Univention Bugzilla – Bug 34910
DDNS update with wrong ownersid
Last modified: 2018-03-15 08:24:43 CET
Ticket #2014051921010488 (2 S4 DCs and one Windows 8.1 client) It happens from time to time that the DNS record of a new joined windows client has as owner not the windows client: nTSecurityDescriptor: O:DAG:DAD:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWP Thus the windows client is unable to update the DNS record.
It doesn't happen so often.
I guess the S4-Connector might have made the last modification. The DNS mapping is not perfect and doesn't detect that some changes are not required.
I am unable to reproduce the problem with a modification throught the S4-Connector, but a manually created DNS forward-zone with `ldbadd` before joining the Windows client reproduces the ownership mismatch. https://forge.univention.org/bugzilla/attachment.cgi?id=8773 from bug #39806 implements escalation to system-privileges within the bind9 dlz module, if the requesting host matches the forward-zone. This fixes the issue I can reproduce. Marking as dependent on bug #39806.
IMHO that's fixed with Bug 39806.
*** This bug has been marked as a duplicate of bug 39806 ***
Nothing to release.