Tested in version 2.8.2

SSSD is including IPv6 addresses marked deprecated via dyndns_update, so when a host's prefix changes, both the old and new address are included in the update, causing the DNS server to sometimes distribute the deprecated address, preventing connectivity. I have not tested if it also erroneously includes addresses marked temporary, because all of my domain joined machines currently have this disabled, however I am concerned it may do this as well.

I found the related bug [1991](https://github.com/SSSD/sssd/issues/1991) from a much older version, where even link local addresses were being included. Fortunately that issue is no longer present.

I found the related issue [5662](https://github.com/SSSD/sssd/issues/5662) where because address changes do not result in an interface drop, they do not trigger dyndns_update. This is obviously a different issue, but it also causes IPv6 addressing information in the DC to be inaccurate, it just has eventual consistency.