First Last Prev Next    This bug is not in your last search results.
Bug 55612 - Check fails for Domains ending in home.arpa.
Check fails for Domains ending in home.arpa.
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: DNS
UCS 5.0
All Linux
: P4 normal (vote)
: UCS 5.0-6-errata
Assigned To: Philipp Hahn
Florian Best
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2023-01-30 14:36 CET by Simon Streit
Modified: 2024-03-07 13:07 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.143
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Simon Streit univentionstaff 2023-01-30 14:36:54 CET 
With the publication of RFC 8375 [1] the domain name home.arpa. has been
registered to be used in residential home networks.  Currently, as it
seems, nameserver checks will fail in UCS if such a domain is used:

########################## Start 20_check_nameservers ##########################
## Check failed: 20_check_nameservers - Check nameserver entries on DNS zones ##
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/admin/objects.py", line 99, in get
    obj = univention.admin.modules.lookup(module.module, co, lo, base=dn, superordinate=superordinate, scope='base', unique=True, required=True)[0]
  File "/usr/lib/python3/dist-packages/univention/admin/modules.py", line 952, in lookup
    tmpres = module.lookup(co, lo, filter, base=base, superordinate=superordinate, scope=scope, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit)
  File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1794, in lookup
    raise univention.admin.uexceptions.noObject('lookup(base=%r, filter_s=%r)' % (base, filter_s))
univention.admin.uexceptions.noObject: lookup(base='relativeDomainName=master,zoneName=test.home.arpa,cn=dns,dc=test,dc=home,dc=arpa', filter_s=conjunction('&', [expression('objectClass', 'dNSZone', '='), conjunction('!', [expression('relativeDomainName', '@', '=')]), conjunction('!', [expression('zoneName', '*.in-addr.arpa', '=')]), conjunction('!', [expression('zoneName', '*.ip6.arpa', '=')]), conjunction('!', [expression('cNAMERecord', '*', '=')]), conjunction('!', [expression('sRVRecord', '*', '=')]), conjunction('|', [expression('aRecord', '*', '='), expression('aAAARecord', '*', '='), expression('mXRecord', '*', '='), expression('univentionObjectType', 'dns/host_record', '=')]), expression('zoneName', 'test.home.arpa', '=')]))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 280, in execute
    result = execute(umc_module, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/20_check_nameservers.py", line 225, in run
    for (zone, group) in it.groupby(find_all_zone_problems(), lambda error: error.zone):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/20_check_nameservers.py", line 212, in find_all_zone_problems
    for error in udm.check_zone(zone):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/20_check_nameservers.py", line 192, in check_zone
    record = self.find(nameserver)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/20_check_nameservers.py", line 177, in find
    record = udm_objects.get(module, None, self.ldap_connection, self.position, dn, attr=attr, attributes=attr)
  File "/usr/lib/python3/dist-packages/univention/admin/objects.py", line 106, in get
    raise univention.admin.uexceptions.wrongObjectType('The object %s is not a %s.' % (dn, module.module,))
univention.admin.uexceptions.wrongObjectType: The object relativeDomainName=master,zoneName=test.home.arpa,cn=dns,dc=test,dc=home,dc=arpa is not a dns/host_record.
Univention Support Database - Bind: zone transfer failed (http://sdb.univention.de/1273)
########################### End 20_check_nameservers ###########################


The relevant section that affects this behaviour is at:

management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/host_record.py:251

                not attr.get('zoneName', [b'.arpa'])[0].decode('UTF-8').endswith('.arpa'),

[1] https://www.rfc-editor.org/rfc/rfc8375.txt
Comment 1 Simon Streit univentionstaff 2023-02-22 21:57:37 CET 
There's more to add to this.  I've installed samba4 and added a backup
node to the domain too.  Running univention-run-diagnostic-checks gives
the following errors:


######################### Start 01_ssh_connection ##########################
## Check failed: 01_ssh_connection - SSH connection to UCS server failed! ##
The ssh connection to at least one other UCS server failed. The following list shows the affected remote servers and the reason for the failed ssh connection:

backup01.test.home.arpa - [Errno -2] Name or service not known
########################## End 01_ssh_connection ###########################


Despite this error message, the host is online and accessible through SSH.


########################## Start 04_saml_certificate_check ##########################
## Check failed: 04_saml_certificate_check - SAML certificate verification failed! ##
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 277, in execute
    ret = execute(umc_module, **kwargs)
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py", line 67, in run
    for problem in test_identity_provider_certificate():
  File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py", line 146, in test_identity_provider_certificate
    _name, _aliaslist, addresslist = socket.gethostbyname_ex(sso_fqdn)
socket.gaierror: [Errno -2] Name or service not known
########################### End 04_saml_certificate_check ###########################

################## Start 43_connectors4_rejects #################
## Check failed: 43_connectors4_rejects - S4 Connector rejects ##
Found 0 UCS rejects and 2 S4 rejects. See Univention Support Database - How to deal with s4-connector rejects (https://help.univention.com/t/how-to-deal-with-s4-connector-rejects/33) for more information.
S4 rejected:
S4 DN: DC=primary01,DC=test.home.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=test,DC=home,DC=arpa, UCS DN: not found
S4 DN: DC=gc,DC=_msdcs.test.home.arpa,CN=MicrosoftDNS,DC=ForestDnsZones,DC=test,DC=home,DC=arpa, UCS DN: not found
################### End 43_connectors4_rejects ##################
Comment 2 Philipp Hahn univentionstaff 2024-03-04 20:04:22 CET 
[bug/50385] 6cc72ebf21 fix(udm/dns): IPv4/6 handling
 doc/errata/staging/univention-directory-manager-modules.yaml                       |  3 ++-
 management/univention-directory-manager-modules/debian/changelog                   |  7 +++++++
 .../modules/univention/admin/handlers/dns/alias.py                                 |  3 +--
 .../modules/univention/admin/handlers/dns/forward_zone.py                          |  3 +--
 .../modules/univention/admin/handlers/dns/host_record.py                           |  4 ++--
 .../modules/univention/admin/handlers/dns/ns_record.py                             |  6 ++----
 .../modules/univention/admin/handlers/dns/ptr_record.py                            | 10 +++++-----
 .../modules/univention/admin/handlers/dns/reverse_zone.py                          |  2 +-
 .../modules/univention/admin/handlers/dns/srv_record.py                            |  3 +--
 .../modules/univention/admin/handlers/dns/txt_record.py                            |  7 ++++---
 10 files changed, 26 insertions(+), 22 deletions(-)

Package: univention-directory-manager-modules
Version: 15.0.25-16
Branch: ucs_5.0-0
Scope: errata5.0-6
Comment 3 Florian Best univentionstaff 2024-03-06 16:54:05 CET 
OK: A records alllows ".home.arpa"
udm dns/forward_zone create --set zone=test.home.arpa --position "cn=dns,$(ucr get ldap/base)" --set nameserver=localhost
udm dns/host_record create  --superordinate zoneName="test.home.arpa,cn=dns,$(ucr get ldap/base)" --set name=master --set a=1.2.3.4
No S4-Connector errors.

OK: NS records can now be created on both reverse and forward zone
OK: TXT records for IPv6

~OK: advisory (only the first change is mentioned there)
~OK: no new tests
First Last Prev Next    This bug is not in your last search results.