First Last Prev Next    This bug is not in your last search results.
Bug 40497 - UCS 4.1: DNS with LDAP backend doesn't start if zone has incorrect nameserver
UCS 4.1: DNS with LDAP backend doesn't start if zone has incorrect nameserver
Status: RESOLVED DUPLICATE of bug 28363
Product: UCS
Classification: Unclassified
Component: DNS
UCS 4.1
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
:
Depends on: 33707
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-25 15:08 CET by Christina Scheinig
Modified: 2018-04-13 13:32 CEST (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christina Scheinig univentionstaff 2016-01-25 15:08:26 CET 
Also seen at Ticket#2016011321001056 

The customer deleted the UDM object of a UCS DC that includes it's DNS Host entrys ("A-record"). The "nameserver" reference a DC typically has in it's primary DNS Zone was not deleted by default. The "ldapentries" were not replicated to bind anymore, till the nameserver reference is deleted.


Abstract of log:
25.01.16 12:48:41.279  LISTENER    ( INFO    ) : DNS: Zones: ['43.200.10.in-addr.arpa', 'ucs.example.de']
25.01.16 12:48:41.279  LISTENER    ( INFO    ) : DNS: Doing reload
25.01.16 12:48:41.279  LISTENER    ( INFO    ) : DNS: Reloading zone 43.200.10.in-addr.arpa
25.01.16 12:48:41.280  LISTENER    ( INFO    ) : DNS: Reloading zone ucs.example.de
zone refresh queued
zone refresh queued
rndc: 'reload' failed: bad zone
zone reload successful
25.01.16 12:48:42.282  LISTENER    ( WARN    ) : DNS: 25001="rndc -p 55555 reload ucs.example.de" exited with 1
25.01.16 12:48:42.282  LISTENER    ( INFO    ) : postrun handler: udm_extension (prepared=0)


+++ This bug was initially created as a clone of Bug #33707 +++

Reported by a customer, maybe related/duplicate to Bug #28363:

If the "nameserver"-entry of a zone contains a non existing FQDN (in the reported case the customer deleted the UDM object of a UCS DC and it's A-record), the zone transfer fails. Once BIND is stopped (maybe by logrotate) it doesn't start anymore until the wrong entry is removed.

Systems with Samba4 backend are working fine.
Comment 1 Philipp Hahn univentionstaff 2016-01-26 08:37:48 CET 
BIND refuses to load/transfer a broken zone, e.g. a zone which has NS RRs which BIND can't resolve to an A/AAA address.
See <http://sdb.univention.de/content/20/254/en/bind-zone-transfer-failed.html>

It does not work with backend=ldap, as there the frontent-DNS needs to fetch the DNS zone from the backend-DNS-proxy on TCP port 7777, which then is wrong. Because of that all updates stop working until the broken NS RR is removed.

*** This bug has been marked as a duplicate of bug 28363 ***
Comment 2 Christina Scheinig univentionstaff 2016-01-27 09:53:20 CET 
The consequence of this could be no passwordchange or logging on services possible!
First Last Prev Next    This bug is not in your last search results.