Univention Bugzilla – Bug 53971
NFS mount policy evaluation always takes the first IPv4 address
Last modified: 2023-02-22 07:23:37 CET
The NFS mount policy evaluation always takes the first IPv4 address of any host DNS record matching the set FQDN. Fallback is the FQDN. base/univention-base-files/univention-directory-policy/nfsmounts.py 209 » » # get the ip of the share_host 210 » » hostname, domain = share_host.split('.', 1) 211 » » result = lo.lo.search_s(configRegistry['ldap/base'], ldap.SCOPE_SUBTREE, '(&(relativeDomainName=%s)(zoneName=%s))' % (hostname, domain), attrlist=['aRecord']) 212 » » try: 213 » » » attributes = result[0][1] 214 » » » nfs_path_ip = "%s:%s" % (attributes['aRecord'][0], share_path) 215 » » except LookupError: 216 » » » nfs_path_ip = nfs_path_fqdn Why are we specifying a IP address at all? Isn't the FQDN working? (goes back to git:23b388d1700845c80a5f88c670620baa80f94bb9 - no information about it) Is it correct to use the first IPv4 address? Could also be that that IP doesn't work for the network interface? If there is no IPv4 address set, shouldn't we use a IPv6 address? Is it correct that IPv4 has precedence over IPv6? Can the LDAP search return multiple entries? Is it then correct to use the first one? I think the LDAP filter can also match CNAME records. (we should add sizelimit=1)
Always prefer the DNS name as it will resolve to the correct address when it is resolved. At least for IPv6 it is required to use a `for addr in getaddrinfo(node): if connect(addr).successful: break` construct to try all returned addresses in order until one connects successful, which might also differ for individual programs.