Public bug reported: sssd in both xenial and yakkety fails to update the PTR record of the current host on an active directory controller if any update for an A/AAA record returns a non-fatal error, this results in missing (and/or) mismatched Reverse DNS.
This has already been fixed in 1.5.1 (which is present in Zesty and above), as failure to update any of the A/AAA should not affect updating the PTR as well, as not all servers in a given AD cluster may accept an A/AAA record update, especially if it would result in no update being made (NOERROR). See the attached conversation about this issue here: https://pagure.io/SSSD/sssd/issue/3227 for further information. I'll attach a debdiff against the relevant releases shortly, however for now I've attached the original patch which was used to fix the bug in 1.15.1 ### SRU Justification ### [Impact] Currently users find that sssd will not update the reverse (PTR) records of a given host if an AD server returns non-fatal error for an A/AAA update. This causes strange issues to occur where we can end up with hosts with proper functioning forward records but no reverse. I propose we backport the fix from 1.15.1 to both Xenial and Yakkety to resolve the issue so PTR updates get processed (or at least attempted). The patch attached removes the error check that occurs should the return code of the A/AAA nsupdates be non zero, and instead allows the PTR update to occur before checking for errors. This is the same patch taken from the fix for 1.15.1 [Test Case] As per the original bug: Steps to Reproduce: 1. Setup 'nonsecure and secure' zones 2. Start sssd Actual results: A records will get updated but PTR records will fail as sssd does not try to update them. Expected results: Both A and PTR records get updated. [Regression Potential] As this patch is already present in a future release it has been fairly well tested already however back-porting the fix will result in sssd attempting PTR updates whether the A/AAA updates succeeds or not. As per the original bug report where a quick note was made about failed updates; If forward updates fail the result will be inconsistent DNS should the reverse succeed (reverse but no forward), however in that case the admin needs to look into with why the update failed, the code should at least try to record all updates (both A, AAA and PTR) and not just ignore the PTR because the forward update (may or may not have) failed. There is also the possibility that the patch may not resolve the problem completely however as this patch just moves the error handling before the PTR attempt I can see no reason not to backport the patch to the older version for Xenial/Yakkety. ** Affects: sssd (Ubuntu) Importance: Undecided Assignee: Keith Ward (keithward) Status: In Progress ** Tags: patch xenial yakkety ** Patch added: "Patch from Upstream" https://bugs.launchpad.net/bugs/1706284/+attachment/4920917/+files/sssd_update-ptr.patch ** Changed in: sssd (Ubuntu) Status: New => In Progress ** Changed in: sssd (Ubuntu) Assignee: (unassigned) => Keith Ward (keithward) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1706284 Title: sssd fails to Update PTR if any A record update fails. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1706284/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
