Univention Bugzilla – Bug 55612
Check fails for Domains ending in home.arpa.
Last modified: 2024-03-07 13:07:26 CET
With the publication of RFC 8375 [1] the domain name home.arpa. has been registered to be used in residential home networks. Currently, as it seems, nameserver checks will fail in UCS if such a domain is used: ########################## Start 20_check_nameservers ########################## ## Check failed: 20_check_nameservers - Check nameserver entries on DNS zones ## Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/admin/objects.py", line 99, in get obj = univention.admin.modules.lookup(module.module, co, lo, base=dn, superordinate=superordinate, scope='base', unique=True, required=True)[0] File "/usr/lib/python3/dist-packages/univention/admin/modules.py", line 952, in lookup tmpres = module.lookup(co, lo, filter, base=base, superordinate=superordinate, scope=scope, unique=unique, required=required, timeout=timeout, sizelimit=sizelimit) File "/usr/lib/python3/dist-packages/univention/admin/handlers/__init__.py", line 1794, in lookup raise univention.admin.uexceptions.noObject('lookup(base=%r, filter_s=%r)' % (base, filter_s)) univention.admin.uexceptions.noObject: lookup(base='relativeDomainName=master,zoneName=test.home.arpa,cn=dns,dc=test,dc=home,dc=arpa', filter_s=conjunction('&', [expression('objectClass', 'dNSZone', '='), conjunction('!', [expression('relativeDomainName', '@', '=')]), conjunction('!', [expression('zoneName', '*.in-addr.arpa', '=')]), conjunction('!', [expression('zoneName', '*.ip6.arpa', '=')]), conjunction('!', [expression('cNAMERecord', '*', '=')]), conjunction('!', [expression('sRVRecord', '*', '=')]), conjunction('|', [expression('aRecord', '*', '='), expression('aAAARecord', '*', '='), expression('mXRecord', '*', '='), expression('univentionObjectType', 'dns/host_record', '=')]), expression('zoneName', 'test.home.arpa', '=')])) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 280, in execute result = execute(umc_module, **kwargs) File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/20_check_nameservers.py", line 225, in run for (zone, group) in it.groupby(find_all_zone_problems(), lambda error: error.zone): File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/20_check_nameservers.py", line 212, in find_all_zone_problems for error in udm.check_zone(zone): File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/20_check_nameservers.py", line 192, in check_zone record = self.find(nameserver) File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/20_check_nameservers.py", line 177, in find record = udm_objects.get(module, None, self.ldap_connection, self.position, dn, attr=attr, attributes=attr) File "/usr/lib/python3/dist-packages/univention/admin/objects.py", line 106, in get raise univention.admin.uexceptions.wrongObjectType('The object %s is not a %s.' % (dn, module.module,)) univention.admin.uexceptions.wrongObjectType: The object relativeDomainName=master,zoneName=test.home.arpa,cn=dns,dc=test,dc=home,dc=arpa is not a dns/host_record. Univention Support Database - Bind: zone transfer failed (http://sdb.univention.de/1273) ########################### End 20_check_nameservers ########################### The relevant section that affects this behaviour is at: management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/host_record.py:251 not attr.get('zoneName', [b'.arpa'])[0].decode('UTF-8').endswith('.arpa'), [1] https://www.rfc-editor.org/rfc/rfc8375.txt
There's more to add to this. I've installed samba4 and added a backup node to the domain too. Running univention-run-diagnostic-checks gives the following errors: ######################### Start 01_ssh_connection ########################## ## Check failed: 01_ssh_connection - SSH connection to UCS server failed! ## The ssh connection to at least one other UCS server failed. The following list shows the affected remote servers and the reason for the failed ssh connection: backup01.test.home.arpa - [Errno -2] Name or service not known ########################## End 01_ssh_connection ########################### Despite this error message, the host is online and accessible through SSH. ########################## Start 04_saml_certificate_check ########################## ## Check failed: 04_saml_certificate_check - SAML certificate verification failed! ## Traceback (most recent call last): File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/__init__.py", line 277, in execute ret = execute(umc_module, **kwargs) File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py", line 67, in run for problem in test_identity_provider_certificate(): File "/usr/lib/python3/dist-packages/univention/management/console/modules/diagnostic/plugins/04_saml_certificate_check.py", line 146, in test_identity_provider_certificate _name, _aliaslist, addresslist = socket.gethostbyname_ex(sso_fqdn) socket.gaierror: [Errno -2] Name or service not known ########################### End 04_saml_certificate_check ########################### ################## Start 43_connectors4_rejects ################# ## Check failed: 43_connectors4_rejects - S4 Connector rejects ## Found 0 UCS rejects and 2 S4 rejects. See Univention Support Database - How to deal with s4-connector rejects (https://help.univention.com/t/how-to-deal-with-s4-connector-rejects/33) for more information. S4 rejected: S4 DN: DC=primary01,DC=test.home.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=test,DC=home,DC=arpa, UCS DN: not found S4 DN: DC=gc,DC=_msdcs.test.home.arpa,CN=MicrosoftDNS,DC=ForestDnsZones,DC=test,DC=home,DC=arpa, UCS DN: not found ################### End 43_connectors4_rejects ##################
[bug/50385] 6cc72ebf21 fix(udm/dns): IPv4/6 handling doc/errata/staging/univention-directory-manager-modules.yaml | 3 ++- management/univention-directory-manager-modules/debian/changelog | 7 +++++++ .../modules/univention/admin/handlers/dns/alias.py | 3 +-- .../modules/univention/admin/handlers/dns/forward_zone.py | 3 +-- .../modules/univention/admin/handlers/dns/host_record.py | 4 ++-- .../modules/univention/admin/handlers/dns/ns_record.py | 6 ++---- .../modules/univention/admin/handlers/dns/ptr_record.py | 10 +++++----- .../modules/univention/admin/handlers/dns/reverse_zone.py | 2 +- .../modules/univention/admin/handlers/dns/srv_record.py | 3 +-- .../modules/univention/admin/handlers/dns/txt_record.py | 7 ++++--- 10 files changed, 26 insertions(+), 22 deletions(-) Package: univention-directory-manager-modules Version: 15.0.25-16 Branch: ucs_5.0-0 Scope: errata5.0-6
OK: A records alllows ".home.arpa" udm dns/forward_zone create --set zone=test.home.arpa --position "cn=dns,$(ucr get ldap/base)" --set nameserver=localhost udm dns/host_record create --superordinate zoneName="test.home.arpa,cn=dns,$(ucr get ldap/base)" --set name=master --set a=1.2.3.4 No S4-Connector errors. OK: NS records can now be created on both reverse and forward zone OK: TXT records for IPv6 ~OK: advisory (only the first change is mentioned there) ~OK: no new tests
<https://errata.software-univention.de/#/?erratum=5.0x991>