If no DNS records were returned at all then the check for mismatches was missed. Add a special case for this scenario by using a placeholder for the IP address for a given CA server. If no records are returned at all this case will catch it. If any exist at all then the current code will handle it.
This is is easily reproduced using a non-IPA DNS server like Google or Cloudflare where all lookups will fail.
rcritten
commented
1 year ago
If no DNS records were returned at all then the check for mismatches was missed. Add a special case for this scenario by using a placeholder for the IP address for a given CA server. If no records are returned at all this case will catch it. If any exist at all then the current code will handle it.
This is is easily reproduced using a non-IPA DNS server like Google or Cloudflare where all lookups will fail.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/284