Univention Bugzilla – Bug 24875
Inkonsistenz bei den registrierten IPv6 DC-Adressen an der Forward-Zone
Last modified: 2016-10-11 08:02:27 CEST
In einer frisch installierten UCS-Samba4-Domäne mit Master, Backup und Slave sind nach dem Durchlauf des univention-samba4 Joinscripts alle IPv4 Adressen an der Forward-Zone registriert, aber nicht alle IPv6-Adressen. root@master140:~# host arucs3rci5.qa arucs3rci5.qa has address 10.200.8.142 arucs3rci5.qa has address 10.200.8.140 arucs3rci5.qa has address 10.200.8.141 arucs3rci5.qa has IPv6 address 2001:4dd0:ff00:8c42:ff08::140 arucs3rci5.qa has IPv6 address 2001:4dd0:ff00:8c42:ff08::141 Ausserdem sind die Daten im LDAP und im S4 unterschiedlich: root@master140:~# univention-ldapsearch -b zonename=arucs3rci5.qa,cn=dns,dc=arucs3rci5,dc=qa -s base # extended LDIF # # LDAPv3 # base <zonename=arucs3rci5.qa,cn=dns,dc=arucs3rci5,dc=qa> with scope baseObject # filter: (objectclass=*) # requesting: ALL # # arucs3rci5.qa, dns, arucs3rci5.qa dn: zoneName=arucs3rci5.qa,cn=dns,dc=arucs3rci5,dc=qa nSRecord: master140.arucs3rci5.qa. objectClass: top objectClass: dNSZone objectClass: univentionObject univentionObjectType: dns/forward_zone dNSTTL: 1 relativeDomainName: @ zoneName: arucs3rci5.qa aAAARecord: 2001:4dd0:ff00:8c42:ff08::141 sOARecord: master140.arucs3rci5.qa. root.arucs3rci5.qa. 60 2 7 6 1 aRecord: 10.200.8.140 aRecord: 10.200.8.141 aRecord: 10.200.8.142 root@master140:~# univention-s4search -b DC=@,DC=arucs3rci5.qa,CN=MicrosoftDNS,CN=System,DC=arucs3rci5,DC=qa | s4search-decode # record 1 dn: DC=@,DC=arucs3rci5.qa,CN=MicrosoftDNS,CN=System,DC=arucs3rci5,DC=qa objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20111124102909.0Z uSNCreated: 3849 showInAdvancedViewOnly: TRUE name: @ objectGUID: 9f08cfde-cf3d-4710-aafe-51711844e336 objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=arucs3rci5,DC=qa dc: @ whenChanged: 20111124111548.0Z dnsRecord:: GwACAAUAAAABAAAAAAADhAAAAAAAAAAAGQMJbWFzdGVyMTQwCmFydWNzM3JjaTUCcWEA # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x001b (27) # wType : DNS_TYPE_NS (2) # version : 0x05 (5) # rank : DNS_RANK_NONE (0) # flags : 0x0000 (0) # dwSerial : 0x00000001 (1) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x00000000 (0) # data : union dnsRecordData(case 2) # ns : master140.arucs3rci5.qa dnsRecord:: BAABAAUAAAABAAAAAAADhAAAAAAAAAAACsgIjA== # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0004 (4) # wType : DNS_TYPE_A (1) # version : 0x05 (5) # rank : DNS_RANK_NONE (0) # flags : 0x0000 (0) # dwSerial : 0x00000001 (1) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x00000000 (0) # data : union dnsRecordData(case 1) # ipv4 : 10.200.8.140 dnsRecord:: BAABAAUAAAABAAAAAAADhAAAAAAAAAAACsgIjQ== # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0004 (4) # wType : DNS_TYPE_A (1) # version : 0x05 (5) # rank : DNS_RANK_NONE (0) # flags : 0x0000 (0) # dwSerial : 0x00000001 (1) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x00000000 (0) # data : union dnsRecordData(case 1) # ipv4 : 10.200.8.141 dnsRecord:: BAABAAUAAAABAAAAAAADhAAAAAAAAAAACsgIjg== # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0004 (4) # wType : DNS_TYPE_A (1) # version : 0x05 (5) # rank : DNS_RANK_NONE (0) # flags : 0x0000 (0) # dwSerial : 0x00000001 (1) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x00000000 (0) # data : union dnsRecordData(case 1) # ipv4 : 10.200.8.142 dnsRecord:: EAAcAAUAAAABAAAAAAADhAAAAAAAAAAAIAFN0P8AjEL/CAAAAAABQQ== # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0010 (16) # wType : DNS_TYPE_AAAA (28) # version : 0x05 (5) # rank : DNS_RANK_NONE (0) # flags : 0x0000 (0) # dwSerial : 0x00000001 (1) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x00000000 (0) # data : union dnsRecordData(case 28) # ipv6 : 2001:4dd0:ff00:8c42:ff08:0000:0000:0141 dnsRecord:: EAAcAAXwAAA8AAAAAAADhAAAAACr9TYAIAFN0P8AjEL/CAAAAAABQA== # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0010 (16) # wType : DNS_TYPE_AAAA (28) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x0000003c (60) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x0036f5ab (3601835) # data : union dnsRecordData(case 28) # ipv6 : 