rjeffman
commented
1 year ago I'm having some issues in my test environment , but it seems that the issue also happens with FreeIPA CLI.
In any case I'm setting this as a bug. We may have to fix it on both sides.
As a workaround, ensure that the zone_name parameter ends with a dot ('.'), as in zone_name: example.com., as this fixed the issued for me.
Hello!
During a test deployment of FreeIPA for research purposes, our team discovered weird behavior that looks like a potential bug, but we're not sure.
When it was discovered?
While creating an A record for a client machine before enrollment. The
create_reversevariable was set totrue.What it produced?
A PTR record was created in a reverse zone of our domain. It lacks a trailing dot.
What this causes?
When someone tries to resolve an address to a DNS name, they get a malformed response. The IP address is resolved to a domain name combined with the reverse zone name.
Hence, Ansible's
ansible_fqdnvariable contains such a malformed fqdn.Which, in its turn, causes the
ipaclientrole to fail the host enrollment process.Thoughts
As per some old comment on serverfault, similar behavior happens when a PTR record value misses a trailing dot. https://serverfault.com/questions/1056739/why-is-the-reverse-zone-name-appended-to-the-returned-domain-names-in-reverse-dn#answer-1056752
I'm not a developer, just a Jr. DevOps engineer, but I searched a bit around the codebase of the
ipadnsrecordmodule and it seems like there's a missing dot in a string template on this line.Is this a bug indeed or we did something wrong? Thanks in advance =D