Issue #9807: ipa-client-install: No creation of reverse records - freeipa

freeipa

#9807 ipa-client-install: No creation of reverse records

Opened 8 months ago by twoerner. Modified 8 months ago

Issue

Installing IPA client using an IPA DNS server set in /etc/resolv.conf results in missing reverse records.

The reverse records are not updated or generated, only the forward records are generated.

Steps to Reproduce

ipa-client-install --unattended --principal=admin --password=SomeADMINpassword --domain=cos10.local

Version/Release/Distribution

ipa-client-encrypted-dns-4.12.2-17.el10.x86_64
ipa-client-4.12.2-17.el10.x86_64

Fix Proposal

diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index 372daa51e..aa835b7fc 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -48,6 +48,7 @@ from ipalib.util import (
     no_matching_interface_for_ip_address_warning,
     validate_hostname,
     verify_host_resolvable,
+    get_reverse_record_default,
 )
 from ipaplatform import services
 from ipaplatform.constants import constants
@@ -1500,6 +1501,18 @@ show
 send
 """

+DELETE_TEMPLATE_REVERSE_PTR = """
+update delete $ZONE PTR
+show
+send
+"""
+
+ADD_TEMPLATE_REVERSE_PTR = """
+update add $ZONE $TTL PTR $HOSTNAME.
+show
+send
+"""
+
 UPDATE_FILE = paths.IPA_DNS_UPDATE_TXT
 CCACHE_FILE = paths.IPA_DNS_CCACHE

@@ -1554,6 +1567,14 @@ def update_dns(server, hostname, options):
             template = ADD_TEMPLATE_AAAA
         update_txt += ipautil.template_str(template, sub_dict)

+    for ip in update_ips:
+        zone = get_reverse_record_default(ip)
+        sub_dict = dict(ZONE=zone, HOSTNAME=hostname, TTL=1200)
+        update_txt += ipautil.template_str(DELETE_TEMPLATE_REVERSE_PTR,
+                                           dict(ZONE=zone))
+        update_txt += ipautil.template_str(ADD_TEMPLATE_REVERSE_PTR,
+                                           sub_dict)
+
     if not do_nsupdate(update_txt, options, server):
         logger.error("Failed to update DNS records.")
     verify_dns_update(hostname, update_ips)
diff --git a/ipalib/util.py b/ipalib/util.py
index 128420181..442edac7f 100644
--- a/ipalib/util.py
+++ b/ipalib/util.py
@@ -732,6 +732,12 @@ def get_reverse_zone_default(ip_address):
     return normalize_zone('.'.join(items))


+def get_reverse_record_default(ip_address):
+    ip = netaddr.IPAddress(str(ip_address))
+
+    return normalize_zone(ip.reverse_dns)
+
+
 def validate_rdn_param(ugettext, value):
     try:
         RDN(value)

This enables the update or generation of the reverse records so that ipa-replica-install could run with internal IPA DNS without the need to either turn off the host DNS check or to add the reverse records manually before deploying the replica or promoting a client.

twoerner commented 8 months ago

The question is if dyndns_update_ptr should be enabled also if --enable-dns-updates is given for ipa-client-install.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

tester

None

changelog

None

design

None

rhbz

None

freeipa

Source Code

#9807 ipa-client-install: No creation of reverse records Opened 8 months ago by twoerner. Modified 8 months ago

Close issue as:

Issue

Steps to Reproduce

Version/Release/Distribution

Fix Proposal

Metadata

#9807 ipa-client-install: No creation of reverse records

Opened 8 months ago by twoerner. Modified 8 months ago