You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
During a test deployment of FreeIPA for research purposes, our team discovered weird behavior that looks like a potential bug, but we're not sure.
When it was discovered?
While creating an A record for a client machine before enrollment. The create_reverse variable was set to true.
What it produced?
A PTR record was created in a reverse zone of our domain. It lacks a trailing dot.
What this causes?
When someone tries to resolve an address to a DNS name, they get a malformed response. The IP address is resolved to a domain name combined with the reverse zone name.
Hence, Ansible's ansible_fqdn variable contains such a malformed fqdn.
Which, in its turn, causes the ipaclient role to fail the host enrollment process.
I'm not a developer, just a Jr. DevOps engineer, but I searched a bit around the codebase of the ipadnsrecord module and it seems like there's a missing dot in a string template on this line.
Is this a bug indeed or we did something wrong? Thanks in advance =D
The text was updated successfully, but these errors were encountered:
Hello!
During a test deployment of FreeIPA for research purposes, our team discovered weird behavior that looks like a potential bug, but we're not sure.
When it was discovered?
While creating an A record for a client machine before enrollment. The
create_reverse
variable was set totrue
.What it produced?
A PTR record was created in a reverse zone of our domain. It lacks a trailing dot.
What this causes?
When someone tries to resolve an address to a DNS name, they get a malformed response. The IP address is resolved to a domain name combined with the reverse zone name.
Hence, Ansible's
ansible_fqdn
variable contains such a malformed fqdn.Which, in its turn, causes the
ipaclient
role to fail the host enrollment process.Thoughts
As per some old comment on serverfault, similar behavior happens when a PTR record value misses a trailing dot. https://serverfault.com/questions/1056739/why-is-the-reverse-zone-name-appended-to-the-returned-domain-names-in-reverse-dn#answer-1056752
I'm not a developer, just a Jr. DevOps engineer, but I searched a bit around the codebase of the
ipadnsrecord
module and it seems like there's a missing dot in a string template on this line.Is this a bug indeed or we did something wrong? Thanks in advance =D
The text was updated successfully, but these errors were encountered: