服务器 Gind.cn
  1. 服务器 Gind.cn
  3. IPAdynamicDNS只更新AAAAlogging。 我的Alogging在哪里?
Intereting Posts
将SSL证书传输到新服务器 Nginx的redirect循环 没有findhtaccess 在SMTP事务中,Postfix拒绝未知收件人 在Macbook Pro上进行Mac OS X远程安装 Linux:SSD性能调整队列 脚本在超V图像上运行Windows更新 操作系统改变后重build软件RAID1 + LVM(从Ubuntu到CentOS) 尝试将NIC传递给domU导致内核恐慌 我应该使用代理/反向代理吗? 如何调整常规(非LVM)分区的大小? Win2003报告RDPlogin错误:无法打开TCP / IP套接字 XP机器上的Lync安装closuresOffice应用程序 在云中pipe理主机密钥 在隔离的PC上有效地安装完整修补的Windows XP,IE和Office 2007

IPAdynamicDNS只更新AAAAlogging。 我的Alogging在哪里?

我正在build立一个FreeIPA域名。 在我的实验室里有三台虚拟机:域控制器ipadc1 ,和两个客户puppetwordpress (创意,是的,我知道)。 所有三个虚拟机都运行新安装的CentOS 6.4(FreeIPA 3.0.0)。

我已经安装了IPA服务器,创build了一个域,我们将在这里调用example.us ,启用DNS服务和自动DNS更新。

我已经成功将两个虚拟机join了域。 但dynamicDNS更新只能将AAAAlogging放入DNS中。 没有Alogging被插入。

DNS RRs

dyanmic更新和BIND更新策略的DNS区域设置似乎也是正确的。

DNS区域设置

两个客户端虚拟机实际上都有 IPv4地址; puppet有一个静态的IPv4地址, wordpress从DHCP获取它的IPv4地址。 这似乎没有什么差别。 

 # ip as dev eth0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 52:54:00:3c:d5:f5 brd ff:ff:ff:ff:ff:ff inet 172.25.50.227/24 brd 172.25.50.255 scope global eth0 inet6 2001:db8:16:bf:5054:ff:fe3c:d5f5/64 scope global dynamic valid_lft 86180sec preferred_lft 14180sec inet6 fe80::5054:ff:fe3c:d5f5/64 scope link valid_lft forever preferred_lft forever

麻烦其实似乎与sssd,我知道其实是负责推动dynamicDNS更新。 我用debug_level = 9开始debugging,发现在日志中。 这似乎表明,sssd甚至不打算发送Alogging,尽pipe它并没有给我任何迹象表明为什么。 

 (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_update_send] (0x4000): Performing update (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ok_for_dns] (0x0200): Multicast IPv4 address 172.25.50.227 (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ok_for_dns] (0x0200): Link local IPv6 address fe80::5054:ff:fe3c:d5f5 (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_gss_tsig_update_step] (0x1000): Checking if the update is needed (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_get_family_order] (0x1000): Lookup order: ipv6_first (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_is_address] (0x4000): [wordpress.example.us] does not look like an IP address (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve AAAA record of 'wordpress.example.us' in DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [request_watch_destructor] (0x0400): Deleting request watch (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'wordpress.example.us' in DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [request_watch_destructor] (0x0400): Deleting request watch (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_next] (0x0100): No more hosts databases to retry (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_is_address] (0x4000): [wordpress.example.us] does not look like an IP address (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_step] (0x2000): Querying DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'wordpress.example.us' in DNS (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_request_timeout] (0x2000): Scheduling a timeout of 5 seconds (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [schedule_timeout_watcher] (0x2000): Scheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [unschedule_timeout_watcher] (0x4000): Unscheduling DNS timeout watcher (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [request_watch_destructor] (0x0400): Deleting request watch (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [resolv_gethostbyname_next] (0x0100): No more hosts databases to retry (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_gss_tsig_update_check] (0x1000): Address on localhost only: 2001:db8:16:bf:5054:ff:fe3c:d5f5 (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_gss_tsig_update_check] (0x0400): Detected IP addresses change, will perform an update (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [create_nsupdate_message] (0x0200): Creating update message for realm [EXAMPLE.US] and zone [example.us]. (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [create_nsupdate_message] (0x0400): -- Begin nsupdate message -- realm EXAMPLE.US zone example.us. update delete wordpress.example.us. in A send update delete wordpress.example.us. in AAAA send update add wordpress.example.us. 86400 in AAAA 2001:db8:16:bf:5054:ff:fe3c:d5f5 send (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [create_nsupdate_message] (0x0400): -- End nsupdate message -- (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [child_handler_setup] (0x2000): Setting up signal handler up for pid [2144] (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [child_handler_setup] (0x2000): Signal handler set up for pid [2144] (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [write_pipe_handler] (0x0400): All data has been sent! (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_stdin_done] (0x4000): Sending nsupdate data complete (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [child_sig_handler] (0x1000): Waiting for child [2144]. (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [child_sig_handler] (0x0100): child [2144] finished successfully. (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [sss_child_handler] (0x2000): waitpid failed [10]: No child processes (Mon Jul 22 21:50:01 2013) [sssd[be[example.us]]] [ipa_dyndns_update_done] (0x0020): DNS update finished

