DNS prevent root a record overwrite


I’m working on testing a UCS implementation. I have the following issue(s):

My DC’s are currently at directory1 and directory2 and the domain is sub.example.com

The root a-record for the domain sub.example.com should point to a particular server so I set it in DNS to xxx.xxx.xxx.xxx so if I go to sub.example.com I should go to the website. So in DNS I set the IP address of the domain to xxx. That change takes however every few minutes the directory1 and directory2’s IP are added again to the root records.

So DNS now looks likes
sub.example.com xxx.xxx.xxx.xxx
sub.example.com directory1-ip
sub.example.com directory2-ip

How do I prevent that from happening? I’ve tried changing the registration settings to prevent the LDAP overwrite of DNS records from Samba (setting the sync to write) and use LDAP for DNS, but those settings don’t seem to do anything.

Another (minor) issue would be how do I overwrite the links sent out to users for password change/reset. Currently it sends out a link as follows: directory1.sub.example.com/ucs-
I’ve tried overriding it in the configuration registry to sub.example.com which works) but that configuration option doesn’t seem to be read at all. It still defaults to directory1.sub.example.com


if understand the concepts behind UCS and AD (and [bug]23554[/bug]) correctly, it is a requirement that the A-record of a AD-domain points to the configured DC(s).
I have cross-checked some Windows-based AD and it looks the same there.
This means that you can not point to another system for sub.example.com at least if you want to use the DNS provided by UCS.

Regarding the second problem:
Can you confirm that you changed “umc/self-service/passwordreset/email/webserver_address” and restarted univention-management-console-server to apply these changes?

Best Regard,
Dirk Ahrnke


It seems that is indeed a (weird) design problem with Active Directory, they use SRV records for everything else, thanks for the information, I’ll devise some other solution using the Apache server then.

The second problem, I figured it out by finding out the actual message template it uses to build the mail (which is editable after all), thanks for letting me know, I was indeed editing the wrong links in UCR.