#1060162 sssd_ad: Dynamic DNS updates fail with NOTZONE for PTR records if interface has multiple IPv6 adresses

Package:
sssd-ad
Source:
sssd-ad
Description:
System Security Services Daemon -- Active Directory back end
Submitter:
Dirk Heinrichs
Date:
2024-01-06 17:09:06 UTC
Severity:
normal
Tags:
#1060162#5
Date:
2024-01-06 16:59:30 UTC
From:
To:

If a network interface has multiple IPv6 addresses (here: a public one and one
on the fd00 network), dynamic DNS updates fail with a NOTZONE error when
updating the PTR records, although there's a zone for each of the networks
configured in the DNS (Samba AD) server. The reason is that the commands to
update the records are sent at the same time, like this (according to the log
file):

update delete <reverse IPv4 address>.in-addr.arpa. in PTR
update add <reverse IPv4 address>.in-addr.arpa. 3600 in PTR <hosts FQDN>.
send
update delete <reverse public IPv6 address>.ip6.arpa. in PTR
update add <reverse public IPv6 address>.ip6.arpa. 3600 in PTR <hosts FQDN>.
update delete <reverse private IPv6 address>.ip6.arpa. in PTR
update add <reverse private IPv6 address>.ip6.arpa. 3600 in PTR <hosts FQDN>.
send

which I can also reproduce by copy/pasting the same commands into an nsupdate
session.

The problem can easily be solved by adding another send command, like so:

update delete <reverse IPv4 address>.in-addr.arpa. in PTR
update add <reverse IPv4 address>.in-addr.arpa. 3600 in PTR <hosts FQDN>.
send
update delete <reverse public IPv6 address>.ip6.arpa. in PTR
update add <reverse public IPv6 address>.ip6.arpa. 3600 in PTR <hosts FQDN>.
send
update delete <reverse private IPv6 address>.ip6.arpa. in PTR
update add <reverse private IPv6 address>.ip6.arpa. 3600 in PTR <hosts FQDN>.
send

The problem has been solved upstream already (see
https://github.com/SSSD/sssd/issues/7110) and released with version 2.9.3.
Please backport the fix to 2.8.2 included in Bookworm.