On my UCS Master DC I got 2 net interfaces (The first for everything except DHCP, the second for everything AND DHCP)
The problem is that I don’t want the second net interfaces to be list in the DNS (causes error when joining machines from outside the second network)
When I remove the second net interface address from DNS it respawn again, and again, I’ve tried via Web Management, univention-directory-manager console line command
I’m guessing your master is a samba4 ad dc.
If so samba is interfering with your desired dns settings by automatically re-adding the dns entries.
You can try to exclude the second interface by adding it to the ucr variable “samba/register/exclude/interfaces”
(don’t forget to restart samba afterwards by executing “service samba restart”)
If you remove the dns entries they shouldn’t reappear.
samba/register/exclude/interfaces: <your unwanted interface>
This variable defines network interfaces which are ignored by samba (e.g. eth0). Multiple values need to be separated by blanks.
Setting a “whitelist”
[code]samba/interfaces/bindonly:
If this variable is set to ‘yes’, Samba only listens to requests on the network interfaces specified in the variable ‘samba/interfaces’. If the variable is unset, Samba listens on all interfaces.
Categories: service-samba
samba/interfaces:
If the variable ‘samba/interfaces/bindonly’ is set to ‘yes’, Samba only binds to the interfaces listed in this variable. Multiple entries need to be separated by blanks.
Categories: service-samba[/code]
Usage:
[code]# ucr set samba/interfaces=‘lo <some_interface> <some_other_interface>’
ucr set samba/interfaces/bindonly=‘yes’[/code]
I would advice to test this in a testing environment, especially the configuration with samba - bindonly. Restart samba afterwards:
Is there any chance to make this ucr value write/change protected?
After every now and then my change gets rejected and I need to exclude my unwanted interface again.
There’s no mechanism to mark UCR variables read-only.
At my company and a couple of our clients we use system management tools such as SaltStack and Ansible to manage fleets of Linux servers, including Univention servers. I use these tools in order to have certain UCR variables set to certain values; the whole set of rules is applied automatically & regularly. That might be an alternative for your use-case, too.