On 22.9.2014 14:09, Petr Viktorin wrote:
On 09/22/2014 01:48 PM, Petr Spacek wrote:
On 22.9.2014 10:38, Martin Kosek wrote:
On 09/22/2014 10:31 AM, Petr Spacek wrote:
On 22.9.2014 10:14, Martin Kosek wrote:
On 09/19/2014 07:29 PM, Petr Viktorin wrote:
https://fedorahosted.org/freeipa/ticket/4551
See ticket & commit message for details.
Shouldn't we add a 1 sec sleep between tries? Wouldn't current
version just
hammer DNS server with as many DNS queries as it can send?
Oh yes, please add some time.sleep() call :-)
Wow, no idea how that slipped out. Thanks for the catch.
Also I would like to see more detailed message:
+ self.log.info('Waiting for hostname %s to be resolvable',
+ self.replica_fqdn)
=> 'Waiting for hostname %s to be resolvable to A or AAAA record'
<bikeshed>
Really? Shouldn't term "resolvable" already have that covered? A good
software
should work on all network types, whether it is IPv4, IPv6 or IPv8. So I
personally do not think we need to be that specific and can stick to
original
proposal.
I will agree with you if you post magic code which will work with DNS
records for IPv8 :-) The code is not going to work with IPv8 just
because we didn't mention 'A/AAAA' in the error message, A and AAAA
RRtypes are hardcoded in the code.
+1; we're checking A and AAAA so that's what we should say we're doing.
Is this wording OK?
Little NACK. (However, the wording is fine.)
Tcpdump revealed this:
IP vm-117.test.34067 > vm-133.test.domain: 38467+ A? vm-092.test. (51)
IP vm-133.test.domain > vm-117.test.34067: 38467 NXDomain* 0/1/0 (116)
IP vm-117.test.36006 > vm-133.test.domain: 20194+ A? vm-092.test.ipa.example.
(63)
IP vm-133.test.domain > vm-117.test.36006: 20194 NXDomain* 0/1/0 (143)
IP vm-117.test.51333 > vm-133.test.domain: 34027+ AAAA? vm-092.test. (51)
IP vm-133.test.domain > vm-117.test.51333: 34027 NXDomain* 0/1/0 (116)
IP vm-117.test.60373 > vm-133.test.domain: 45679+ AAAA?
vm-092.test.ipa.example. (63)
You can see that the query for each A/AAAA type is repeated twice, the second
time with 'ipa.example.' suffix.
This is caused by search list processing (search directive in
/etc/resolv.conf) and is highly undesirable. (Read this [1] e-mail if you want
to hear it from Paul Vixie.)
The fix is simple: You have to be sure that self.replica_fqdn is actually
absolute FQDN - with the trailing period.
Naive solution would be to use
dns_answer = resolver.query(self.replica_fqdn + '.', 'A', 'IN')
but I don't know if self.replica_fqdn variable can contain trailing period or
not.
Mbasti can show you more advanced code snippets using 'dns.name'.
[1]
https://lists.dns-oarc.net/pipermail/dns-operations/2014-September/012157.html
--
Petr^2 Spacek
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
