UNOFFICIAL A number of DHCP linux workstation hosts in our environment were not updating DNS. Logs in SSSD showed that the Dynamic DNS child was failing with status 256. Further investigation into the logs (with debug turned up past 5) showed that the issue seems to be that SSSD is attempting to update both host and PTR DNS records on the Windows DNS servers for the loopback address (127.0.0.1).
Dyndns Config in /etc/sssd/conf.d/<file>.conf is:
[domain/example.com] Ad_hostname = host.fqdn Dyndns_update = true Dyndns_update_ptr = true Dyndns_ttl = 3600 Dyndns_iface = <adapter name>
have the following in their hosts file:
# /etc/hosts 127.0.0.1 localhost 127.0.0.1 host.fqdn host 198.168.x.x host.fqdn host
Tested workstations are running SSSD 1.16.1 on Ubuntu 18.04.1 LTS.
Removing the second 127.0.0.1 line and reloading SSSD resolved the issue. I understand that having 127.0.0.1 against the FQDN is unusual, but this "feature" is unfortunately required by a vendor product we are using. Is it possible for SSSD dyndns logic to be updated so that it ignores loopback IPs?
This sounds like a bug. We should never update DNS with loopback addresses and I’m sure we at least had checks in place to prevent this. Can you file a ticket, please?
On 3 Aug 2018, at 08:06, Kosseck, Adam MR adam.kosseck@defence.gov.au wrote:
UNOFFICIAL
A number of DHCP linux workstation hosts in our environment were not updating DNS. Logs in SSSD showed that the Dynamic DNS child was failing with status 256. Further investigation into the logs (with debug turned up past 5) showed that the issue seems to be that SSSD is attempting to update both host and PTR DNS records on the Windows DNS servers for the loopback address (127.0.0.1).
Dyndns Config in /etc/sssd/conf.d/<file>.conf is:
[domain/example.com] Ad_hostname = host.fqdn Dyndns_update = true Dyndns_update_ptr = true Dyndns_ttl = 3600 Dyndns_iface = <adapter name>
have the following in their hosts file:
# /etc/hosts 127.0.0.1 localhost 127.0.0.1 host.fqdn host 198.168.x.x host.fqdn host
Tested workstations are running SSSD 1.16.1 on Ubuntu 18.04.1 LTS.
Removing the second 127.0.0.1 line and reloading SSSD resolved the issue. I understand that having 127.0.0.1 against the FQDN is unusual, but this “feature” is unfortunately required by a vendor product we are using. Is it possible for SSSD dyndns logic to be updated so that it ignores loopback IPs? _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/sssd-users@lists.fedorahosted....
sssd-users@lists.fedorahosted.org