First Last Prev Next    This bug is not in your last search results.
Bug 28829 - DDNS-Update bei zusätzlicher IP wird nicht revidiert
DDNS-Update bei zusätzlicher IP wird nicht revidiert
Status: RESOLVED WORKSFORME
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.1
Other Linux
: P5 normal (vote)
: ---
Assigned To: Samba maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-18 12:35 CEST by Ingo Steuwer
Modified: 2016-10-05 15:51 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ingo Steuwer univentionstaff 2012-10-18 12:35:03 CEST 
Details siehe 2012101621005046

Auf einem UCS DC Master mit Samba4 wurde temporär eine zweite IP-Adresse in einem anderen Subnetz erzeugt:

ifconfig eth0:1 192.168.0.1 netmask 255.255.255.0 up

Die IP wurde dann durch Samba4 als zusätzlicher DNS Forward Eintrag registiert und erscheint korrekt am Hostobjekt im UDM. Der Eintrag wurde aber nie entfernt.

Als Folge finden die Clients sporadisch den Anmelderserver nicht, je nachdem welche IP die DNS-Abfrage als erstes zurückliefert.
Comment 1 Moritz Muehlenhoff univentionstaff 2013-05-31 10:44:27 CEST 
We will not ship a UCS 3.1-2 release; the next UCS release will be UCS 3.2.

As such, this bug is moved to the new target milestone.
Comment 2 Arvid Requate univentionstaff 2013-06-10 10:32:31 CEST 
samba_dnsupdate has no builtin means to detect if an IP was removed. Maybe the UCR listener should do this cleanup?
Comment 3 Arvid Requate univentionstaff 2014-05-19 19:17:26 CEST 
Just a short notice on this one: For their DNS updates Windows Clients include a leading delete operation on the record type they want to add (e.g. AAAA) before actually adding that record type again. So this might be the desired behaviour here: Ideally samba_dnsupdate (or whatever tool is used) should perform an authoritative reset on the host specific records.

I guess one would need to enhance samba_dnsupdate to make it differenciate between "common" DNS records (e.g. SRV) and "owned" DNS records.
Comment 4 Arvid Requate univentionstaff 2014-09-01 19:38:18 CEST 
Looks like something is happening upstream in this area:

https://bugzilla.samba.org/show_bug.cgi?id=9831
Comment 5 Philipp Hahn univentionstaff 2015-12-16 13:42:24 CET 
Some docker tests (UCS-4.1 S4-Slave) hang for a long time while waiting for a connection:

# ps axf
  PID TTY      STAT   TIME COMMAND
 1858 ?        Ss     0:00 /bin/bash /usr/share/univention-docker-container-mode/setup --username Administrator --password-file /tmp/tmp.oVtea2voJB --app xx22b3nf3j --app-version 1 --error-file /tmp/tmp.JtWvHojwkS
 2488 ?        S      0:00  \_ /bin/bash /usr/share/univention-docker-container-mode/update_app_version --username Administrator --password-file /tmp/tmp.oVtea2voJB --app xx22b3nf3j --app-version 1 --error-file /tmp/tmp.JtWvHojwkS
 3504 ?        S      0:00      \_ /usr/bin/python2.7 /usr/bin/univention-app register xx22b3nf3j=1 --component --do-it
 3507 ?        S      0:00          \_ /usr/bin/python2.7

# lsof -p 3507 -a -d 3
COMMAND    PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
python2.7 3507 root    3u  IPv4 1325604      0t0  TCP xx22b3nf3j-1450258960105393.autotest095.local:43850->1.2.3.101:http (SYN_SENT)


This address is used by one S4 test:

*** BEGIN *** ['/bin/bash', '60_dns_register_exclude_interfaces'] ***
*** 51_samba4/60_dns_register_exclude_interfaces *** Check UCR variable samba/register/exclude/interfaces ***
*** START TIME: 2015-12-15 22:31:03 ***
slave095.autotest095.local has address 1.2.3.100
slave095.autotest095.local has address 1.2.3.101
slave095.autotest095.local has address 1.2.3.102
Setting samba/register/exclude/interfaces
Multifile: /etc/samba/smb.conf
slave095.autotest095.local has address 1.2.3.101
SIOCSIFFLAGS: Die angeforderte Adresse kann nicht zugewiesen werden
SIOCSIFFLAGS: Die angeforderte Adresse kann nicht zugewiesen werden
Setting samba/register/exclude/interfaces
Multifile: /etc/samba/smb.conf
slave095.autotest095.local has address 10.210.27.42
*** END TIME: 2015-12-15 22:31:10 ***
*** TEST DURATION (H:MM:SS.ms): 0:00:06.344508 ***
*** END *** 100 ***


