Univention Bugzilla – Bug 44104
DNS SOA sync_to_ucs reject
Last modified: 2018-11-07 14:33:42 CET
Created attachment 8664 [details] SOA_mname.patch In an AD-Takeover customer environment synchronization of some DC=@ SOA DNS records failed in the S4-Connector sync_to_ucs direction due to a trivial missing trailing dot: ============================================================================== 28.03.2017 12:10:55,864 LDAP (PROCESS): sync to ucs: Resync rejected dn: DC=@,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=foo,DC=bar 28.03.2017 12:10:55,868 LDAP (PROCESS): sync to ucs: [ dns] [ modify] zonename=0.168.192.in-addr.arpa,cn=dns,dc=foo,dc=bar 28.03.2017 12:10:55,871 LDAP (ERROR ): Unknown Exception during sync_to_ucs 28.03.2017 12:10:55,871 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/s4connector/__init__.py", line 1472, in sync_to_ucs result = self.property[property_type].ucs_sync_function(self, property_type, object) File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1677, in con2ucs elif object['modtype'] in ['delete']: File "/usr/lib/pymodules/python2.7/univention/s4connector/s4/dns.py", line 1426, in ucs_zone_create else: File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 317, in modify return self._modify(modify_childs, ignore_license=ignore_license) File "/usr/lib/pymodules/python2.7/univention/admin/handlers/__init__.py", line 813, in _modify self.lo.modify(self.dn, ml, ignore_license=ignore_license) File "/usr/lib/pymodules/python2.7/univention/admin/uldap.py", line 471, in modify raise univention.admin.uexceptions.ldapError(_err2str(msg), original_exception=msg) ldapError: Type or value exists: nSRecord: value #0 provided more than once ============================================================================== The attached patch fixed the issue and would improve robustness of the product. +++ This bug was initially created as a clone of Bug #44103 +++
+ if mname and mname[-1] != ".": → More pythonic is: if not mname.endswith('.'):
I saw this today after backup2master in an UCS@school Multi-School enivronment with a lot of DNS zones. No clue why this happend, though.
Just to make this clear: The patch works fine :)
f00b47e465 | Fix sync_to_ucs reject for DNS SOAs with trailing dot missing in the NS RR. b2db0d0cf8 | Advisory
not sure but i think we want this --- a/services/univention-s4-connector/modules/univention/s4connector/s4/dns.py +++ b/services/univention-s4-connector/modules/univention/s4connector/s4/dns.py @@ -1475,7 +1475,7 @@ def ucs_zone_create(s4connector, object, dns_type): if mname and not mname.endswith("."): mname = "%s." % mname if mname not in ns: - ns.insert(0, soa['mname']) + ns.insert(0, mname) zone['nameserver'] = ns modify = True if soa['rname'].replace('.', '@', 1) != zone['contact'].rstrip('.'):
1efd752847 | fix, also for initial add b00b5c7ecf | Advisory
seems to work, but two dns jenkins tests are now broken - http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-2/job/AutotestJoin/SambaVersion=s4connector,Systemrolle=master/lastCompletedBuild/testReport/
The failing test cases don't cover the adjusted code and they work on my VM. I've adjusted the test cases none the less, improving the order of waits. 17617fb6ca | Improve test stability of 175sync_create_dns_a*_create
test still fail
Created attachment 9715 [details] ucs-test.log I have run ucs-ec2-create -c autotest-091-master-s4connector.cfg and run the two test cases manually (./175sync_create_dns_a*_record -f) and they succeeded, see attachment.
Ah, got it: 7a2feaefd0 | Perform a case insensitive compare of ns records ac47668447 | Advisory
OK - sync to ucs with SOA without trailing dot OK - tests OK - yaml
<http://errata.software-univention.de/ucs/4.3/304.html>