#2179 Sssd dyndns update fails for addresses from different networks
Closed: Fixed None Opened 5 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1043826

Description of problem:
Sssd dyndns update of reverse zones fails when "dyndns_iface" points to an
interface with addresses from different networks. This is because nsupdate
refuses to update two diffferent (reverse) zones in one update.

Version-Release number of selected component (if applicable):
sssd-common-1.11.2-10.el7.x86_64
sssd-proxy-1.11.2-10.el7.x86_64
sssd-common-pac-1.11.2-10.el7.x86_64
sssd-client-1.11.2-10.el7.x86_64
sssd-krb5-common-1.11.2-10.el7.x86_64
sssd-ldap-1.11.2-10.el7.x86_64
sssd-ad-1.11.2-10.el7.x86_64
sssd-ipa-1.11.2-10.el7.x86_64
python-sssdconfig-1.11.2-10.el7.noarch
libsss_idmap-1.11.2-10.el7.x86_64
sssd-krb5-1.11.2-10.el7.x86_64
sssd-1.11.2-10.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Set up dynamic DNS update with sssd, specifying a dummy interface with
"dyndns_iface".
2. Add two addresses from different networks to the dummy interface.
3. Restart sssd to induce dynamic DNS update.

Actual results:
A/AAAA records are present in forward zone.
PTR records are NOT present in reverse zones.

Expected results:
A/AAAA records are present in forward zone.
PTR records are present in reverse zones.


Additional info:

The 0xFFF0 debug level domain log shows the following:

---:<---
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [nsupdate_msg_create_common]
(0x0200): Creating update message for realm [EXAMPLE.COM].
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [be_nsupdate_create_ptr_msg]
(0x0400):  -- Begin nsupdate message --
realm EXAMPLE.COM
update add
1.0.2.0.0.0.0.c.f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 3600
in PTR refresh.dyndns.example.com.
update add 1.2.0.192.in-addr.arpa. 3600 in PTR refresh.dyndns.example.com.
send
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [be_nsupdate_create_ptr_msg]
(0x0400):  -- End nsupdate message --
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [child_handler_setup]
(0x2000): Setting up signal handler up for pid [30088]
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [child_handler_setup]
(0x2000): Signal handler set up for pid [30088]
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [write_pipe_handler]
(0x0400): All data has been sent!
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [nsupdate_child_stdin_done]
(0x1000): Sending nsupdate data complete
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [be_nsupdate_args] (0x0200):
nsupdate auth type: GSS-TSIG
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [child_sig_handler]
(0x1000): Waiting for child [30088].
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [child_sig_handler]
(0x0020): child [30088] failed with status [2].
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [nsupdate_child_handler]
(0x0040): Dynamic DNS child failed with status [512]
(Mon Dec 16 20:51:26 2013) [sssd[be[example.com]]] [be_nsupdate_done] (0x0040):
nsupdate child execution failed [1432158228]: Dynamic DNS update failed
--->:---

The same update retried manually produces error message from nsupdate: "update
failed: NOTZONE".

NOTE: The following input to nsupdate WORKS:
---:<---
realm EXAMPLE.COM
update add
1.0.2.0.0.0.0.c.f.f.f.f.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. 3600
in PTR refresh.dyndns.example.com.
send
update add 1.2.0.192.in-addr.arpa. 3600 in PTR refresh.dyndns.example.com.
send
--->:---

Note the "send" command after each "update".

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.13 beta
review: True => 0
selected: =>
testsupdated: => 0

milestone: SSSD 1.13 beta => SSSD 1.12 beta
resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.12 beta

2 years ago

Login to comment on this ticket.

Metadata