Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-127792

Remove SSSD option ipa_enable_dns_sites

Linking RHIVOS CVEs to...Migration: Automation ...RHELPRIO AssignedTeam ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-8.10, rhel-9.6, rhel-10.0
    • sssd
    • None
    • rhel-idm
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      What were you trying to do that didn't work?

      Option `ipa_enable_dns_sites`, if enabled, doesn't help resolve IPA locations, and can cause the SSSD to go offline since SRV DNS requests like `_location.clienthostname.domain.` will always fail.

      What is the impact of this issue to you?

      Failure to resolve proper IPA locations, defaulting to all server resolution that may lead to longer running requests, eventually even cause SSSD to go offline

      Please provide the package NVR for which the bug is seen:

      sssd-ipa-2.9.6-4.el9_6.2.x86_64
      sssd-ipa-2.10.2-3.el10_0.3.x86_64
      sssd-ipa-2.9.4-5.el8_10.3.x86_64

      How reproducible is this bug?:

      always

      Steps to reproduce

      1. setup sssd with `ipa_enable_dns_sites = true`,
      2. observe SRV DNS requests failing in domain log

      Expected results

      No void SRV requests

      Actual results

              sssd-maint SSSD Maintainers
              rhn-support-asharov Aleksandr Sharov
              Alexey Tikhonov Alexey Tikhonov
              SSSD QE SSSD QE
              Louise McGarry Louise McGarry
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: