58705 – DNS and LDAP Inconsistency after Dynamic DNS Update (DDNS) from Windows Client

Bug 58705 - DNS and LDAP Inconsistency after Dynamic DNS Update (DDNS) from Windows Client

Summary: DNS and LDAP Inconsistency after Dynamic DNS Update (DDNS) from Windows Client

Status:	NEW

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	DNS
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	---
Assignee:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-10-10 17:05 CEST by Mirac Erdemiroglu
Modified:	2025-10-13 14:13 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	5: Will affect all installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.286
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2025081121000094
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Screenshot_1 (31.28 KB, image/png) 2025-10-10 22:25 CEST, Mirac Erdemiroglu	Details
Screenshot_2 (31.50 KB, image/png) 2025-10-10 22:25 CEST, Mirac Erdemiroglu	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mirac Erdemiroglu

2025-10-10 17:05:04 CEST

1. Title
DNS and LDAP Inconsistency after Dynamic DNS Update (DDNS) from Windows Client


2. Summary
When a Windows client joined to a UCS (Univention Corporate Server) domain updates its IP address and performs a Dynamic DNS update (`ipconfig /registerdns` or DDNS via Windows), the system causes inconsistencies between LDAP, Samba DNS, and UMC (Univention Management Console).
The Forward and Reverse DNS entries in UMC become unassigned, leaving blank fields, and the LDAP and Samba DNS data become inconsistent — leading to administrative and operational issues.


3. Environment
Version: 5.0-10 errata1309
Installed: samba4=4.16
Client OS: Windows 10 Pro
Domain: `ucs5schoolhejne.intranet`
Primary DC: `dc0.ucs5schoolhejne.intranet`
Network Configuration:

   * Original IP: `10.200.30.41`
   * New IP: `10.200.30.44`
   * MAC: `52:54:00:0a:15:02`
   * Network: `cn=default,cn=networks,dc=ucs5schoolhejne,dc=intranet`


4. Description of the Problem
* A Windows client (`C-WIN-01`) was joined to the UCS domain using a **static IP** address (`10.200.30.41`).
* In the UMC, the client’s IP address and MAC address were correctly entered, and both Forward Zone and Reverse Zone were properly configured.
* When the client’s IP address changes (e.g., after connecting via docking station or manually setting a new IP address `10.200.30.44`), the client runs `ipconfig /registerdns` or initiates a DDNS update.
* Samba accepts and processes this DDNS update successfully, as indicated in the logs (“`samba_dlz: committed transaction on zone`”).
* As a result:

   * The DNS A record and PTR record in Samba are updated to the new IP (`10.200.30.44`).
   * The LDAP host record and DNS objects are also updated to `10.200.30.44`.
* However, the DHCP host object in LDAP still references the old IP (`10.200.30.41`).
* A duplicate PTR record for both the old and new IP addresses remains in LDAP.
* In UMC, the Forward Zone and Reverse Zone fields for the host object become empty.
* The UDM (Univention Directory Manager) still shows outdated entries, making administration confusing and error-prone.


5. Steps to Reproduce
* Join a Windows client with static IP (e.g., `10.200.30.41`) to the UCS domain.
* Verify that Forward and Reverse DNS zones are properly defined in UMC.
* Change the IP address on the Windows client to a new value (e.g., `10.200.30.44`).
* Execute on Windows:

   ```
   ipconfig /registerdns
   ```

   or trigger a DDNS update automatically.
* Observe DNS updates in `/var/log/daemon.log` and verify via `univention-s4search` and `udm` commands.


6. Expected Behavior
* The DNS and LDAP entries should remain consistent across:

  * Samba DLZ DNS
  * LDAP host record
  * DHCP host object
  * UMC Forward and Reverse zone fields
* Old PTR and A records should be **removed** when a new IP address is registered.
* The UMC should continue showing valid and correctly linked Forward/Reverse DNS entries.


