Bug #16964

Removing ipv6 entries fails with dns_nsupdate due to name lookup

Added by Dominic Cleal 10 months ago. Updated 10 months ago.

Status:Closed
Priority:Normal
Assigned To:Dmitri Dolguikh
Category:DNS
Target version:Foreman - Team Ivan Iteration 5
Difficulty: Bugzilla link:
Found in release:1.13.0 Pull request:https://github.com/theforeman/smart-proxy/pull/465
Story points-
Velocity based estimate-
Release1.13.1Release relationshipAuto

Description

When I try to remove the IPv6 address from a host, the smart proxy fails to update the DNS server.

  1. The dns_nsupdate proxy can't delete the IPv6 PTR record. The do_remove method in dns_nsupdate/dns_nsupdate_main.rb is calling dns_find (dns_common/dns_common.rb) which can handle only IPv4 reverse addresses. It takes the first four segments of the IPv6 address and tries a reverse lookup on them which will most likely fail (but might not). There's already a ptr_to_ip method in dns_common/dns_common.rb, using it to check whether key is a PTR should solve the problem, e.g.
    def dns_find key
      begin
        resolver.getname(ptr_to_ip(key)).to_s
      rescue Proxy::Dns::Error
        resolver.getaddress(key).to_s
      end
    rescue Resolv::ResolvError
      false
    end
    

    I think the dns_find method should also take the record type into account. If there's an existing A, but no AAAA record and you try to delete the AAAA record it will still do it because the lookup finds the A record.
  2. Unlike the do_create method, the do_remove method does not have an ensure block which closes the forked nsupdate process. If the exception is triggered (which happened to me because of 2.) then you end up with a lot of nsupdate zombie processes.

Related issues

Blocked by Packaging - Bug #16981: Bump up the version of ruby in xenial to 2.3.1 Closed 10/18/2016
Copied from Foreman - Bug #16952: Removing ipv6 entries does not pass record type (AAAA) to... Closed 10/14/2016

Associated revisions

Revision 78da2d1e
Added by Dmitri Dolguikh 10 months ago

Fixes #16964 - Proxy::Dns::Record#dns_find works with ipv6 params

History

#1 Updated by Dominic Cleal 10 months ago

  • Copied from Bug #16952: Removing ipv6 entries does not pass record type (AAAA) to smart proxy added

#2 Updated by The Foreman Bot 10 months ago

  • Status changed from New to Ready For Testing
  • Assigned To set to Dmitri Dolguikh
  • Pull request https://github.com/theforeman/smart-proxy/pull/465 added

#3 Updated by Robert Frank 10 months ago

I've applied the changes in the pull request and they didn't work. Removing both, A, and AAAA FQDNs fail with a "Cannot find DNS entry for ...".
The regex fail to match the addresses returned by the resolver:

found = should_match.nil? ? addresses.first : addresses.find {|a| a =~ should_match}

always returns nothing, I suspect it's because a is either an Resolv::IPv4 or Resolv::IPv6 class and not a string.
Changing the line to
found = should_match.nil? ? addresses.first : addresses.find {|a| a.to_s =~ should_match}

seems to solve the problem for both A and AAAA records.

#4 Updated by Dominic Cleal 10 months ago

  • Blocked by Bug #16981: Bump up the version of ruby in xenial to 2.3.1 added

#5 Updated by Anonymous 10 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#6 Updated by Ivan Necas 10 months ago

  • Target version set to Team Ivan Iteration 5

Also available in: Atom PDF