community.general icon indicating copy to clipboard operation
community.general copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

ipa_dnsrecord PTR and record_value without dot

Open haresotto opened this issue 3 years ago • 7 comments

Summary

The documentation reads, in the examples, that one should/could use an fqdn as a record_value parameter when creating a PTR record. But this won't work without an ending dot in the record_value.

record_value: 'internal.ipa.example.com -> Ko record_value: 'internal.ipa.example.com. -> OK

I think the code just needs to add a dot in the end if it does not already exist.

Issue Type

Bug Report

Component Name

ipa_dnsrecord

Ansible Version

$ ansible --version
ansible [core 2.12.1]
  config file = None
  configured module search path = ['/home/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/lib/python-exec/python3.9/ansible
  python version = 3.9.9 (main, Nov 18 2021, 19:42:27) [GCC 11.2.0]
  jinja version = 3.0.3
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general

# /usr/lib/python3.9/site-packages/ansible_collections
Collection        Version
----------------- -------
community.general 4.0.2  

# /home/snail/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 4.1.0

Configuration

$ ansible-config dump --only-changed
...

OS / Environment

Gentoo

Steps to Reproduce

- name: Ensure a PTR record is present
  community.general.ipa_dnsrecord:
    ipa_host: spider.example.com
    ipa_pass: Passw0rd!
    state: present
    zone_name: 2.168.192.in-addr.arpa
    record_name: 5
    record_type: 'PTR'
    record_value: 'internal.ipa.example.com'

Expected Results

I expected a reverse dns request to show the fqdn eg:

dig -x 192.168.2.5 + short
internal.ipa.example.com.

Actual Results

dig -x 192.168.2.5 + short
internal.ipa.example.com.2.168.192.in-addr.arpa.

It will work fine with record_value: 'internal.ipa.example.com.' Note the ending dot.

Code of Conduct

  • [X] I agree to follow the Ansible Code of Conduct

haresotto avatar Dec 26 '21 18:12 haresotto

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot avatar Dec 26 '21 18:12 ansibullbot

cc @Akasurde @Nosmoht @fxfitz @justchris1 click here for bot help

ansibullbot avatar Dec 26 '21 18:12 ansibullbot

Not to dismiss or invalidate your concern, but I have come across this before. Here is a helpful Server Fault link: https://serverfault.com/questions/803033/should-i-append-a-dot-at-the-end-of-my-dns-urls .

In short, RFC 1034, section 3.1 explains:

When a user needs to type a domain name, the length of each label is omitted and the labels are separated by dots ("."). Since a complete domain name ends with the root label, this leads to a printed form which ends in a dot.

Try it yourself: going to https://www.github.com. will actually resolve (as it is supposed to).

All of the above out of the way, the usage of such is almost non-existent by users these days, or at least it seems to me. Part of me thinks it is pretty easy to make sure it is terminated by a '.' character or add one in the module parsing. However, I am always worried about backwards compatibility. There are those who might say not ending it with a '.' character is invalid, but I am a little less concerned about that case. I am open the thoughts of others on the topic.

justchris1 avatar Dec 26 '21 21:12 justchris1

Also check out https://en.wikipedia.org/wiki/FQDN, and the examples in https://datatracker.ietf.org/doc/html/rfc1035#section-3.5 (that RFC defines PTR records).

felixfontein avatar Dec 26 '21 21:12 felixfontein

I totally agree and know that it should end with a dot. This is not what bothers me. In my case, it was not that hard to add a dot but it did not feel clean ( to me ) . I have been working like crazy those past days I might be missing a better and easier way but the solution I came up with looked like :

vars: 
  first_guess_fqdn: "{{ guessed_hostname }}.{{ domain_name }}"
  guessed_fqdn: "{{ first_guess_fqdn if first_guess_fqdn[-1] == '.' else ( first_guess_fqdn ~ '.' ) }}"

I think adding a dot would be better handled directly in the code of ipa_dnsrecord because:

  • I believe people should not have to worry about this
  • People make mistakes. Even the developers do such errors. As a proof, my example comes directly from the official documentation ( look at "Ensure a PTR record is present" in dnsrecord_module.html#examples )

Another solution, which I think would be less effective ( but this remains my own opinion and I would respect the developers opinion) would be to correct the example in the documentation.

I am open to discussion :-). I hope I was clear, English is not my mother tongue.

haresotto avatar Dec 26 '21 22:12 haresotto

Ok, so we have two things:

  1. A docs error report (that one should be fixed);
  2. A feature request (automatically add the period).

I don't mind if 2. gets implemented, I just want to point out that it isn't a bug, but a feature request :)

felixfontein avatar Dec 27 '21 08:12 felixfontein

I have found that this issue is still valid, the module is not removing records unless the record_value field is the FQDN + a trailing dot.

PB1899 avatar Jul 21 '22 09:07 PB1899

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot avatar Nov 10 '22 10:11 ansibullbot