dhclient does not register hostname to dynamic DNS (AD)

Bug #1088682 reported by Chris J Arges
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
isc-dhcp (Ubuntu)
Fix Released
Medium
Stéphane Graber
Quantal
Fix Released
Medium
Stéphane Graber
Raring
Fix Released
Medium
Stéphane Graber

Bug Description

== Rationale ==
Setting both fqdn.fqdn and host-name isn't quite supported. Various RFCs disagree on exactly what should be allowed and is further complicated by dhclient doing both dhcpv4 and dhcpv6.
This change simply reverts to the pre-12.10 situation.

== Test case ==
1) Update to new isc-dhcp-client
2) Get a new lease on a network using Windows DHCP server
3) Confirm that DNS was updated.

== Regression potential ==
There may be a regression for people expecting fqdn.fqdn to be set on DHCPv6, this should affect a very small part of our users (if any) and our previous fqdn.fqdn value wasn't technically valid anyway (wasn't a fqdn).

--- original bug report ---
This is not working in quantal (4.2.4-1ubuntu10) and raring (4.2.4-3ubuntu1), but is working in precise (4.1.ESV-R4-0ubuntu5).

A patch fixed an issue for bug 991360 where dhclient.conf was amended to include:
send fqdn.fqdn = gethostname();

This causes failures when the client tries to register was some DHCP servers (for example Windows AD DDNS servers).
By commenting out this line and restarting the client, the client can then register with this type of DHCP server.

However, this is needed to ensure dhcpv6 works.

Revision history for this message
Stéphane Graber (stgraber) wrote :

Well, starting with quantal we are using gethostname() as you can see in the default dhclient.conf:

stgraber@castiana:~/Desktop/isc/quantal$ grep gethost isc-dhcp-4.2.4/debian/dhclient.conf
send host-name = gethostname();
send fqdn.fqdn = gethostname();

So, the problem appears to be that Windows gets confused when both fields are set, sadly, not setting fqdn.fqdn will make dhcpv6 fail miserably, so unless there's an easy to have fqdn.fqdn only be set when doing dhcpv6, I still prefer breaking DNS for some Windows DHCP than breaking for 100% of the dhcpv6 implementations.

Revision history for this message
Chris J Arges (arges) wrote :

@stgraber
Ok. Looks like this isn't a regression, but more or less just broken for Windows dhcp. I'll collect some logs and more information here. Hopefully there is a way to get this working for both cases.

description: updated
summary: - possible regression with isc-dhcp-client does not send hostnames in
- DHCPv6 by default
+ dhclient does not register hostname to dynamic DNS (AD)
Changed in isc-dhcp (Ubuntu Quantal):
importance: Undecided → Medium
description: updated
Revision history for this message
Stéphane Graber (stgraber) wrote :

One way to make it work would be to have separate dhclient.conf and dhclient6.conf config files, but that'd need quite a lot of tools and scripts be updated to pick the right one, not to mention increasing our existing dhclient.conf delta with Debian which I've been trying to minimize so far...

Revision history for this message
Stéphane Graber (stgraber) wrote :

Found an interesting bit of RFC:
" In general, a client does not need to send redundant data, and
   therefore clients which send the Client FQDN option in their messages
   MUST NOT also send the Host Name option. Clients which receive both
   the Host Name option and the Client FQDN option from a server SHOULD
   prefer Client FQDN option data."
URL: http://tools.ietf.org/html/draft-ietf-dhc-fqdn-option-13

So it sounds like sending both the hostname and the fqdn is wrong. One idea would be to only send fqdn.fqdn which according to the RFC should work fine as a replacement for hostname and should also be IPv6 compatible.

Looking at the DHCPv6 FQDN RFC, partially qualified domain names are valid in fqdn.fqdn, so that could be a way around our problem.
URL: http://www.ietf.org/rfc/rfc4704.txt

I'll change dhclient.conf with the next upload to only contain fqdn.fqdn but won't push that as an SRU for the time being as I want to make sure we don't break things badly for some other users when dropping the hostname field.

Changed in isc-dhcp (Ubuntu Raring):
assignee: nobody → Stéphane Graber (stgraber)
Changed in isc-dhcp (Ubuntu Quantal):
assignee: nobody → Stéphane Graber (stgraber)
Changed in isc-dhcp (Ubuntu Raring):
status: New → Fix Committed
Revision history for this message
Stéphane Graber (stgraber) wrote :

Gah, so apparently nobody respects the RFCs as usual...

In short, fqdn.fqdn can be partly qualified according to the RFC, but not according to the ISC implementation, so we can't just put the hostname in there.
host-name and fqdn.fqdn can't be set at the same time according to the RFC, though according to the ISC implementation, they can.

So the only way to be RFC and ISC compliant is to avoid setting fqdn.fqdn and only setting host-name, which will possibly cause DHCPv6 not to send the hostname... Only way around then would be the separate config file.

