[Pkg-sssd-devel] Bug#1060162: sssd_ad: Dynamic DNS updates fail with NOTZONE for PTR records if interface has multiple IPv6 adresses
Dirk Heinrichs
dirk.heinrichs at altum.de
Sat Jan 6 16:59:30 GMT 2024
Package: sssd-ad
Version: 2.8.2-4
Severity: normal
Tags: upstream ipv6
X-Debbugs-Cc: dirk.heinrichs at altum.de
If a network interface has multiple IPv6 addresses (here: a public one and one
on the fd00 network), dynamic DNS updates fail with a NOTZONE error when
updating the PTR records, although there's a zone for each of the networks
configured in the DNS (Samba AD) server. The reason is that the commands to
update the records are sent at the same time, like this (according to the log
file):
update delete <reverse IPv4 address>.in-addr.arpa. in PTR
update add <reverse IPv4 address>.in-addr.arpa. 3600 in PTR <hosts FQDN>.
send
update delete <reverse public IPv6 address>.ip6.arpa. in PTR
update add <reverse public IPv6 address>.ip6.arpa. 3600 in PTR <hosts FQDN>.
update delete <reverse private IPv6 address>.ip6.arpa. in PTR
update add <reverse private IPv6 address>.ip6.arpa. 3600 in PTR <hosts FQDN>.
send
which I can also reproduce by copy/pasting the same commands into an nsupdate
session.
The problem can easily be solved by adding another send command, like so:
update delete <reverse IPv4 address>.in-addr.arpa. in PTR
update add <reverse IPv4 address>.in-addr.arpa. 3600 in PTR <hosts FQDN>.
send
update delete <reverse public IPv6 address>.ip6.arpa. in PTR
update add <reverse public IPv6 address>.ip6.arpa. 3600 in PTR <hosts FQDN>.
send
update delete <reverse private IPv6 address>.ip6.arpa. in PTR
update add <reverse private IPv6 address>.ip6.arpa. 3600 in PTR <hosts FQDN>.
send
The problem has been solved upstream already (see
https://github.com/SSSD/sssd/issues/7110) and released with version 2.9.3.
Please backport the fix to 2.8.2 included in Bookworm.
-- System Information:
Debian Release: 12.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-17-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages sssd-ad depends on:
ii libc6 2.36-9+deb12u3
ii libdhash1 0.6.2-1
ii libini-config5 0.6.2-1
ii libldap-2.5-0 2.5.13+dfsg-5
ii libldb2 2:2.6.2+samba4.17.12+dfsg-0+deb12u1
ii libpopt0 1.19+dfsg-1
ii libsasl2-2 2.1.28+dfsg-10
ii libsmbclient 2:4.17.12+dfsg-0+deb12u1
ii libsss-idmap0 2.8.2-4
ii libtalloc2 2.4.0-f2
ii libtevent0 0.14.1-1
ii samba-libs 2:4.17.12+dfsg-0+deb12u1
ii sssd-ad-common 2.8.2-4
ii sssd-common 2.8.2-4
ii sssd-krb5-common 2.8.2-4
sssd-ad recommends no packages.
Versions of packages sssd-ad suggests:
ii adcli 0.9.1-2
-- no debconf information
More information about the Pkg-sssd-devel
mailing list