py", line 542, in get_reverse_zone [...] revzone = DNSName(dns.resolver.zone_for_name(revdns)) [...] File "/usr/lib/python3.6/site-packages/dns/resolver.py", line 1156, in zone_for_name [...] answer = resolver.query(name, dns.rdatatype.SOA, rdclass, tcp) [...] File "/usr/lib/python3.6/site-packages/dns/resolver.py", line 947, in query [...] raise NoNameservers(request=request, errors=errors) [...] dns.resolver.NoNameservers: All nameservers failed to answer the query 22.30.16.172.in-addr.arpa. IN SOA: Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered The DNS operation timed out.; Server 127.0.0.1 UDP port 53 answered SERVFAIL [...] [...] ipa: INFO: [jsonserver_session] admin@IPADOMAIN.COM: host_add/1('testhost.ipadomain.com', ip_address='172.16.30.22', version='2.229'): InternalError
ipa host-add should create the host entry but display a warning stating that the reverse address could not be created because the IPA server does not manage reverse zones, and a warning that no name server for the reverse zone could be found.
ipa host-add
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server freeipa-server-4.6.90.dev201802081017+git8821f7ae8-0.fc26.x86_64 freeipa-client-4.6.90.dev201802081017+git8821f7ae8-0.fc26.x86_64 package ipa-server is not installed package ipa-client is not installed 389-ds-base-1.3.7.8-1.fc26.x86_64 pki-ca-10.5.1-2.fc26.noarch krb5-server-1.15.1-28.fc26.x86_64
When the command is called with --no-reverse it succeeds.
--no-reverse
Metadata Update from @frenaud: - Issue assigned to frenaud
The issue was discovered when writing tests for issue #7374
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1551
Metadata Update from @frenaud: - Issue set to the milestone: FreeIPA 4.6.4
master:
ipa-4-6:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
ipa-4-9:
ipa-4-8:
Login to comment on this ticket.