I was able to reproduce that on my test VM:

# univention-ldapsearch -LLLo ldif-wrap=no aRecord=1.2.3.101 dn aRecord
dn: zoneName=phahn.qa,cn=dns,dc=phahn,dc=qa
aRecord: 10.200.17.28
aRecord: 1.2.3.100
aRecord: 1.2.3.101
aRecord: 1.2.3.102

dn: relativeDomainName=master41,zoneName=phahn.qa,cn=dns,dc=phahn,dc=qa
aRecord: 10.200.17.28
aRecord: 1.2.3.100
aRecord: 1.2.3.101
aRecord: 1.2.3.102

dn: relativeDomainName=gc._msdcs,zoneName=phahn.qa,cn=dns,dc=phahn,dc=qa
aRecord: 10.200.17.28
aRecord: 1.2.3.100
aRecord: 1.2.3.101
aRecord: 1.2.3.102

dn: relativeDomainName=DomainDnsZones,zoneName=phahn.qa,cn=dns,dc=phahn,dc=qa
aRecord: 10.200.17.28
aRecord: 1.2.3.100
aRecord: 1.2.3.101
aRecord: 1.2.3.102

dn: relativeDomainName=ForestDnsZones,zoneName=phahn.qa,cn=dns,dc=phahn,dc=qa
aRecord: 10.200.17.28
aRecord: 1.2.3.100
aRecord: 1.2.3.101
aRecord: 1.2.3.102

# host master41.phahn.qa
master41.phahn.qa has address 1.2.3.101
master41.phahn.qa has address 1.2.3.102
master41.phahn.qa has address 10.200.17.28
master41.phahn.qa has address 1.2.3.100



