[Samba] DNS: Update not allowed for unsigned packet
Aaron C. de Bruyn
aaron at heyaaron.com
Mon Nov 6 18:02:28 UTC 2023
DNS is suddenly not working properly for some machines.
We had a bunch of machines that were joined to the domain, but the computer
name was wrong.
To fix this, we unjoined the machines and deleted the computer accounts out
of Samba (because renames while joined will leave LDAP attributes with the
previous machine name and there will be connectivity problems for some
reason), and we deleted them out of DNS (dnsmgmt.msc) so there were no
mismatched SIDs.
Then we renamed and restarted the machines (All Windows 11 Pro), then we
joined them back to the domain.
Now most of them aren't able to register themselves with DNS (ipconfig
/registerdns):
[2023/11/06 09:55:39.585469, 2]
../../source4/dns_server/dns_update.c:824(dns_server_process_update)
Got a dns update request.
[2023/11/06 09:55:39.585579, 2]
../../source4/dns_server/dns_update.c:781(dns_update_allowed)
Update not allowed for unsigned packet.
[2023/11/06 09:55:39.585965, 2]
../../source4/dns_server/dns_update.c:824(dns_server_process_update)
Got a dns update request.
[2023/11/06 09:55:39.586254, 2]
../../source4/dns_server/dns_update.c:397(handle_one_update)
Looking at record:
[2023/11/06 09:55:39.586268, 1]
../../source4/dns_server/dns_update.c:399(handle_one_update)
discard_const(update): struct dns_res_rec
name : 'USSIF1DOFC07.--redacted--'
rr_type : DNS_QTYPE_AAAA (0x1C)
rr_class : DNS_QCLASS_ANY (0xFF)
ttl : 0x00000000 (0)
length : 0x0000 (0)
rdata : union dns_rdata(case 0x1C)
ipv6_record : (null)
unexpected : DATA_BLOB length=0
[2023/11/06 09:55:39.586693, 2]
../../source4/dns_server/dns_update.c:397(handle_one_update)
Looking at record:
[2023/11/06 09:55:39.586709, 1]
../../source4/dns_server/dns_update.c:399(handle_one_update)
discard_const(update): struct dns_res_rec
name : 'USSIF1DOFC07.--redacted--'
rr_type : DNS_QTYPE_A (0x1)
rr_class : DNS_QCLASS_ANY (0xFF)
ttl : 0x00000000 (0)
length : 0x0000 (0)
rdata : union dns_rdata(case 0x1)
ipv4_record : (null)
unexpected : DATA_BLOB length=0
[2023/11/06 09:55:39.587107, 2]
../../source4/dns_server/dns_update.c:397(handle_one_update)
Looking at record:
[2023/11/06 09:55:39.587130, 1]
../../source4/dns_server/dns_update.c:399(handle_one_update)
discard_const(update): struct dns_res_rec
name : 'USSIF1DOFC07.--redacted--'
rr_type : DNS_QTYPE_A (0x1)
rr_class : DNS_QCLASS_IN (0x1)
ttl : 0x000004b0 (1200)
length : 0x0004 (4)
rdata : union dns_rdata(case 0x1)
ipv4_record : 10.142.14.136
unexpected : DATA_BLOB length=0
[2023/11/06 09:55:39.601377, 2]
../../source4/dns_server/dns_update.c:824(dns_server_process_update)
Got a dns update request.
[2023/11/06 09:55:39.601524, 2]
../../source4/dns_server/dns_update.c:781(dns_update_allowed)
Update not allowed for unsigned packet.
[2023/11/06 09:55:39.603329, 2]
../../source4/dns_server/dns_update.c:824(dns_server_process_update)
Got a dns update request.
[2023/11/06 09:55:39.603610, 2]
../../source4/dns_server/dns_update.c:397(handle_one_update)
Looking at record:
I've been digging around, and all the machines appear to be joined properly
and working fine. They can authenticate, connect to shares, etc... nltest
/sc_query:domain.tld returns success.
Anyone have thoughts on what I might have missed?
Thanks,
-A
More information about the samba
mailing list