First Last Prev Next    This bug is not in your last search results.
Bug 53679 - DHCP DNS vs. profile vs. UCR
DHCP DNS vs. profile vs. UCR
Status: NEW
Product: UCS
Classification: Unclassified
Component: DHCP
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on: 44462
Blocks:
  Show dependency treegraph
 
Reported: 2021-08-19 13:08 CEST by Philipp Hahn
Modified: 2023-10-26 12:03 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 6: Setup Problem: Issue for the setup process
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2021-08-19 13:08:22 CEST 
4.4: base/univention-network-manager/etc/dhcp/dhclient-exit-hooks.d/resolvconf
5.0: base/univention-network-manager/etc/dhcp/dhclient-enter-hooks.d/resolvconf

both contain the logic to handle the DNS server provided via DHCP.
The logic basically is:
- if the server is a joined DC, copy to UCRV "dns/forwarder[123]"
- otherwise write it to /etc/resolv.conf - since 5.0 via UCRV "nameserver[123]"

Each time the DHCP release is renewed, the code gets re-executed and does the wrong things, as it only used "/var/univention-join/joined" as an indicator. This flag file is created at the *start*, not when the local BIND is provisioned and *functional*.

This leads to a broken DNS setup in several cases.


- test/utils/utils.sh:basic_setup() copies the AmazonProvidedDNS into both "nameserver[123]" and "dns/forwarder[123]"

- test/utils/utils.sh:run_setup_join_on_non_master() copies the DNS server set in the profile to "nameserver1"

- test/utils/utils.sh:basic_setup_ucs_role() and basic_setup_ucs_joined() set the given DNS server as "nameserver1"

- services/univention-bind/90univention-bind-post.inst calls `/usr/share/univention-server/univention-fix-ucr-dns --force-self` to set "nameserver1"

- U@S requires DNS to use localhost for further provisioning: the U@S packages are installed *before* the school server is joined, so their code is already executed *during* join. The regular code therefore must be able to update the DNS configuration at that point.


We have tried to fix this multiple times by now, but nothing worked so far reliably for all cases:
- using `ucr set --focred` breaks U@S, which expects the configuration to changed during join.

- `nameserver/external` has different semantics between UCS-4 and UCS-5 and must be set to `false`


1. base/univention-network-manager/etc/dhcp/dhclient-{enter,exit}-hooks.d/resolvconf should base its decision on BIND being provisioned and functional instead of /var/univention-join/joined

2. utils/utils.sh sets UCRV nameserver1 in several cases - DHCP should not overwrite this while the join is running
First Last Prev Next    This bug is not in your last search results.