Bug #13906
open
IPv6: PTR collision detection NOOP
Description
Fix for #13536 / PR3791 introduced a method to check for ptr collisions. It relies on Resolv.getnames2 to detect existing records:
Currently, Resolv.getnames(<reverse resolvable IPv6 address>) always returns an empty array [], while nslookup resolves the name fine. This might be an upstream issue?
This leads to the following issues for smart-proxy:- Method always returns no conflict
- Overwriting PTRs fail in #execute
- Collisions fail in #execute, as another PTR exists
Relevant method ptr_record_conflicts2
# [..]
def resolver
Resolv::DNS.new(:nameserver => @server)
end
# [..]
# conflict methods return values:
# no conflict: -1; conflict: 1, conflict but record / ip matches: 0
def ptr_record_conflicts(fqdn, ip)
names = resolver.getnames(ip_addr.to_s)
return -1 if names.empty?
return 0 if names.any? {|n| n.to_s.casecmp(fqdn) == 0}
1
# [..]
# [..]
def resolver
Resolv::DNS.new(:nameserver => @server)
end
# [..]
# conflict methods return values:
# no conflict: -1; conflict: 1, conflict but record / ip matches: 0
def ptr_record_conflicts(fqdn, ip)
names = resolver.getnames(ip_addr.to_s)
return -1 if names.empty?
return 0 if names.any? {|n| n.to_s.casecmp(fqdn) == 0}
1
# [..]
[1] https://github.com/theforeman/smart-proxy/pull/379
[2] https://github.com/theforeman/smart-proxy/blob/develop/modules/dns_common/dns_common.rb#L54
Updated by Daniel Helgenberger about 8 years ago
FYI: Opened upstream issue, https://bugs.ruby-lang.org/issues/12112
Updated by Anonymous about 8 years ago
Yeah, it's a bug in resolver. 1.9.3 seems to be fine, as is 2.2.3, everything in between is probably broken.
Updated by Daniel Helgenberger about 8 years ago
Right, strangely it breaks and gets fixed in between, see below.
How should we handle this issue?
Working rubies:¶
- ruby 1.9.3p551 (2014-11-13 revision 48407)
- ruby 1.8.7 (2013-06-27 patchlevel 374)
- ruby 2.1.5p273 (2014-11-13 revision 48405)
- ruby 2.2.4p230 (2015-12-16 revision 53155)
Broken rubies:¶
- ruby 2.0.0p643 (2015-02-25 revision 49749)
- ruby 2.2.1p85 (2015-02-26 revision 49769)
Updated by Anonymous about 8 years ago
IPv6 support isn't there yet. API still fails on creation of a duplicate error (as MS dns catches the error), but returns a different error (we could handle that). Hopefully the issue will get fixed in upstream ruby in the meantime.