我的sssd.conf是: 

 [domain/example.us] cache_credentials = True krb5_store_password_if_offline = True ipa_domain = example.us id_provider = ipa auth_provider = ipa access_provider = ipa ipa_hostname = wordpress.example.us chpass_provider = ipa ipa_dyndns_update = True ipa_server = _srv_, ipadc1.example.us ldap_tls_cacert = /etc/ipa/ca.crt [sssd] services = nss, pam, ssh config_file_version = 2 domains = example.us [nss] [pam] [sudo] [autofs] [ssh] [pac]

ipa dnszone-show example.us --all的结果是: 

  dn: idnsname=example.us,cn=dns,dc=example,dc=us Zone name: example.us Authoritative nameserver: ipadc1.example.us. Administrator e-mail address: hostmaster.example.us. SOA serial: 1374982142 SOA refresh: 3600 SOA retry: 900 SOA expire: 1209600 SOA minimum: 3600 BIND update policy: grant EXAMPLE.US krb5-self * A; grant EXAMPLE.US krb5-self * AAAA; grant EXAMPLE.US krb5-self * SSHFP; Active zone: TRUE Dynamic update: TRUE Allow query: any; Allow transfer: none; mxrecord: 0 mail.example.us nsrecord: ipadc1.example.us. objectclass: top, idnsrecord, idnszone txtrecord: v=spf1 a mx -all

虽然这对我来说确实是一个小问题,因为我可以在没有IPv4 DNS更新(很高兴成为100%双栈)的情况下上线,但仍然不知道这里发生了什么。 也许有错误的日志可以揭示这种情况?

(哦,是的,我把它关了又打开了。)

添加完成后 

 ipa_dyndns_iface = eth0

在这个pastebin我看到sssd认识到您的IP作为多播:

"(Tue Jul 9 10:00:01 2013) [sssd[be[example.us]]] [ok_for_dns] (0x0200): Multicast IPv4 address 172.25.50.227"

在一段代码雅各布写在哪里他将testinglooback地址,多播地址等不报告给DNS,你会发现你的错误: 

 if (IN_MULTICAST(ntohl(addr->s_addr))) { DEBUG(SSSDBG_FUNC_DATA, ("Multicast IPv4 address %s\n", straddr)); return false; } else if (inet_netof(*addr) == IN_LOOPBACKNET) { DEBUG(SSSDBG_FUNC_DATA, ("Loopback IPv4 address %s\n", straddr)); return false; } else if ((addr->s_addr & 0xffff0000) == 0xa9fe0000) { /* 169.254.0.0/16 */ DEBUG(SSSDBG_FUNC_DATA, ("Link-local IPv4 address %s\n", straddr)); return false; } else if (addr->s_addr == htonl(INADDR_BROADCAST)) { DEBUG(SSSDBG_FUNC_DATA, ("Broadcast IPv4 address %s\n", straddr)); return false; } } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown address family\n")); return false; } return true;

现在的问题是为什么它被认为是“组播地址”,我不知道。 作为in.h中的in.h你可以看到: 

  "IN_MULTICAST(a)" - tests whether a is a multicast address. and it is in "inet.h/in.h": #define IN_CLASSD(i) (((long)(i) & 0xf0000000) == 0xe0000000) #define IN_MULTICAST(i) IN_CLASSD(i)

那么IP地址如何被评估为组播,我会尝试对它进行调整并寻找。 你也可以问Jacob Hrozek,他写了一段sssd代码。 他通常总是可以在freenode上的#sssd上find,如果你愿意分享你最终的结果,那就太好了。 希望它有一点帮助。

编辑

是的,你的1.9.2版本有一个bug。 你有: 

  if (IN_MULTICAST(addr->s_addr))) {

它应该是: 

  if (IN_MULTICAST(ntohl(addr->s_addr))) {

sssd-ipa(5)页: 

  ipa_dyndns_iface (string) Optional. Applicable only when ipa_dyndns_update is true. Choose the interface whose IP address should be used for dynamic DNS updates. Default: Use the IP address of the IPA LDAP connection

您必须在/etc/sssd/sssd.conf设置ipa_dyndns_iface以匹配IPA服务器的接口,因为默认情况下仅使用IPA服务器的套接字地址: 

 ipa_dyndns_iface = eth0

这应该启用IPv4和IPv6的dynamic更新。

还可以尝试将lookup_family_order设置为非默认值,如ipv6_first作为testing用例,并告知我们是否尝试使用ipv4。