Univention Bugzilla – Bug 28829
DDNS-Update bei zusätzlicher IP wird nicht revidiert
Last modified: 2016-10-05 15:51:18 CEST
Details siehe 2012101621005046 Auf einem UCS DC Master mit Samba4 wurde temporär eine zweite IP-Adresse in einem anderen Subnetz erzeugt: ifconfig eth0:1 192.168.0.1 netmask 255.255.255.0 up Die IP wurde dann durch Samba4 als zusätzlicher DNS Forward Eintrag registiert und erscheint korrekt am Hostobjekt im UDM. Der Eintrag wurde aber nie entfernt. Als Folge finden die Clients sporadisch den Anmelderserver nicht, je nachdem welche IP die DNS-Abfrage als erstes zurückliefert.
We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2. As such, this bug is moved to the new target milestone.
samba_dnsupdate has no builtin means to detect if an IP was removed. Maybe the UCR listener should do this cleanup?
Just a short notice on this one: For their DNS updates Windows Clients include a leading delete operation on the record type they want to add (e.g. AAAA) before actually adding that record type again. So this might be the desired behaviour here: Ideally samba_dnsupdate (or whatever tool is used) should perform an authoritative reset on the host specific records. I guess one would need to enhance samba_dnsupdate to make it differenciate between "common" DNS records (e.g. SRV) and "owned" DNS records.
Looks like something is happening upstream in this area: https://bugzilla.samba.org/show_bug.cgi?id=9831
Some docker tests (UCS-4.1 S4-Slave) hang for a long time while waiting for a connection: # ps axf PID TTY STAT TIME COMMAND 1858 ? Ss 0:00 /bin/bash /usr/share/univention-docker-container-mode/setup --username Administrator --password-file /tmp/tmp.oVtea2voJB --app xx22b3nf3j --app-version 1 --error-file /tmp/tmp.JtWvHojwkS 2488 ? S 0:00 \_ /bin/bash /usr/share/univention-docker-container-mode/update_app_version --username Administrator --password-file /tmp/tmp.oVtea2voJB --app xx22b3nf3j --app-version 1 --error-file /tmp/tmp.JtWvHojwkS 3504 ? S 0:00 \_ /usr/bin/python2.7 /usr/bin/univention-app register xx22b3nf3j=1 --component --do-it 3507 ? S 0:00 \_ /usr/bin/python2.7 # lsof -p 3507 -a -d 3 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME python2.7 3507 root 3u IPv4 1325604 0t0 TCP xx22b3nf3j-1450258960105393.autotest095.local:43850->1.2.3.101:http (SYN_SENT) This address is used by one S4 test: *** BEGIN *** ['/bin/bash', '60_dns_register_exclude_interfaces'] *** *** 51_samba4/60_dns_register_exclude_interfaces *** Check UCR variable samba/register/exclude/interfaces *** *** START TIME: 2015-12-15 22:31:03 *** slave095.autotest095.local has address 1.2.3.100 slave095.autotest095.local has address 1.2.3.101 slave095.autotest095.local has address 1.2.3.102 Setting samba/register/exclude/interfaces Multifile: /etc/samba/smb.conf slave095.autotest095.local has address 1.2.3.101 SIOCSIFFLAGS: Die angeforderte Adresse kann nicht zugewiesen werden SIOCSIFFLAGS: Die angeforderte Adresse kann nicht zugewiesen werden Setting samba/register/exclude/interfaces Multifile: /etc/samba/smb.conf slave095.autotest095.local has address 10.210.27.42 *** END TIME: 2015-12-15 22:31:10 *** *** TEST DURATION (H:MM:SS.ms): 0:00:06.344508 *** *** END *** 100 *** I was able to reproduce that on my test VM: # univention-ldapsearch -LLLo ldif-wrap=no aRecord=1.2.3.101 dn aRecord dn: zoneName=phahn.qa,cn=dns,dc=phahn,dc=qa aRecord: 10.200.17.28 aRecord: 1.2.3.100 aRecord: 1.2.3.101 aRecord: 1.2.3.102 dn: relativeDomainName=master41,zoneName=phahn.qa,cn=dns,dc=phahn,dc=qa aRecord: 10.200.17.28 aRecord: 1.2.3.100 aRecord: 1.2.3.101 aRecord: 1.2.3.102 dn: relativeDomainName=gc._msdcs,zoneName=phahn.qa,cn=dns,dc=phahn,dc=qa aRecord: 10.200.17.28 aRecord: 1.2.3.100 aRecord: 1.2.3.101 aRecord: 1.2.3.102 dn: relativeDomainName=DomainDnsZones,zoneName=phahn.qa,cn=dns,dc=phahn,dc=qa aRecord: 10.200.17.28 aRecord: 1.2.3.100 aRecord: 1.2.3.101 aRecord: 1.2.3.102 dn: relativeDomainName=ForestDnsZones,zoneName=phahn.qa,cn=dns,dc=phahn,dc=qa aRecord: 10.200.17.28 aRecord: 1.2.3.100 aRecord: 1.2.3.101 aRecord: 1.2.3.102 # host master41.phahn.qa master41.phahn.qa has address 1.2.3.101 master41.phahn.qa has address 1.2.3.102 master41.phahn.qa has address 10.200.17.28 master41.phahn.qa has address 1.2.3.100 Calling samba_dnsupdate does *not* remove the address: # /usr/sbin/samba_dnsupdate --verbose Exclude the following interfaces: docker0 Exclude the following IP addresses: ['172.17.42.1', 'fe80::942b:f3ff:fe7c:6909%docker0'] IPs: ['10.200.17.28'] Looking for DNS entry A master41.phahn.qa 10.200.17.28 as master41.phahn.qa. Looking for DNS entry A phahn.qa 10.200.17.28 as phahn.qa. Looking for DNS entry SRV _ldap._tcp.phahn.qa master41.phahn.qa 389 as _ldap._tcp.phahn.qa. Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.phahn.qa master41.phahn.qa 389 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.phahn.qa master41.phahn.qa 389 as _ldap._tcp.dc._msdcs.phahn.qa. Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.dc._msdcs.phahn.qa master41.phahn.qa 389 Looking for DNS entry SRV _ldap._tcp.be293ce6-837e-40c4-9199-d60702006c10.domains._msdcs.phahn.qa master41.phahn.qa 389 as _ldap._tcp.be293ce6-837e-40c4-9199-d60702006c10.domains._msdcs.phahn.qa. Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.be293ce6-837e-40c4-9199-d60702006c10.domains._msdcs.phahn.qa master41.phahn.qa 389 Looking for DNS entry SRV _kerberos._tcp.phahn.qa master41.phahn.qa 88 as _kerberos._tcp.phahn.qa. Checking 0 100 88 master41.phahn.qa. against SRV _kerberos._tcp.phahn.qa master41.phahn.qa 88 Looking for DNS entry SRV _kerberos._udp.phahn.qa master41.phahn.qa 88 as _kerberos._udp.phahn.qa. Checking 0 100 88 master41.phahn.qa. against SRV _kerberos._udp.phahn.qa master41.phahn.qa 88 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.phahn.qa master41.phahn.qa 88 as _kerberos._tcp.dc._msdcs.phahn.qa. Checking 0 100 88 master41.phahn.qa. against SRV _kerberos._tcp.dc._msdcs.phahn.qa master41.phahn.qa 88 Looking for DNS entry SRV _kpasswd._tcp.phahn.qa master41.phahn.qa 464 as _kpasswd._tcp.phahn.qa. Checking 0 100 464 master41.phahn.qa. against SRV _kpasswd._tcp.phahn.qa master41.phahn.qa 464 Looking for DNS entry SRV _kpasswd._udp.phahn.qa master41.phahn.qa 464 as _kpasswd._udp.phahn.qa. Checking 0 100 464 master41.phahn.qa. against SRV _kpasswd._udp.phahn.qa master41.phahn.qa 464 Looking for DNS entry CNAME 9eed877a-07cb-4b3e-b8b8-894ab7e3ec69._msdcs.phahn.qa master41.phahn.qa as 9eed877a-07cb-4b3e-b8b8-894ab7e3ec69._msdcs.phahn.qa. Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 389 as _ldap._tcp.Default-First-Site-Name._sites.phahn.qa. Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 389 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa master41.phahn.qa 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa. Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa master41.phahn.qa 389 Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 88 as _kerberos._tcp.Default-First-Site-Name._sites.phahn.qa. Checking 0 100 88 master41.phahn.qa. against SRV _kerberos._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 88 Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa master41.phahn.qa 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa. Checking 0 100 88 master41.phahn.qa. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa master41.phahn.qa 88 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.phahn.qa master41.phahn.qa 389 as _ldap._tcp.pdc._msdcs.phahn.qa. Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.pdc._msdcs.phahn.qa master41.phahn.qa 389 Looking for DNS entry A gc._msdcs.phahn.qa 10.200.17.28 as gc._msdcs.phahn.qa. Looking for DNS entry SRV _gc._tcp.phahn.qa master41.phahn.qa 3268 as _gc._tcp.phahn.qa. Checking 0 100 3268 master41.phahn.qa. against SRV _gc._tcp.phahn.qa master41.phahn.qa 3268 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.phahn.qa master41.phahn.qa 3268 as _ldap._tcp.gc._msdcs.phahn.qa. Checking 0 100 3268 master41.phahn.qa. against SRV _ldap._tcp.gc._msdcs.phahn.qa master41.phahn.qa 3268 Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 3268 as _gc._tcp.Default-First-Site-Name._sites.phahn.qa. Checking 0 100 3268 master41.phahn.qa. against SRV _gc._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 3268 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.phahn.qa master41.phahn.qa 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.phahn.qa. Checking 0 100 3268 master41.phahn.qa. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.phahn.qa master41.phahn.qa 3268 Looking for DNS entry A DomainDnsZones.phahn.qa 10.200.17.28 as DomainDnsZones.phahn.qa. Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.phahn.qa master41.phahn.qa 389 as _ldap._tcp.DomainDnsZones.phahn.qa. Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.DomainDnsZones.phahn.qa master41.phahn.qa 389 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.phahn.qa master41.phahn.qa 389 as _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.phahn.qa. Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.phahn.qa master41.phahn.qa 389 Looking for DNS entry A ForestDnsZones.phahn.qa 10.200.17.28 as ForestDnsZones.phahn.qa. Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.phahn.qa master41.phahn.qa 389 as _ldap._tcp.ForestDnsZones.phahn.qa. Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.ForestDnsZones.phahn.qa master41.phahn.qa 389 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.phahn.qa master41.phahn.qa 389 as _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.phahn.qa. Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.phahn.qa master41.phahn.qa 389 No DNS updates needed Disable *51_samba4/60_dns_register_exclude_interfaces* for now?
r66391 | Bug #28829 test: Disable 51_samba4/60_dns_register_exclude_interfaces for now Package: ucs-test Version: 6.0.28-6.1361.201512161357 Branch: ucs_4.1-0 Scope: errata4.1-0
It has been fixed in the upstream Samba package: https://bugzilla.samba.org/show_bug.cgi?id=9831