Univention Bugzilla – Bug 29412
Zonen beginnend mit Zahlen oder Großbuchstaben funktionieren mit samba4 Backend nicht mehr
Last modified: 2012-12-12 21:10:26 CET
http://forum.univention.de/viewtopic.php?t=2083 eval "$(ucr shell)" udm dns/forward_zone create --position cn=dns,$ldap_base --set zone="007.lish" --set nameserver="${hostname}.${domainname}." udm dns/forward_zone create --position cn=dns,$ldap_base --set zone="AABccd.lish" --set nameserver="${hostname}.${domainname}." udm dns/host_record create --superordinate "zoneName=AABccd.lish,cn=dns,$ldap_base" --set name=foobar --set a=10.200.6.198 udm dns/host_record create --superordinate "zoneName=007.lish,cn=dns,$ldap_base" --set name=foobar --set a=10.200.6.198 Mit dns/backend=samba4 funktionieren die Zonen mit UCS 3.0-2. Mit UCS 3.1 gibt es beim samba4 Backend die folgenden Fehlermeldungen, mit ldap Backend funktioniert das: --- Nov 26 21:20:57 master named[15066]: starting BIND 9.8.0-P4 -c /etc/bind/named.conf.samba4 -f Nov 26 21:20:57 master named[15066]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-dlz-dlopen' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS=' Nov 26 21:20:57 master named[15066]: adjusted limit on open files from 4096 to 1048576 Nov 26 21:20:57 master named[15066]: found 1 CPU, using 1 worker thread Nov 26 21:20:57 master named[15066]: using up to 4096 sockets Nov 26 21:20:57 master named[15066]: loading configuration from '/etc/bind/named.conf.samba4' Nov 26 21:20:57 master named[15066]: reading built-in trusted keys from file '/etc/bind/bind.keys' Nov 26 21:20:57 master named[15066]: using default UDP/IPv4 port range: [1024, 65535] Nov 26 21:20:57 master named[15066]: using default UDP/IPv6 port range: [1024, 65535] Nov 26 21:20:57 master named[15066]: listening on IPv6 interfaces, port 53 Nov 26 21:20:57 master named[15066]: listening on IPv4 interface lo, 127.0.0.1#53 Nov 26 21:20:57 master named[15066]: listening on IPv4 interface eth0, 10.200.6.140#53 Nov 26 21:20:57 master named[15066]: generating session key for dynamic DNS Nov 26 21:20:57 master named[15066]: Loading 'samba4.zone' using driver dlopen Nov 26 21:20:57 master named[15066]: samba_dlz: started for DN DC=jm31,DC=lish Nov 26 21:20:57 master named[15066]: samba_dlz: starting configure Nov 26 21:20:57 master named[15066]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=jm31,DC=lish' Nov 26 21:20:57 master named[15066]: samba_dlz: configured writeable zone '6.200.10.in-addr.arpa' Nov 26 21:20:57 master named[15066]: samba_dlz: trying container 'CN=MicrosoftDNS,CN=System,DC=jm31,DC=lish' Nov 26 21:20:57 master named[15066]: zone AABccd.lish/NONE: has 0 SOA records Nov 26 21:20:57 master named[15066]: zone AABccd.lish/NONE: has no NS records Nov 26 21:20:57 master named[15066]: samba_dlz: Failed to configure zone 'AABccd.lish' Nov 26 21:20:57 master named[15066]: loading configuration: bad zone Nov 26 21:20:57 master named[15066]: exiting (due to fatal error) ---
Created attachment 4843 [details] stripped_down_33_dlz_bind9_disable_application_partitions.patch Wenn man Samba4 mit der angehängten abgespeckten Variante des 33_dlz_bind9_disable_application_partitions.patch baut, sieht man im Debug log, dass die bind9 Helfer-Funktion "writable_zone" den Zonennamen in lowercase sucht: Nov 26 15:40:34 backup named[27502]: samba_dlz: ldb: ldb_trace_request: SEARCH Nov 26 15:40:34 backup named[27502]: samba_dlz: dn: DC=@,DC=aabccd.lish,CN=MicrosoftDNS,CN=System,DC=arucs31i14,DC=qa Die bisherige Version des 33_dlz_bind9_disable_application_partitions.patch führte aber einen Case-sensitiven Lookup in einer internen Cache-Tabelle durch. Da die per 33_dlz_bind9_disable_application_partitions.patch eingeführte Zonen-Cache-Tabelle generell bei jedem DNS-Lookup mindestens ein zusätzliches LDB-Search erspart wurde die bisherige Version des Patches jetzt einfach so angepasst, dass Zonennamen Case-insensitiv in der Tabelle gesucht werden.
OK, funktioniert jetzt.
UCS 3.1-0 has been released: http://forum.univention.de/viewtopic.php?f=54&t=2125 If this error occurs again, please use "Clone This Bug".