Bug 41006 – S4-Connector doesn't sync MX / TXT records if A record is set

Bug 41006 - S4-Connector doesn't sync MX / TXT records if A record is set


Summary:	S4-Connector doesn't sync MX / TXT records if A record is set

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-3-errata
Assigned To:	Arvid Requate
QA Contact:	Stefan Gohmann

URL:
Keywords:

Duplicates:	23730 35169 37346 (view as bug list)
Depends on:
Blocks:	42017
	Show dependency tree / graph

Reported:	2016-04-06 07:35 CEST by Florian Best
Modified:	2016-08-18 15:15 CEST (History)
CC List:	8 users (show)

See Also:	37346
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	External feedback
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
sync_mx_and_txt_dns_records.diff (2.27 KB, patch) 2016-07-25 20:30 CEST, Arvid Requate	Details \| Diff
sync_mx_and_txt_dns_records.diff (2.33 KB, patch) 2016-07-26 13:22 CEST, Arvid Requate	Details \| Diff
sync_mx_and_txt_dns_records.diff (9.15 KB, patch) 2016-07-26 18:09 CEST, Arvid Requate	Details \| Diff
sync_mx_and_txt_dns_records.diff (11.15 KB, patch) 2016-07-26 20:34 CEST, Arvid Requate	Details \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Best

2016-04-06 07:35:36 CEST

# dig @localhost foobar.school.local +short A
1.2.3.4
# dig @localhost foobar.school.local +short AAAA
fe80::1c1f:dff:fe62:11ba
# dig @localhost foobar.school.local +short TXT
# dig @localhost foobar.school.local +short MX
# univention-ldapsearch -LLL relativeDomainName=foobar | ldapsearch-wrapper | sort
aAAARecord: fe80:0000:0000:0000:1c1f:0dff:fe62:11ba
aRecord: 1.2.3.4
dn: relativeDomainName=foobar,zoneName=school.local,cn=dns,dc=school,dc=local
dNSTTL: 10800
mXRecord: 1 mxserver
objectClass: dNSZone
objectClass: top
objectClass: univentionObject
relativeDomainName: foobar
tXTRecord: some_text
univentionObjectType: dns/host_record
zoneName: school.local

Comment 1 Philipp Hahn

2016-04-06 09:39:17 CEST

Works with BIND:
# ucr get dns/backend
ldap
# udm dns/host_record create \
 --superordinate "$(udm dns/forward_zone list | sed -ne 's/^DN: //p;T;q')" \
 --set name=foobar \
 --append a=1.2.3.4 \
 --append a=fe80:0000:0000:0000:1c1f:0dff:fe62:11ba \
 --set mx='10 mail.univention.de.' \
 --set txt=some_text
# dig +short @localhost foobar.$(dnsdomainname) any
fe80::1c1f:dff:fe62:11ba
"some_text"
10 mail.univention.de.
1.2.3.4

But not with SAMBA4:
# ucr get dns/backend 
samba4
# dig +short @localhost foobar.$(dnsdomainname) any
1.2.3.4
fe80::1c1f:dff:fe62:11ba

Comment 2 Florian Best

2016-04-06 09:58:05 CEST

Ah yes!

Comment 3 Stephan Hendl 2016-07-25 19:18:42 CEST

Same problem here! Is there a plan to fix it?

Comment 4 Arvid Requate

2016-07-25 20:30:29 CEST

Created attachment 7831 [details]
sync_mx_and_txt_dns_records.diff

The MX and TXT attributes are not synchronized by the S4-Connector currently. The attached patch basically adds this. Please note that I just barely tested it up to this point.

Comment 5 Arvid Requate

2016-07-26 13:22:39 CEST

Created attachment 7833 [details]
sync_mx_and_txt_dns_records.diff

Updated patch to apply to latest errata version.

