Univention Bugzilla – Full Text Bug Listing |
Summary: | U@S4.1: Don't add schoolslaves as nameservers for the Forward Lookup Zone | ||
---|---|---|---|
Product: | UCS@school | Reporter: | Sönke Schwardt-Krummrich <schwardt> |
Component: | General | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Sönke Schwardt-Krummrich <schwardt> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, grandjean, schwardt, walkenhorst |
Version: | UCS@school 4.1 | ||
Target Milestone: | UCS@school 4.1 Errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | 39384 | ||
Bug Blocks: |
Description
Sönke Schwardt-Krummrich
2015-12-01 10:37:19 CET
66027: ucs-school-metapackage: remove schoolslaves as nameservers from the forward lookup zone, built in scope ucs-school-4.1 66029: univention-bind: prevent adding dc slave and in ucs@school environment as DNS server 66043: univention-bind.yaml: add build version 10.0.2-2.213.201512020900 1) We should also skip the registration at reverse zones. 2) univention-bind should not check for a UCS@school package name. This produces update problems if e.g. package names are changed in UCS@school. We should introduce a new UCR variable to disable the registration as additional authoritative nameserver. The UCS@school meta-package may set the UCR variables: ucr set dns/nameserver/registration/forward_zone=no \ dns/nameserver/registration/reverse_zone=no and in 05univention-bind.inst the joinscript skips the registration at the corresponding forward/reverse zone. 3) The join scripts of the meta packages (62ucs-school-slave.inst and 62ucs-school-nonedu-slave.inst) should skip the removal of the corresponding dns zone entry if dns/nameserver/registration/(forward|reverse)_zone is empty or set to one of the "true" values. So it is possible to override the default behaviour by forced-setting one/two UCR variables. 4) The join script version of 62ucs-school-slave.inst and 62ucs-school-nonedu-slave.inst has to be bumped, so the removal of the dns zone entry is also performed on updates. 5) From xml changelog: "Domain controller slaves do not configure themselfs as DNS servers anymore" → this is not true. The DC slaves are not registered as authoritative DNS servers for the specific DNS forward/reverse zone. They are still valid DNS resolvers for clients. → REOPEN UCRVs dns/nameserver/registration/forward_zone and dns/nameserver/registration/reverse_zone now allow to disable the automatic registration as additional nameservers. 66343: univention-bind: add UCRVs 66344: ucs-school-metapackage: use UCRVs, also remove reverse zone, bump join script version 66345: univention-bind: update package version in advisory 66346: ucs-school-metapackage: set UCRVs Commit 66362 moves the setting of the UCRVs from the join scripts to the postinsts. A customer already has removed all school slaves from list of authoritative nameservers. The list only contains two non-UCS@school-DC slave at central network. So far, no problems with Windows clients are known in that environment (Join, Logon, GPOs). 1) Slave is no longer added to forward/reverse zone by univention-bind if UCR variables are set to no. 2) Removal of nameserver entry in forward zone was successful. 3) Removal of nameserver entry in reverse zone failed → fixed via r66417 4) xml changelog entry is ok @Daniel: please have a quick review of my last commit. (In reply to Sönke Schwardt-Krummrich from comment #5) > 3) Removal of nameserver entry in reverse zone failed → fixed via r66417 > @Daniel: please have a quick review of my last commit. Code looks fine and runs (thanks or the reversezone-fix). > 3) Removal of nameserver entry in reverse zone failed → fixed via r66417
Ok, also tested the package on my test machine.
→ VERIFIED
UCS@school 4.1 v2 has been released: http://docs.univention.de/release-notes-ucsschool-4.1v2-de.html If this error occurs again, please use "Clone This Bug". |