I'm going to go with unsetting fqdn.fqdn for now in the dev release and will look at how much work it'd be to split the config into dhclient.conf and dhclient6.conf. That's after all what we're already doing for dhcpd and will avoid any similar problem in the future.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package isc-dhcp - 4.2.4-4ubuntu1

---------------
isc-dhcp (4.2.4-4ubuntu1) raring; urgency=low

  * Merge from Debian, remaining changes:
    - Apparmor profiles for dhclient and dhcpd.
    - Upstart jobs for isc-dhcp-server, isc-dhcp-server6, isc-dhcp-relay and
      isc-dhcp-relay6. (LP: #944849)
    - Separate default file for isc-dhcp-relay6. (LP: #944849)
    - Apport hook for isc-dhcp-client and isc-dhcp-server.
    - dhclient.conf: Set for IPv6 (dhcp6.*) (LP: #770324)
    - If /etc/ltsp/dhcpd.conf exists, use that instead of /etc/dhcp/dhcpd.conf
    - Drop isc-dhcp-server/new_auth_behavior question from high to medium
    - Create user/group dhcpd (LP: #727837)
    - Create /etc/dhcp/ddns-keys/ for DDNS updates (LP: #341817)
    - Build with extra hardening and use --enable-paranoia to run dhcpd as user
      (LP: #727837)
    - Add IPv6 support to dhclient-script.linux.udeb
    - Wait for /etc/resolv.conf to be writable in dhclient-script.linux.
      (LP: #856984)
    - Sanitize environment in dhclient-script.linux. (LP: #1045986)
    - Don't call 'ip addr flush' as it breaks IPv6 networking. (LP: #1023174)
    - debian/apparmor-profile.dhclient: update to add the new paths used by
      NetworkManager for its conf and leases files; standardized under
      /var/lib/NetworkManager.
    - Remaining Ubuntu patches:
      + dhclient-fix-backoff
      + dhclient-more-debug (LP: #35265)
      + dhclient-safer-timeout (LP: #838968)
      + dhcpd.conf-subnet-examples (LP: #26661)
      + multi-ip-addr-per-if (LP: #717166)
      + onetry_retry_after_initial_success (LP: #974284)
      + revert-next-server
    - Dropped Ubuntu patches:
      + dhclient-onetry-call-clientscript (now in Debian)
  * Fix isc-dhcp-server-ldap not actually containing ldap support.
    Thanks to Christian Hoffmann for tracking down the issue. (LP: #1071928)
  * Don't set fqdn.fqdn in dhclient.conf as that seems to confuse some DHCP
    servers. An alternative would have been to only set fqdn.fqdn and not
    host-name, but that appears to confuse another set of servers.
    For now go with just host-name which is the most common and if becomes a
    big problem for IPv6 (where fqdn.fqdn is apparently required), then we'll
    need to have a separate dhclient6.conf file and change all the calls to
    dhclient -6 to use that file instead. (LP: #1088682)
  * Include patch from RedHat/Fedora to deal with hardware/xen/virtio offload
    of UDP checksums. (LP: #930962)

isc-dhcp (4.2.4-4) unstable; urgency=medium

  * Run exit hooks when "dhclient -1" fails (closes: #486520).
  * Add dhcp6.name-servers and dhcp6.domain-search to the default request
    options in dhclient.conf (closes: #693315).
 -- Stephane Graber <email address hidden> Thu, 17 Jan 2013 17:09:14 -0500

Changed in isc-dhcp (Ubuntu Raring):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in isc-dhcp (Ubuntu Quantal):
status: New → Confirmed
description: updated
Changed in isc-dhcp (Ubuntu Quantal):
status: Confirmed → Triaged
status: Triaged → In Progress
Revision history for this message
Dave Walker (davewalker) wrote : Please test proposed package

Hello Chris, or anyone else affected,

Accepted isc-dhcp into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/isc-dhcp/4.2.4-1ubuntu10.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in isc-dhcp (Ubuntu Quantal):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Michael Gliwinski (mig.hg) wrote :

Hi Dave,

I followed the verification procedure.

Freshly installed ubuntu quantal (server), version of isc-dhcp-client: 4.2.4-1ubuntu10. After getting a lease from Windows DHCP server I confirmed that DNS wasn't updated.

Version of isc-dhcp-client after adding proposed repo and `sudo apt-get install isc-dhcp-client`: 4.2.4-1ubuntu10.2

Restarted the interface (ifdown, ifup) and confirmed that the DNS was correctly updated after getting a lease from the same DHCP server (i.e. `host $HOSTNAME` returns expected result).

Many thanks for the fix!

Revision history for this message
Chris J Arges (arges) wrote :

From Michael's comment, it appears this has been verified.

tags: added: verification-done
removed: verification-needed
Chris J Arges (arges)
tags: added: cts-client-review
Chris J Arges (arges)
tags: removed: cts-client-review
Revision history for this message
Scott Kitterman (kitterman) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package isc-dhcp - 4.2.4-1ubuntu10.2

---------------
isc-dhcp (4.2.4-1ubuntu10.2) quantal-proposed; urgency=low

  * Fix isc-dhcp-server-ldap not actually containing ldap support.
    Thanks to Christian Hoffmann for tracking down the issue. (LP: #1071928)
  * Don't set fqdn.fqdn in dhclient.conf as that seems to confuse some DHCP
    servers. An alternative would have been to only set fqdn.fqdn and not
    host-name, but that appears to confuse another set of servers.
    For now go with just host-name which is the most common and if becomes a
    big problem for IPv6 (where fqdn.fqdn is apparently required), then we'll
    need to have a separate dhclient6.conf file and change all the calls to
    dhclient -6 to use that file instead. (LP: #1088682)
  * Include patch from RedHat/Fedora to deal with hardware/xen/virtio offload
    of UDP checksums. (LP: #930962)
 -- Stephane Graber <email address hidden> Fri, 01 Mar 2013 16:07:49 -0500

Changed in isc-dhcp (Ubuntu Quantal):
status: Fix Committed → Fix Released
Revision history for this message
Carleeto (carleeto) wrote :

Is a fix going to be released for 12.04 LTS too for this issue?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.