7. Actual Behavior
* Samba updates DNS correctly for the new IP (`10.200.30.44`).
* LDAP host record reflects the new IP.
* The DHCP object still contains the old IP (`10.200.30.41`).
* Duplicate PTR records (`10.200.30.41` and `10.200.30.44`) remain in LDAP.
* UMC loses both Forward and Reverse zone assignments for the host object (fields appear empty).
* UDM searches still return stale and incorrect DNS entries (`10.200.30.41`).
* This results in **data inconsistency** between Samba, LDAP, and UMC.


8. Command Outputs
#### (a) LDAP before DDNS update

```
univention-ldapsearch -LLL cn=C-WIN-01

dn: cn=C-WIN-01,cn=computers,dc=ucs5schoolhejne,dc=intranet
krb5MaxLife: 86400
krb5MaxRenew: 604800
krb5KDCFlags: 126
uidNumber: 2814
sambaSID: S-1-5-21-1150003711-260972013-2878653590-6628
sambaAcctFlags: [W          ]
displayName: C-WIN-01
univentionServerRole: windows_client
aRecord: 10.200.30.41
sn: C-WIN-01
cn: C-WIN-01
associatedDomain: ucs5schoolhejne.intranet
macAddress: 52:54:00:0a:15:02
univentionNetworkLink: cn=default,cn=networks,dc=ucs5schoolhejne,dc=intranet
homeDirectory: /dev/null
loginShell: /bin/false
uid: C-WIN-01$
krb5PrincipalName: host/C-WIN-01.ucs5schoolhejne.intranet@UCS5SCHOOLHEJNE.INTRANET
objectClass: posixAccount
objectClass: univentionWindows
objectClass: univentionHost
objectClass: shadowAccount
objectClass: sambaSamAccount
objectClass: ucsschoolComputer
objectClass: krb5Principal
objectClass: krb5KDCEntry
objectClass: top
objectClass: person
objectClass: univentionObject
ucsschoolRole: win_computer:school:-
univentionObjectType: computers/windows
gidNumber: 1005
sambaPrimaryGroupSID: S-1-5-21-1150003711-260972013-2878653590-11011
univentionOperatingSystem: Windows 10 Pro
univentionOperatingSystemVersion: 10.0 (19045)
sambaNTPassword: 143C2C3C58CC13270C60573A75122691
krb5Key:: MB2hGzAZoAMCARehEgQQFDwsPFjMEycMYFc6dRImkQ==
krb5Key:: MHehKzApoAMCARKhIgQg3gsXBvF6wS1YVwa8a0dtJQr5JBYN+mJAoXMeJIc2yQaiSDBGoAMCAQOhPwQ9VUNTNVNDSE9PTEhFSk5FLklOVFJBTkVUaG9zdGMtd2luLTAxLnVjczVzY2hvb2xoZWpuZS5pbnRyYW5ldA==
krb5Key:: MGehGzAZoAMCARGhEgQQ7ZJBkth6IfwR0g9wptDWjKJIMEagAwIBA6E/BD1VQ1M1U0NIT09MSEVKTkUuSU5UUkFORVRob3N0Yy13aW4tMDEudWNzNXNjaG9vbGhlam5lLmludHJhbmV0
krb5Key:: MF+hEzARoAMCAQOhCgQIHXo6bx9SV7aiSDBGoAMCAQOhPwQ9VUNTNVNDSE9PTEhFSk5FLklOVFJBTkVUaG9zdGMtd2luLTAxLnVjczVzY2hvb2xoZWpuZS5pbnRyYW5ldA==
krb5Key:: MF+hEzARoAMCAQGhCgQIcZTuNLgiRhSiSDBGoAMCAQOhPwQ9VUNTNVNDSE9PTEhFSk5FLklOVFJBTkVUaG9zdGMtd2luLTAxLnVjczVzY2hvb2xoZWpuZS5pbnRyYW5ldA==
krb5KeyVersionNumber: 2
shadowLastChange: 20370
sambaPwdLastSet: 1760017619

dn: cn=C-WIN-01,cn=ucs5schoolhejne.intranet,cn=dhcp,dc=ucs5schoolhejne,dc=intranet
objectClass: univentionObject
objectClass: univentionDhcpHost
objectClass: top
univentionObjectType: dhcp/host
cn: C-WIN-01
dhcpHWAddress: ethernet 52:54:00:0a:15:02
```

