IPA 動態 DNS 僅更新 AAAA 記錄。我的 A 記錄在哪裡?
我正在設置一個 FreeIPA 域。在我的實驗室裡有三個虛擬機:域控制器
ipadc1
和兩個客戶端puppet
和wordpress
(有創意,是的,我知道)。所有三個虛擬機都執行新安裝的 CentOS 6.4 (FreeIPA 3.0.0)。我已經安裝了 IPA 伺服器,創建了一個我們將
example.us
在這裡呼叫的域,並啟用了 DNS 服務和自動 DNS 更新。我已成功將兩個虛擬機加入域。但動態 DNS 更新只是將 AAAA 記錄放入 DNS。沒有插入任何 A 記錄。
我的動態更新和 BIND 更新策略的 DNS 區域設置似乎也是正確的。
兩個客戶端虛擬機實際上都有IPv4 地址;
puppet
具有靜態 IPv4 地址並wordpress
從 DHCP 獲取其 IPv4 地址。這似乎沒有什麼不同。# ip a s dev eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:3c:d5:f5 brd ff:ff:ff:ff:ff:ff inet 172.25.50.227/24 brd 172.25.50.255 scope global eth0 inet6 2001:db8:16:bf:5054:ff:fe3c:d5f5/64 scope global dynamic valid_lft 86180sec preferred_lft 14180sec inet6 fe80::5054:ff:fe3c:d5f5/64 scope link valid_lft forever preferred_lft forever
問題實際上似乎出在 sssd 上,我了解到它實際上負責推送動態 DNS 更新。我開始調試
debug_level = 9
並在日誌中發現了這一點。這似乎表明 sssd 甚至沒有嘗試發送 A 記錄,儘管它並沒有真正告訴我原因。(Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_update_send] (0x4000): Performing update (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ok_for_dns] (0x0200): Multicast IPv4 address 172.25.50.227 (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ok_for_dns] (0x0200): Link local IPv6 address fe80::5054:ff:fe3c:d5f5 (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_gss_tsig_update_step] (0x1000): Checking if the update is needed (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_get_family_order] (0x1000): Lookup order: ipv6_first (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_is_address] (0x4000): [wordpress.example.us] does not look like an IP address (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve AAAA record of 'wordpress.example.us' in DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [request_watch_destructor] (0x0400): Deleting request watch (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'wordpress.example.us' in DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [request_watch_destructor] (0x0400): Deleting request watch (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_next] (0x0100): No more hosts databases to retry (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_is_address] (0x4000): [wordpress.example.us] does not look like an IP address (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'wordpress.example.us' in DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [request_watch_destructor] (0x0400): Deleting request watch (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_next] (0x0100): No more hosts databases to retry (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_gss_tsig_update_check] (0x1000): Address on localhost only: 2001:db8:16:bf:5054:ff:fe3c:d5f5 (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_gss_tsig_update_check] (0x0400): Detected IP addresses change, will perform an update (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [create_nsupdate_message] (0x0200): Creating update message for realm [EXAMPLE.US] and zone [example.us]. (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [create_nsupdate_message] (0x0400): -- Begin nsupdate message -- realm EXAMPLE.US zone example.us. update delete wordpress.example.us. in A send update delete wordpress.example.us. in AAAA send update add wordpress.example.us. 86400 in AAAA 2001:db8:16:bf:5054:ff:fe3c:d5f5 send (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [create_nsupdate_message] (0x0400): -- End nsupdate message -- (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [2144] (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [child_handler_setup] (0x2000): Signal handler set up for pid [2144] (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [write_pipe_handler] (0x0400): All data has been sent! (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_stdin_done] (0x4000): Sending nsupdate data complete (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [child_sig_handler] (0x1000): Waiting for child [2144]. (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [child_sig_handler] (0x0100): child [2144] finished successfully. (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [sss_child_handler] (0x2000): waitpid failed [10]: No child processes (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_update_done] (0x0020): DNS update finished
我
sssd.conf
的是:[domain/example.us] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = example.us id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = wordpress.example.us chpass_provider = ipa ipa_dyndns_update = True ipa_server = _srv_, ipadc1.example.us ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, pam, ssh config_file_version = 2 domains = example.us [nss] [pam] [sudo] [autofs] [ssh] [pac]
結果
ipa dnszone-show example.us --all
是:dn: idnsname=example.us,cn=dns,dc=example,dc=us Zone name: example.us Authoritative nameserver: ipadc1.example.us. Administrator e-mail address: hostmaster.example.us. SOA serial: 1374982142 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant EXAMPLE.US krb5-self * A; grant EXAMPLE.US krb5-self * AAAA; grant EXAMPLE.US krb5-self * SSHFP; Active zone: TRUE Dynamic update: TRUE Allow query: any; Allow transfer: none; mxrecord: 0 mail.example.us nsrecord: ipadc1.example.us. objectclass: top, idnsrecord, idnszone txtrecord: v=spf1 a mx -all
雖然這對我來說確實是一個小問題,因為我可以在沒有 IPv4 DNS 更新的情況下上線(很高興成為 100% 雙棧),但不知道這裡發生了什麼仍然很煩人。也許有一些我錯過的日誌可以說明情況?
(哦,是的,我將其關閉並再次打開。)
添加後
ipa_dyndns_iface = eth0
在那個pastebin中,我看到sssd將您的IP辨識為多播:
"(Tue Jul 9 10:00:01 2013) [sssd[be[example.us]]] [ok_for_dns] (0x0200): Multicast IPv4 address 172.25.50.227"
在 Jacob 寫的一段程式碼中,他將測試回送地址、多播地址等而不向 dns 報告,你會發現你的錯誤:
if (IN_MULTICAST(ntohl(addr->s_addr))) { DEBUG(SSSDBG_FUNC_DATA, ("Multicast IPv4 address %s\n", straddr)); return false; } else if (inet_netof(*addr) == IN_LOOPBACKNET) { DEBUG(SSSDBG_FUNC_DATA, ("Loopback IPv4 address %s\n", straddr)); return false; } else if ((addr->s_addr & 0xffff0000) == 0xa9fe0000) { /* 169.254.0.0/16 */ DEBUG(SSSDBG_FUNC_DATA, ("Link-local IPv4 address %s\n", straddr)); return false; } else if (addr->s_addr == htonl(INADDR_BROADCAST)) { DEBUG(SSSDBG_FUNC_DATA, ("Broadcast IPv4 address %s\n", straddr)); return false; } } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n")); return false; } return true;
現在的問題是為什麼它被辨識為“多播地址”我不知道。正如
in.h
您可以看到的 IN_MULTICAST :"IN_MULTICAST(a)" - tests whether a is a multicast address. and it is in "inet.h/in.h": #define IN_CLASSD(i) (((long)(i) & 0xf0000000) == 0xe0000000) #define IN_MULTICAST(i) IN_CLASSD(i)
那麼該IP地址如何評估為多播,我將嘗試對其進行跟踪並查看。您也可以問 Jacob Hrozek,他編寫了那段 sssd 程式碼。他通常總是在 freenode 上的#sssd 上可用,如果你能分享你最終得到的結果會很棒。希望它有一點幫助。
編輯
是的,您的版本 1.9.2 中有一個錯誤。你有:
if (IN_MULTICAST(addr->s_addr))) {
它應該是:
if (IN_MULTICAST(ntohl(addr->s_addr))) {