#893 The full dyndns update message should be logged into debug logs
Closed: Fixed None Opened 10 years ago by jhrozek.

Right now, the dynamic DNS update message is not logged anywhere. I suspect that the reason for not including it were security concerns.

I think the message should be logged, because the logs are readable by root only anyway and moreover the update message only contains the following data:

- hostname of the client
- IP addresses of clients's network interface (either the one the client uses to connect to LDAP or one selected in the sssd config file)
- client DNS zone
- Kerberos realm of the client
- IPA server hostname

Adding the full nsupdate message would help in debugging dyndns issues as it would be possible to use the same message directly with nsupdate from the command line.


Raising priority to "major".

Without this logging, it is nearly impossible to debug issues related to the dynamic update feature.

I would recommend, however, that we should only log this information at debug_level = 5 or higher.

component: SSSD => IPA Provider
priority: minor => major

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.6.0
owner: somebody => jhrozek

Fixed by fe8426e

resolution: => fixed
status: new => closed

Backported to sssd-1-5

70a3931

milestone: SSSD 1.6.0 => SSSD 1.5.9
rhbz: =>

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.5.9

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1935

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata