Installing IPA client using an IPA DNS server with DoT set in /etc/resolv.conf results nsupdate issues:
2025-06-12T14:32:27Z DEBUG nsupdate (GSS-TSIG) failed: CalledProcessError(Command ['/usr/bin/nsupdate', '-p', '853', '-S', '-H', 'ipaserver.cos10.local', '-g', '/etc/ipa/.dns_update.txt'] returned non-zero exit status 1: "port '853update' is not numeric\nsyntax error\n")
ipa-client-install --unattended --principal=admin --password=SomeADMINpassword --domain=cos10.local --dns-over-tls
ipa-client-encrypted-dns-4.12.2-17.el10.x86_64 ipa-client-4.12.2-17.el10.x86_64
New commands to define the server with the port 853 have been added for dns_over_tls. These commands do not have a leading newline. This results in a syntax error as the next line is added to the command.
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index 372daa51e..aa835b7fc 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -1540,7 +1553,7 @@ def update_dns(server, hostname, options): update_txt = "debug\n" if options.dns_over_tls: - update_txt += "server %s 853" % server + update_txt += "server %s 853\n" % server update_txt += ipautil.template_str(DELETE_TEMPLATE_A, dict(HOSTNAME=hostname)) update_txt += ipautil.template_str(DELETE_TEMPLATE_AAAA, @@ -1788,7 +1810,7 @@ def update_ssh_keys(hostname, ssh_dir, options, server): update_txt = 'debug\n' if options.dns_over_tls: - update_txt += "server %s 853" % server + update_txt += "server %s 853\n" % server update_txt += 'update delete %s. IN SSHFP\nshow\nsend\n' % hostname for pubkey in pubkeys: sshfp = pubkey.fingerprint_dns_sha1()
master:
ipa-4-12:
Metadata Update from @sumenon: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://issues.redhat.com/browse/RHEL-95374, https://issues.redhat.com/browse/RHEL-100450
Log in to comment on this ticket.