ipadnsrecord: create_reverse PTR record value missing trailing dot

[crt0r]

Hello!

During a test deployment of FreeIPA for research purposes, our team discovered weird behavior that looks like a potential bug, but we're not sure.

When it was discovered?

While creating an A record for a client machine before enrollment. The create_reverse variable was set to true.

What it produced?

A PTR record was created in a reverse zone of our domain. It lacks a trailing dot.

What this causes?

When someone tries to resolve an address to a DNS name, they get a malformed response. The IP address is resolved to a domain name combined with the reverse zone name.

Hence, Ansible's ansible_fqdn variable contains such a malformed fqdn.

Which, in its turn, causes the ipaclient role to fail the host enrollment process.

Thoughts

As per some old comment on serverfault, similar behavior happens when a PTR record value misses a trailing dot. https://serverfault.com/questions/1056739/why-is-the-reverse-zone-name-appended-to-the-returned-domain-names-in-reverse-dn#answer-1056752

I'm not a developer, just a Jr. DevOps engineer, but I searched a bit around the codebase of the ipadnsrecord module and it seems like there's a missing dot in a string template on this line.

---

Is this a bug indeed or we did something wrong? Thanks in advance =D

[rjeffman]

I'm having some issues in my test environment , but it seems that the issue also happens with FreeIPA CLI.

In any case I'm setting this as a bug. We may have to fix it on both sides.

As a workaround, ensure that the zone_name parameter ends with a dot ('.'), as in zone_name: example.com., as this fixed the issued for me.