Description Florian Best 2016-09-14 16:58:08 CEST

Bug #37086 ignored to fix renames which might happen via UDM for Windows DC/Windows/Ubuntu/Linux/UCC/MacOS/Trustaccount/IP Managed Client.

+++ This bug was initially created as a clone of Bug #37086 +++

A joined DC slave object (cn=slave42) has been removed from LDAP (also all referring objects). But at forward and reverse zones the nSRecord attributes do not get updated during removal → the entry "nSRecord: slave42.nstx.local." is not removed.

# nstx.local, dns, nstx.local
dn: zoneName=nstx.local,cn=dns,dc=nstx,dc=local
objectClass: top
objectClass: dNSZone
objectClass: univentionObject
univentionObjectType: dns/forward_zone
dNSTTL: 10800
relativeDomainName: @
zoneName: nstx.local
nSRecord: master40.nstx.local.
nSRecord: slave42.nstx.local.
nSRecord: backup41.nstx.local.
sOARecord: master40.nstx.local. root.nstx.local. 22 28800 7200 604800 10800

Because of this, the DNS server is not able to update its zones, e.g. triggered via listener module:
root@master40:~# rndc -p 55555 reload nstx.local
rndc: 'reload' failed: bad zone

root@master40:~# tail -n3 /var/log/syslog
Nov 27 00:28:36 master40 named[2477]: received control channel command 'reload nstx.local'
Nov 27 00:28:36 master40 named[2477]: zone nstx.local/IN: NS 'slave42.nstx.local' has no address records (A or AAAA)
Nov 27 00:28:36 master40 named[2477]: zone nstx.local/IN: not loaded due to errors.

This has been reproduced on a second system, where only the forward zone was affected. On the first system, 3 orphaned DNS entries were found in the DNS forward AND reverse zones.