Comment 6 Nico Stöckigt

2016-07-26 16:13:21 CEST

seems to be a problem here: Ticket#2016071921000357

Comment 7 Florian Best

2016-07-26 16:23:43 CEST

*** Bug 35169 has been marked as a duplicate of this bug. ***

Comment 8 Florian Best

2016-07-26 16:23:47 CEST

*** Bug 23730 has been marked as a duplicate of this bug. ***

Comment 9 Arvid Requate

2016-07-26 18:09:32 CEST

Created attachment 7837 [details]
sync_mx_and_txt_dns_records.diff

Updated patch
 * respect quoting and properly split quoted txt record elements
 * support dns/txt_record objects too

Tested with:
=========================================================
root# samba-tool dns add -UAdministrator%univention \
            "$(hostname).$(dnsdomainname)" "$(dnsdomainname)" \
            txtexample1 TXT '"test1 test2" test3'

root# host -t txt txtexample1
txtexample1.univention.test descriptive text "test1 test2" "test3"

root# samba-tool dns add -UAdministrator%univention \
            "$(hostname).$(dnsdomainname)" "$(dnsdomainname)" \
            txtexample1 TXT 'test4'

root# host -t txt txtexample1
txtexample1.univention.test descriptive text "test1 test2" "test3"
txtexample1.univention.test descriptive text "test4"

root# univention-ldapsearch -xLLL relativedomainname=txtexample1 tXTRecord
dn: relativeDomainName=txtexample1,zoneName=univention.test,cn=dns,dc=univention,d
 c=test
tXTRecord: "test1 test2" "test3"
tXTRecord: "test4"


## And the other way around, with lazy quoting for element "test3":

root# udm dns/txt_record create  \
  --superordinate "$(udm dns/forward_zone list | sed -ne 's/^DN: //p;T;q')" \
  --set name=txtexample2  \
  --append txt='"test1 test2" test3' \
  --append txt='test4'

root# univention-ldapsearch -xLLL relativedomainname=txtexample2 tXTRecord
dn: relativeDomainName=txtexample2,zoneName=univention.test,cn=dns,dc=univenti
 on,dc=test
tXTRecord: "test1 test2" test3
tXTRecord: test4

root# host -t txt txtexample2
txtexample2.univention.test descriptive text "test1 test2" "test3"
txtexample2.univention.test descriptive text "test4"
=========================================================

Comment 10 Arvid Requate

2016-07-26 20:34:08 CEST

Created attachment 7840 [details]
sync_mx_and_txt_dns_records.diff

Updated patch
 * Adjust S4-Connector Samba/AD object creation to include new "rank" flag

The Samba/AD DNS object has a flag "rank" which e.g. flags records as authoritative, see https://msdn.microsoft.com/en-us/library/cc448912.aspx .

Since we currently don't set this properly, the "samba-tool dns" tool ignores dnsRecord attributed created (or modified) by the S4-Connector. E.g.

========================================================================
root@master-42-90:~# samba-tool dns add -U Administrator%univention \
     "$(hostname).$(dnsdomainname)" $(dnsdomainname) \
     txtexample5 TXT '"test1 test2" test3' 
Record added successfully

root# samba-tool dns update -U Administrator%univention \
     "$(hostname).$(dnsdomainname)" "$(dnsdomainname)" \
     txtexample5 TXT '"test1 test2" test3' '"test1 test2" test5'
ERROR: Record does not exist
========================================================================

What? Turns out, the dnsRecord attribute is now flagged as DNS_RANK_NONE
Authoritative records should be flagged as DNS_RANK_ZONE

With this updated patch "samba-tool dns query" also finds the records and "samba-tool dns update" can modify individual values attribute values.

Comment 11 Nico Stöckigt

2016-08-05 14:33:48 CEST

happend here again: Ticket#2016080521000381

Comment 12 Arvid Requate

2016-08-11 12:01:34 CEST

Package rebuilt in errata4.1-3.

univention-s4-connector (10.0.1-19) unstable; urgency=medium

  * Bug #41006: Synchronize TXTRecord
    Additional fixes:
    - Consider MX record in s4_host_record_create too
    - Adjust to updated Samba code: use Samba CNameRecord object
    - Adjust to updated Samba code: set new rank attribute
    - Fix some cut&paste errors in log messages

Advisory: univention-s4-connector.yaml

Comment 13 Florian Best

2016-08-16 15:30:21 CEST

*** Bug 37346 has been marked as a duplicate of this bug. ***

Comment 14 Stefan Gohmann

2016-08-17 09:36:52 CEST

Code review: OK

YAML: OK

ucs-test: OK

Tests: OK, the test cases from Comment 1, Comment 9 and Comment 10 work now.

Comment 15 Janek Walkenhorst

2016-08-18 15:15:31 CEST

<http://errata.software-univention.de/ucs/4.1/236.html>