Hi,
I recently changed ipv6 prefix prompting me to create new ipv6 reverse zones: I forgot to mark these as dynamic.
My client has then attempted to update it's DNS names, and all records (forwards and reverse) to the client have disappeared.
In the named log I see:
Nov 23 20:52:57 alina.ipa.example.com named[32215]: client 2001:db8:::2c14:6aa8:6dff:fe4f:3388#53612/key host/franky.ipa.example.com\@IPA.EXAMPLE.COM: updating zone 'ipa.example.com/IN': deleting rrset at 'franky.ipa.example.com' A Nov 23 20:52:57 alina.ipa.example.com named[32215]: client 2001:db8:::2c14:6aa8:6dff:fe4f:3388#38170/key host/franky.ipa.example.com\@IPA.EXAMPLE.COM: updating zone 'ipa.example.com/IN': deleting rrset at 'franky.ipa.example.com' AAAA Nov 23 20:52:58 alina.ipa.example.com named[32215]: PTR record synchronization (deletion) for A/AAAA 'franky.ipa.example.com.' refused: IP address '2001:db8:::2c14:6aa8:6dff:fe4f:3388' belongs to reverse zone '4.1.c.2.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa' and dynamic updates are not allowed for that zone
At the point the reverse zone cannot be updated, the remainder of the transaction is dropped.
Expected Behavior:
If the PTR cannot be updated, the A and AAAA are still inserted, and SSSD raises a warning. This way you still have partitial accessibility to your host.
Actual Behavior:
You lose all your hosts DNS records.
Hello. As far as I can tell this is caused by interaction between bug in bind-dyndb-ldap (see https://fedorahosted.org/bind-dyndb-ldap/ticket/155) and misconfiguration on your side.
The bug was fixed in version 8.0, so any new versions should not be affected. Closing.
In future, please report SSSD bugs to http://fedorahosted.org/sssd/. Also, please be so kind and use {{{ text }}} Trac syntax when pasting logs into the ticket, it will be way more readable (and use preview ;-). Thank you!
{{{ text }}}
Metadata Update from @firstyear: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.