#### (b) UDM object before update

```
udm computers/windows list --filter cn=C-WIN-01

cn=C-WIN-01
DN: cn=C-WIN-01,cn=computers,dc=ucs5schoolhejne,dc=intranet
  description: None
  dhcpEntryZone: cn=ucs5schoolhejne.intranet,cn=dhcp,dc=ucs5schoolhejne,dc=intranet 10.200.30.41 52:54:00:0a:15:02
  dnsEntryZoneForward: zoneName=ucs5schoolhejne.intranet,cn=dns,dc=ucs5schoolhejne,dc=intranet 10.200.30.41
  dnsEntryZoneReverse: zoneName=30.200.10.in-addr.arpa,cn=dns,dc=ucs5schoolhejne,dc=intranet 10.200.30.41
  domain: ucs5schoolhejne.intranet
  fqdn: C-WIN-01.ucs5schoolhejne.intranet
  groups: cn=Windows Hosts,cn=groups,dc=ucs5schoolhejne,dc=intranet
  inventory-number: None
  ip: 10.200.30.41
  mac: 52:54:00:0a:15:02
  name: C-WIN-01
  network: cn=default,cn=networks,dc=ucs5schoolhejne,dc=intranet
  networkAccess: 0
  ntCompatibility: None
  operatingSystem: Windows 10 Pro
  operatingSystemVersion: 10.0 (19045)
  password: None
  primaryGroup: cn=Windows Hosts,cn=groups,dc=ucs5schoolhejne,dc=intranet
  sambaRID: 6628
  serial-number: None
  shell: /bin/false
  ucsschoolRole: win_computer:school:-
  unixhome: /dev/null
```

#### (c) Samba DNS zone before update

```
univention-s4search --cross-ncs --show-binary dc=C-WIN-01
# record 1
dn: DC=C-WIN-01,DC=ucs5schoolhejne.intranet,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ucs5schoolhejne,DC=intranet
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20251009204705.0Z
whenChanged: 20251009204705.0Z
uSNCreated: 10855
uSNChanged: 10855
showInAdvancedViewOnly: TRUE
name: C-WIN-01
objectGUID: e828b95e-e7e9-411d-8579-bb11a6002468
dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
        wDataLength              : 0x0004 (4)
        wType                    : DNS_TYPE_A (1)
        version                  : 0x05 (5)
        rank                     : DNS_RANK_ZONE (240)
        flags                    : 0x0000 (0)
        dwSerial                 : 0x00000001 (1)
        dwTtlSeconds             : 0x00000384 (900)
        dwReserved               : 0x00000000 (0)
        dwTimeStamp              : 0x00000000 (0)
        data                     : union dnsRecordData(case 1)
        ipv4                     : 10.200.30.41

objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=ucs5schoolhejne,DC=intranet
dc: C-WIN-01
distinguishedName: DC=C-WIN-01,DC=ucs5schoolhejne.intranet,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ucs5schoolhejne,DC=intranet
```

#### (d) Log entries during DDNS update

```
samba_dlz: committed transaction on zone ucs5schoolhejne.intranet
samba_dlz: committed transaction on zone 30.200.10.in-addr.arpa
```

#### (e) Samba DNS zone after update

```
univention-s4search --cross-ncs --show-binary dc=C-WIN-01
# record 1
dn: DC=C-WIN-01,DC=ucs5schoolhejne.intranet,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ucs5schoolhejne,DC=intranet
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20251009204705.0Z
uSNCreated: 10855
showInAdvancedViewOnly: TRUE
name: C-WIN-01
objectGUID: e828b95e-e7e9-411d-8579-bb11a6002468
objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=ucs5schoolhejne,DC=intranet
dc: C-WIN-01
dNSTombstoned: FALSE
dnsRecord:     NDR: struct dnsp_DnssrvRpcRecord
        wDataLength              : 0x0004 (4)
        wType                    : DNS_TYPE_A (1)
        version                  : 0x05 (5)
        rank                     : DNS_RANK_ZONE (240)
        flags                    : 0x0000 (0)
        dwSerial                 : 0x00000001 (1)
        dwTtlSeconds             : 0x00000384 (900)
        dwReserved               : 0x00000000 (0)
        dwTimeStamp              : 0x00000000 (0)
        data                     : union dnsRecordData(case 1)
        ipv4                     : 10.200.30.44

whenChanged: 20251009212450.0Z
uSNChanged: 10868
distinguishedName: DC=C-WIN-01,DC=ucs5schoolhejne.intranet,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ucs5schoolhejne,DC=intranet
```

#### (f) UDM object after update

```
udm computers/windows list --filter cn=C-WIN-01
cn=C-WIN-01
DN: cn=C-WIN-01,cn=computers,dc=ucs5schoolhejne,dc=intranet
  description: None
  dhcpEntryZone: cn=ucs5schoolhejne.intranet,cn=dhcp,dc=ucs5schoolhejne,dc=intranet 10.200.30.41 52:54:00:0a:15:02
  dnsEntryZoneForward: zoneName=ucs5schoolhejne.intranet,cn=dns,dc=ucs5schoolhejne,dc=intranet 10.200.30.44
  dnsEntryZoneReverse: zoneName=30.200.10.in-addr.arpa,cn=dns,dc=ucs5schoolhejne,dc=intranet 10.200.30.41
  dnsEntryZoneReverse: zoneName=30.200.10.in-addr.arpa,cn=dns,dc=ucs5schoolhejne,dc=intranet 10.200.30.44
  domain: ucs5schoolhejne.intranet
  fqdn: C-WIN-01.ucs5schoolhejne.intranet
  groups: cn=Windows Hosts,cn=groups,dc=ucs5schoolhejne,dc=intranet
  inventory-number: None
  ip: 10.200.30.41
  mac: 52:54:00:0a:15:02
  name: C-WIN-01
  network: cn=default,cn=networks,dc=ucs5schoolhejne,dc=intranet
  networkAccess: 0
  ntCompatibility: None
  operatingSystem: Windows 10 Pro
  operatingSystemVersion: 10.0 (19045)
  password: None
  primaryGroup: cn=Windows Hosts,cn=groups,dc=ucs5schoolhejne,dc=intranet
  sambaRID: 6628
  serial-number: None
  shell: /bin/false
  ucsschoolRole: win_computer:school:-
  unixhome: /dev/null
```

#### (g) Duplicate PTR records

```
udm dns/ptr_record list --filter '(|(relativeDomainName=41)(relativeDomainName=44))'

(|(relativeDomainName=41)(relativeDomainName=44))
DN: relativeDomainName=41,zoneName=30.200.10.in-addr.arpa,cn=dns,dc=ucs5schoolhejne,dc=intranet
  address: 41
  ip: 10.200.30.41
  ptr_record: C-WIN-01.ucs5schoolhejne.intranet.

DN: relativeDomainName=44,zoneName=30.200.10.in-addr.arpa,cn=dns,dc=ucs5schoolhejne,dc=intranet
  address: 44
  ip: 10.200.30.44
  ptr_record: C-WIN-01.ucs5schoolhejne.intranet.
```


9. Impact
* Inconsistent data between Samba, LDAP, and UMC.
* Incorrect reverse DNS lookups (stale PTR records).
* UMC displays empty DNS zone associations, causing confusion and misconfiguration.
* Difficult to maintain accurate host records in large environments.
* Affects DNS reliability and integrity.
* Causes administrative errors in environments with automated IP/DNS management.
* Leads to customer dissatisfaction due to inconsistent UCS object states.