2001:4dd0:ff00:8c42:ff08:0000:0000:0140 dnsRecord:: RQAGAAXwAAA8AAAAAAAAAQAAAACr9TYAAAAAPQAAAAIAAAAHAAAABgAAAAAZAwltYXN0ZXIxNDAKYXJ1Y3MzcmNpNQJxYQAUAwRyb290CmFydWNzM3JjaTUCcWEA # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0045 (69) # wType : DNS_TYPE_SOA (6) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x0000003c (60) # dwTtlSeconds : 0x00000001 (1) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x0036f5ab (3601835) # data : union dnsRecordData(case 6) # soa: struct dnsp_soa # serial : 0x0000003d (61) # refresh : 0x00000002 (2) # retry : 0x00000007 (7) # expire : 0x00000006 (6) # minimum : 0x00000000 (0) # mname : master140.arucs3rci5.qa # rname : root.arucs3rci5.qa uSNChanged: 5518 distinguishedName: DC=@,DC=arucs3rci5.qa,CN=MicrosoftDNS,CN=System,DC=arucs3rci5,DC=qa
Created attachment 3890 [details] connector-s4.log
Created attachment 3891 [details] join.log von master140 In diesem log ist nur eine Zeile Object modified: zoneName=arucs3rci5.qa,cn=dns,dc=arucs3rci5,dc=qa
Created attachment 3892 [details] join.log von backup141 In diesem log sind korrekt zwei Zeilen Object modified: zoneName=arucs3rci5.qa,cn=dns,dc=arucs3rci5,dc=qa
Created attachment 3893 [details] join.log von slave142 In diesem log ist auch nur eine Zeile Object modified: zoneName=arucs3rci5.qa,cn=dns,dc=arucs3rci5,dc=qa
Alle Systeme waren sowohl mit IPv4 als auch mit IPv6 aufgesetzt per Installer. Die Systeme können sich untereinander per ping6 erreichen. Der hier dokumentierte Zustand fiel dadurch auf, dass ein Windows7 IPv6-Client nicht über den Netbios-Namen "ARUCS3RCI5" joinen konnte, was aber vermutlich nur an der fehlenden IPv4-WINS-Konfiguration lag. Über den Domänennamen war ein Join möglich, dabei trat allerdings Bug 23161#c11 auf. Eine Anmeldung als Domänenadministrator nach dem Reboot war möglich. In einem zweiten Versuch habe ich an der Forward-Zone im LDAP die beiden fehlenden IPv6-Adressen manuell per UDM nachgetragen. Ein erneuter Join-Versuch mit IPv6+IPv4+WINS am Windows-Client gegen den Netbios-Namen funktionierte dann aber auch erst als ich den WINS-Server eingetragen hatte. Ich denke also das das Join-Verhalten gegen Netbios hier normal ist.
samba4 Version: 4.0.3-1.375.201304101253 univention-samba4 Version: 2.0.44-1.437.201303191341 root@master:~# host arecordv6.dom arecordv6.dom has address 10.200.31.97 arecordv6.dom has address 10.200.31.98 arecordv6.dom has address 10.200.31.99 arecordv6.dom has IPv6 address 2001:4dd0:ff00:8c42:ff31::97 arecordv6.dom has IPv6 address 2001:4dd0:ff00:8c42:ff31::99 arecordv6.dom has IPv6 address 2001:4dd0:ff00:8c42:ff31::98 Mittlerweile werden alle IPv4 und IPv6 Adressen an der Forward Zone registriert. Die Daten im LDAP und im S4 unterscheiden sich allerdings immer noch: root@master:~# univention-ldapsearch -b zonename=arecordv6.dom,cn=dns,dc=arecordv6,dc=dom -s base # extended LDIF # # LDAPv3 # base <zonename=arecordv6.dom,cn=dns,dc=arecordv6,dc=dom> with scope baseObject # filter: (objectclass=*) # requesting: ALL # # arecordv6.dom, dns, arecordv6.dom dn: zoneName=arecordv6.dom,cn=dns,dc=arecordv6,dc=dom objectClass: top objectClass: dNSZone objectClass: univentionObject univentionObjectType: dns/forward_zone dNSTTL: 10800 relativeDomainName: @ zoneName: arecordv6.dom nSRecord: master.arecordv6.dom. nSRecord: backup.arecordv6.dom. nSRecord: slave.arecordv6.dom. sOARecord: master.arecordv6.dom. root.arecordv6.dom. 65 28800 7200 604800 1080 0 aRecord: 10.200.31.98 aRecord: 10.200.31.99 aRecord: 10.200.31.97 root@master:~# univention-s4search -b DC=@,DC=arecordv6.dom,CN=MicrosoftDNS,CN=System,DC=arecordv6,DC=dom | s4search-decode SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_NO_LOGON_SERVERS # record 1 dn: DC=@,DC=arecordv6.dom,CN=MicrosoftDNS,CN=System,DC=arecordv6,DC=dom objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20130522113957.0Z uSNCreated: 3427 showInAdvancedViewOnly: TRUE name: @ objectGUID: 807fb746-58e6-4024-83ca-a4470db15657 objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=arecordv6,DC=dom dc: @ whenChanged: 20130522130235.0Z dnsRecord:: GAACAAXwAAABAAAAAAADhAAAAAAAAAAAFgMGbWFzdGVyCWFyZWNvcmR2NgNkb20A # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0018 (24) # wType : DNS_TYPE_NS (2) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x00000001 (1) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x00000000 (0) # data : union dnsRecordData(case 2) # ns : master.arecordv6.dom dnsRecord:: GAACAAXwAAABAAAAAAADhAAAAAAAAAAAFgMGYmFja3VwCWFyZWNvcmR2NgNkb20A # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0018 (24) # wType : DNS_TYPE_NS (2) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x00000001 (1) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x00000000 (0) # data : union dnsRecordData(case 2) # ns : backup.arecordv6.dom dnsRecord:: FwACAAXwAAABAAAAAAADhAAAAAAAAAAAFQMFc2xhdmUJYXJlY29yZHY2A2RvbQA= # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0017 (23) # wType : DNS_TYPE_NS (2) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x00000001 (1) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x00000000 (0) # data : union dnsRecordData(case 2) # ns : slave.arecordv6.dom dnsRecord:: BAABAAXwAAABAAAAAAADhAAAAAAAAAAACsgfYg== # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0004 (4) # wType : DNS_TYPE_A (1) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x00000001 (1) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x00000000 (0) # data : union dnsRecordData(case 1) # ipv4 : 10.200.31.98 dnsRecord:: BAABAAXwAAABAAAAAAADhAAAAAAAAAAACsgfYw== # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0004 (4) # wType : DNS_TYPE_A (1) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x00000001 (1) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x00000000 (0) # data : union dnsRecordData(case 1) # ipv4 : 10.200.31.99 dnsRecord:: BAABAAXwAAABAAAAAAADhAAAAAAAAAAACsgfYQ== # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0004 (4) # wType : DNS_TYPE_A (1) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x00000001 (1) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x00000000 (0) # data : union dnsRecordData(case 1) # ipv4 : 10.200.31.97 dnsRecord:: EAAcAAXwAABBAAAAAAADhAAAAADEKDcAIAFN0P8AjEL/MQAAAAAAmQ== # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0010 (16) # wType : DNS_TYPE_AAAA (28) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x00000041 (65) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x003728c4 (3614916) # data : union dnsRecordData(case 28) # ipv6 : 2001:4dd0:ff00:8c42:ff31:0000:0000:0099 dnsRecord:: EAAcAAXwAABCAAAAAAADhAAAAADEKDcAIAFN0P8AjEL/MQAAAAAAmA== # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0010 (16) # wType : DNS_TYPE_AAAA (28) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x00000042 (66) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x003728c4 (3614916) # data : union dnsRecordData(case 28) # ipv6 : 2001:4dd0:ff00:8c42:ff31:0000:0000:0098 dnsRecord:: EAAcAAXwAABDAAAAAAADhAAAAADFKDcAIAFN0P8AjEL/MQAAAAAAlw== # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0010 (16) # wType : DNS_TYPE_AAAA (28) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x00000043 (67) # dwTtlSeconds : 0x00000384 (900) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x003728c5 (3614917) # data : union dnsRecordData(case 28) # ipv6 : 2001:4dd0:ff00:8c42:ff31:0000:0000:0097 dnsRecord:: QgAGAAXwAABKAAAAAAAqMAAAAADFKDcAAAAASwAAcIAAABwgAAk6gAAAAAAWAwZtYXN0ZXIJYXJlY29yZHY2A2RvbQAUAwRyb290CWFyZWNvcmR2NgNkb20A # decoded: # dnsp_DnssrvRpcRecord: struct dnsp_DnssrvRpcRecord # wDataLength : 0x0042 (66) # wType : DNS_TYPE_SOA (6) # version : 0x05 (5) # rank : DNS_RANK_ZONE (240) # flags : 0x0000 (0) # dwSerial : 0x0000004a (74) # dwTtlSeconds : 0x00002a30 (10800) # dwReserved : 0x00000000 (0) # dwTimeStamp : 0x003728c5 (3614917) # data : union dnsRecordData(case 6) # soa: struct dnsp_soa # serial : 0x0000004b (75) # refresh : 0x00007080 (28800) # retry : 0x00001c20 (7200) # expire : 0x00093a80 (604800) # minimum : 0x00000000 (0) # mname : master.arecordv6.dom # rname : root.arecordv6.dom uSNChanged: 3647 distinguishedName: DC=@,DC=arecordv6.dom,CN=MicrosoftDNS,CN=System,DC=arecordv6,DC=dom
This issue has been filed against UCS 3.0. UCS 3.0 is out of maintenance and many UCS components have vastly changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please reopen.