Calling samba_dnsupdate does *not* remove the address:
# /usr/sbin/samba_dnsupdate --verbose
Exclude the following interfaces: docker0
Exclude the following IP addresses: ['172.17.42.1', 'fe80::942b:f3ff:fe7c:6909%docker0']
IPs: ['10.200.17.28']
Looking for DNS entry A master41.phahn.qa 10.200.17.28 as master41.phahn.qa.
Looking for DNS entry A phahn.qa 10.200.17.28 as phahn.qa.
Looking for DNS entry SRV _ldap._tcp.phahn.qa master41.phahn.qa 389 as _ldap._tcp.phahn.qa.
Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.phahn.qa master41.phahn.qa 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.phahn.qa master41.phahn.qa 389 as _ldap._tcp.dc._msdcs.phahn.qa.
Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.dc._msdcs.phahn.qa master41.phahn.qa 389
Looking for DNS entry SRV _ldap._tcp.be293ce6-837e-40c4-9199-d60702006c10.domains._msdcs.phahn.qa master41.phahn.qa 389 as _ldap._tcp.be293ce6-837e-40c4-9199-d60702006c10.domains._msdcs.phahn.qa.
Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.be293ce6-837e-40c4-9199-d60702006c10.domains._msdcs.phahn.qa master41.phahn.qa 389
Looking for DNS entry SRV _kerberos._tcp.phahn.qa master41.phahn.qa 88 as _kerberos._tcp.phahn.qa.
Checking 0 100 88 master41.phahn.qa. against SRV _kerberos._tcp.phahn.qa master41.phahn.qa 88
Looking for DNS entry SRV _kerberos._udp.phahn.qa master41.phahn.qa 88 as _kerberos._udp.phahn.qa.
Checking 0 100 88 master41.phahn.qa. against SRV _kerberos._udp.phahn.qa master41.phahn.qa 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.phahn.qa master41.phahn.qa 88 as _kerberos._tcp.dc._msdcs.phahn.qa.
Checking 0 100 88 master41.phahn.qa. against SRV _kerberos._tcp.dc._msdcs.phahn.qa master41.phahn.qa 88
Looking for DNS entry SRV _kpasswd._tcp.phahn.qa master41.phahn.qa 464 as _kpasswd._tcp.phahn.qa.
Checking 0 100 464 master41.phahn.qa. against SRV _kpasswd._tcp.phahn.qa master41.phahn.qa 464
Looking for DNS entry SRV _kpasswd._udp.phahn.qa master41.phahn.qa 464 as _kpasswd._udp.phahn.qa.
Checking 0 100 464 master41.phahn.qa. against SRV _kpasswd._udp.phahn.qa master41.phahn.qa 464
Looking for DNS entry CNAME 9eed877a-07cb-4b3e-b8b8-894ab7e3ec69._msdcs.phahn.qa master41.phahn.qa as 9eed877a-07cb-4b3e-b8b8-894ab7e3ec69._msdcs.phahn.qa.
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 389 as _ldap._tcp.Default-First-Site-Name._sites.phahn.qa.
Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa master41.phahn.qa 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa.
Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa master41.phahn.qa 389
Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 88 as _kerberos._tcp.Default-First-Site-Name._sites.phahn.qa.
Checking 0 100 88 master41.phahn.qa. against SRV _kerberos._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 88
Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa master41.phahn.qa 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa.
Checking 0 100 88 master41.phahn.qa. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.phahn.qa master41.phahn.qa 88
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.phahn.qa master41.phahn.qa 389 as _ldap._tcp.pdc._msdcs.phahn.qa.
Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.pdc._msdcs.phahn.qa master41.phahn.qa 389
Looking for DNS entry A gc._msdcs.phahn.qa 10.200.17.28 as gc._msdcs.phahn.qa.
Looking for DNS entry SRV _gc._tcp.phahn.qa master41.phahn.qa 3268 as _gc._tcp.phahn.qa.
Checking 0 100 3268 master41.phahn.qa. against SRV _gc._tcp.phahn.qa master41.phahn.qa 3268
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.phahn.qa master41.phahn.qa 3268 as _ldap._tcp.gc._msdcs.phahn.qa.
Checking 0 100 3268 master41.phahn.qa. against SRV _ldap._tcp.gc._msdcs.phahn.qa master41.phahn.qa 3268
Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 3268 as _gc._tcp.Default-First-Site-Name._sites.phahn.qa.
Checking 0 100 3268 master41.phahn.qa. against SRV _gc._tcp.Default-First-Site-Name._sites.phahn.qa master41.phahn.qa 3268
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.phahn.qa master41.phahn.qa 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.phahn.qa.
Checking 0 100 3268 master41.phahn.qa. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.phahn.qa master41.phahn.qa 3268
Looking for DNS entry A DomainDnsZones.phahn.qa 10.200.17.28 as DomainDnsZones.phahn.qa.
Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.phahn.qa master41.phahn.qa 389 as _ldap._tcp.DomainDnsZones.phahn.qa.
Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.DomainDnsZones.phahn.qa master41.phahn.qa 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.phahn.qa master41.phahn.qa 389 as _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.phahn.qa.
Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.phahn.qa master41.phahn.qa 389
Looking for DNS entry A ForestDnsZones.phahn.qa 10.200.17.28 as ForestDnsZones.phahn.qa.
Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.phahn.qa master41.phahn.qa 389 as _ldap._tcp.ForestDnsZones.phahn.qa.
Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.ForestDnsZones.phahn.qa master41.phahn.qa 389
Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.phahn.qa master41.phahn.qa 389 as _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.phahn.qa.
Checking 0 100 389 master41.phahn.qa. against SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.phahn.qa master41.phahn.qa 389
No DNS updates needed


Disable *51_samba4/60_dns_register_exclude_interfaces* for now?
Comment 6 Philipp Hahn univentionstaff 2015-12-16 13:59:44 CET 
r66391 | Bug #28829 test: Disable 51_samba4/60_dns_register_exclude_interfaces
 for now

Package: ucs-test
Version: 6.0.28-6.1361.201512161357
Branch: ucs_4.1-0
Scope: errata4.1-0
Comment 7 Stefan Gohmann univentionstaff 2016-10-05 15:51:18 CEST 
It has been fixed in the upstream Samba package:
 https://bugzilla.samba.org/show_bug.cgi?id=9831
First Last Prev Next    This bug is not in your last search results.