10. Logs
Relevant excerpt from `/var/log/daemon.log`:
```
Oct  9 23:24:39 dc0 named[17025]: samba_dlz: starting transaction on zone ucs5schoolhejne.intranet
Oct  9 23:24:39 dc0 named[17025]: client @0x7fae2c0204e0 10.200.30.44#51394: update 'ucs5schoolhejne.intranet/IN' denied
Oct  9 23:24:39 dc0 named[17025]: samba_dlz: cancelling transaction on zone ucs5schoolhejne.intranet
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: starting transaction on zone ucs5schoolhejne.intranet
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: allowing update of signer=C-WIN-01\$\@UCS5SCHOOLHEJNE.INTRANET name=C-WIN-01.ucs5schoolhejne.intranet tcpaddr=10.200.30.44 type=AAAA key=1196-ms-7.1-5044d.5cc2554c-a5
56-11f0-9175-5254000a1502/160/0
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: allowing update of signer=C-WIN-01\$\@UCS5SCHOOLHEJNE.INTRANET name=C-WIN-01.ucs5schoolhejne.intranet tcpaddr=10.200.30.44 type=A key=1196-ms-7.1-5044d.5cc2554c-a556-
11f0-9175-5254000a1502/160/0
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: allowing update of signer=C-WIN-01\$\@UCS5SCHOOLHEJNE.INTRANET name=C-WIN-01.ucs5schoolhejne.intranet tcpaddr=10.200.30.44 type=A key=1196-ms-7.1-5044d.5cc2554c-a556-
11f0-9175-5254000a1502/160/0
Oct  9 23:24:40 dc0 named[17025]: client @0x7fae2c0204e0 10.200.30.44#51109/key C-WIN-01\$\@UCS5SCHOOLHEJNE.INTRANET: updating zone 'ucs5schoolhejne.intranet/NONE': deleting rrset at 'C-WIN-01.ucs5schoolhejne.in
tranet' AAAA
Oct  9 23:24:40 dc0 named[17025]: client @0x7fae2c0204e0 10.200.30.44#51109/key C-WIN-01\$\@UCS5SCHOOLHEJNE.INTRANET: updating zone 'ucs5schoolhejne.intranet/NONE': deleting rrset at 'C-WIN-01.ucs5schoolhejne.in
tranet' A
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: subtracted rdataset C-WIN-01.ucs5schoolhejne.intranet 'C-WIN-01.ucs5schoolhejne.intranet.#011900#011IN#011A#01110.200.30.41'
Oct  9 23:24:40 dc0 named[17025]: client @0x7fae2c0204e0 10.200.30.44#51109/key C-WIN-01\$\@UCS5SCHOOLHEJNE.INTRANET: updating zone 'ucs5schoolhejne.intranet/NONE': adding an RR at 'C-WIN-01.ucs5schoolhejne.intr
anet' A 10.200.30.44
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: added rdataset C-WIN-01.ucs5schoolhejne.intranet 'C-WIN-01.ucs5schoolhejne.intranet.#0111200#011IN#011A#01110.200.30.44'
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: subtracted rdataset ucs5schoolhejne.intranet 'ucs5schoolhejne.intranet.#01110800#011IN#011SOA#011dc0.ucs5schoolhejne.intranet. root.ucs5schoolhejne.intranet. 229 2880
0 7200 604800 3600'
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: added rdataset ucs5schoolhejne.intranet 'ucs5schoolhejne.intranet.#01110800#011IN#011SOA#011dc0.ucs5schoolhejne.intranet. root.ucs5schoolhejne.intranet. 230 28800 720
0 604800 3600'
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: committed transaction on zone ucs5schoolhejne.intranet
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: starting transaction on zone 30.200.10.in-addr.arpa
Oct  9 23:24:40 dc0 named[17025]: client @0x7fae2c0204e0 10.200.30.44#59208: update '30.200.10.in-addr.arpa/IN' denied
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: cancelling transaction on zone 30.200.10.in-addr.arpa
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: starting transaction on zone 30.200.10.in-addr.arpa
