With two IPA servers installed, one with only an IPv4 address and the other with both an IPv4 and IPv6 address.
dig -t A ipa-ca.example.test and dig -t AAAA ipa-ca.example.test will show the expected results.
dig -t A ipa-ca.example.test
dig -t AAAA ipa-ca.example.test
If you run: ipa server-state --state hidden <dual IP host> then the IPv4 address is properly removed the the DNS A record but not the DNS AAAA record.
ipa server-state --state hidden <dual IP host>
I think it's because the current code in dns_update_system_records does not remove entries but rewrites from what the current values are (hidden are excluded). Since in this case there are no IPv6 records nothing can be overwritten, leaving the value basically as an orphan.
It means that a hidden CA may still advertised for ipa-ca if it has the last IP record for a given type.
Metadata Update from @rcritten: - Issue assigned to rcritten
Testing was the most difficult part. In PR-CI i ran into two issues:
The installer resolver was changed to use nss instead of DNS to find the host info. This was not returning IPv6 addresses. I confirmed this locally. So I'm proposing to revert that change.
systemd-resolvd also would not return IPv6 addresses. Maybe it is it being too smart and somehow "knowing" what the local addresses are. I don't care. I nuked it for the test.
PR https://github.com/freeipa/freeipa/pull/6358
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2158775
The test is for hidden replicas but it is the same principal for a deleted server
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2158775 https://bugzilla.redhat.com/show_bug.cgi?id=2166326 (was: https://bugzilla.redhat.com/show_bug.cgi?id=2158775)
master:
ipa-4-10:
Metadata Update from @rcritten: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.