Error updating dynamic dns entry dns lookup failed
I responded with "Linux clients can dynamically register in DNS". Since they are securely communicating to Active Directory, SSSD expects to be performing an update to a DNS zone that is configure for Secure only updates.The very KEY item to focus on is the data that is being registered in DNS. In this example, the value 'usmdua8006' is NOT a fully qualified name.If the zone is set to "Nonsecure and Secure" (allowing anonymous updates), every 15 minutes, the DNS record disappears. As seen in the verbose logs, every 15 minutes (the default), If the zone is nonsecure or set to "none " and the record does NOT exist, at step 3, DNS will create the DNS record (A(host) and PTR). **Note – Due to modern DNS client cache, the momentary delete / recreate of the DNS record is not noticed by clients.The DNS server will then discard the authentication token as it is not needed (the record was registered… SSSD will get the expected returned response of a successful authenticated update. They will continue to resolve the LINUX host throughout the process.Solution: Confirm whether the DNS domain name that the client is trying to resolve is the DNS domain name for which its configured DNS servers are authoritative.For example, if the client is attempting to resolve the name host.widgets.tailspintoys.com, verify that the preferred DNS server (or an alternate, if one is being used) that is queried by the client loads the authoritative zone where a host (A) resource record for the failed name should exist.To verify a client IP configuration, use the ipconfig command.In the command output, verify that the client has a valid IP address, subnet mask, and default gateway for the network where it is attached and being used.
Cause: The DNS server that the client is using does not have authority for the failed name and cannot locate the authoritative server for this name.
What is even more confusing is the effect you see if the zone is set to "Nonsecure and Secure". This unexpected response to SSSD will generate an error. Hopefully this explains a number of scenarios and how to set to proper configuration.