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: allowing update of signer=C-WIN-01\$\@UCS5SCHOOLHEJNE.INTRANET name=44.30.200.10.in-addr.arpa tcpaddr=10.200.30.44 type=PTR key=1196-ms-7.1-5044d.5cc2554c-a556-11f0-9
175-5254000a1502/160/0
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: allowing update of signer=C-WIN-01\$\@UCS5SCHOOLHEJNE.INTRANET name=44.30.200.10.in-addr.arpa tcpaddr=10.200.30.44 type=PTR key=1196-ms-7.1-5044d.5cc2554c-a556-11f0-9
175-5254000a1502/160/0
Oct  9 23:24:40 dc0 named[17025]: client @0x7fae2c0204e0 10.200.30.44#51861/key C-WIN-01\$\@UCS5SCHOOLHEJNE.INTRANET: updating zone '30.200.10.in-addr.arpa/NONE': deleting rrset at '44.30.200.10.in-addr.arpa' PT
R
Oct  9 23:24:40 dc0 named[17025]: client @0x7fae2c0204e0 10.200.30.44#51861/key C-WIN-01\$\@UCS5SCHOOLHEJNE.INTRANET: updating zone '30.200.10.in-addr.arpa/NONE': adding an RR at '44.30.200.10.in-addr.arpa' PTR 
C-WIN-01.ucs5schoolhejne.intranet.
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: added rdataset 44.30.200.10.in-addr.arpa '44.30.200.10.in-addr.arpa.#0111200#011IN#011PTR#011C-WIN-01.ucs5schoolhejne.intranet.'
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: subtracted rdataset 30.200.10.in-addr.arpa '30.200.10.in-addr.arpa.#01110800#011IN#011SOA#011dc0.ucs5schoolhejne.intranet. root.ucs5schoolhejne.intranet. 96 28800 720
0 604800 3600'
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: added rdataset 30.200.10.in-addr.arpa '30.200.10.in-addr.arpa.#01110800#011IN#011SOA#011dc0.ucs5schoolhejne.intranet. root.ucs5schoolhejne.intranet. 97 28800 7200 604
800 3600'
Oct  9 23:24:40 dc0 named[17025]: samba_dlz: committed transaction on zone 30.200.10.in-addr.arpa
Oct  9 23:24:43 dc0 directory_logger: DN=relativeDomainName=44,zoneName=30.200.10.in-addr.arpa,cn=dns,dc=ucs5schoolhejne,dc=intranet#012ID=17100#012Modifier=cn=admin,dc=ucs5schoolhejne,dc=intranet#012Timestamp=0
9.10.2025 21:24:43#012New Hash=c71bb7f3b6eb45a7e91f03b446488c79
Oct  9 23:24:43 dc0 directory_logger: DN=relativeDomainName=C-WIN-01,zoneName=ucs5schoolhejne.intranet,cn=dns,dc=ucs5schoolhejne,dc=intranet#012ID=17101#012Modifier=cn=admin,dc=ucs5schoolhejne,dc=intranet#012Tim
estamp=09.10.2025 21:24:43#012New Hash=b62df54a5c29b2389047e8529559f11e
Oct  9 23:24:43 dc0 directory_logger: DN=zoneName=ucs5schoolhejne.intranet,cn=dns,dc=ucs5schoolhejne,dc=intranet#012ID=17102#012Modifier=cn=admin,dc=ucs5schoolhejne,dc=intranet#012Timestamp=09.10.2025 21:24:43#0
12New Hash=f2028d04ce2bb179e8447be04d7e7040
Oct  9 23:24:43 dc0 directory_logger: DN=zoneName=30.200.10.in-addr.arpa,cn=dns,dc=ucs5schoolhejne,dc=intranet#012ID=17103#012Modifier=cn=admin,dc=ucs5schoolhejne,dc=intranet#012Timestamp=09.10.2025 21:24:43#012
New Hash=aac4886d883def1f7c71a3eb4833fd55
```


11. Recommendation
* Ensure that UMC reflects consistent zone assignments even after Samba updates the DNS zone.
* Implement cleanup logic to remove outdated PTR/A records in LDAP when a DDNS update occurs.
* Validate bidirectional sync integrity between Samba DLZ and LDAP DNS backend.
* Optionally, introduce a verification script to detect and repair inconsistent DNS entries.

Comment 1 Mirac Erdemiroglu

2025-10-10 22:25:16 CEST

Created attachment 11360 [details]
Screenshot_1

Comment 2 Mirac Erdemiroglu

2025-10-10 22:25:32 CEST

Created attachment 11361 [details]
Screenshot_2