[cifs-protocol] [REG:116052414204136] [MS-GSSA] DDNS TSIG MAC calculation vs DNS name compression

Obaid Farooqi obaidf at microsoft.com
Thu Jun 9 00:09:05 UTC 2016

Hi Ralph:
I verified that Windows servers do not compress the name when they are writing TSIG or TKEY records.
I have filed a bug against MS-GSSA to update the document with this info. 

Please let me know if this does not answer your question.

If you have any other questions, please feel free to contact Microsoft.

Obaid Farooqi
Escalation Engineer | Microsoft

Exceeding your expectations is my highest priority.  If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com

-----Original Message-----
From: Ralph Boehme [mailto:slow at samba.org] 
Sent: Wednesday, June 8, 2016 11:16 AM
To: Obaid Farooqi <obaidf at microsoft.com>
Cc: metze at samba.org; Garming Sam <garming at catalyst.net.nz>; cifs-protocol at lists.samba.org; MSSolve Case Email <casemail at microsoft.com>
Subject: Re: [REG:116052414204136] [MS-GSSA] DDNS TSIG MAC calculation vs DNS name compression

Hi Obaid!

On Tue, Jun 07, 2016 at 06:55:44PM +0000, Obaid Farooqi wrote:
> I'll need some traces from you to figure out why the client does not 
> like compression. It is obvious that it does support compression by 
> looking at the network captures.

yes it does support it generally, but it doesn't like it in DNS TKEY/TSIG records. :)

> Please let me know the version of windows client that is exhibiting 
> error scenario with Samba DNS. After I know the Windows version, I'll 
> send you some bits to collect some traces.

Windows 7.

I'm mainly interested in how Windows server behave. Even if newer Windows clients may support name compressed DNS TKEY records and not choke when receiving such a packet, I'd prefer stick to actual Windows DNS server behaviour, that's why I was asking for clarification about actual server behaviour.

In my limited tests with Windows servers (iirc Windows 2008r2), it didn't use name compression in DNS TKEY/TSIG recorsds.

Thanks for you help!

More information about the cifs-protocol mailing list