[cifs-protocol] [MS-DNSP] All resource records get refreshed - TrackingID#2107280040000875

Wed Jul 28 17:34:00 UTC 2021

[New case and SR ID]

Hi Douglas,

Our DNS team would like to verify the second issue where all RR's get their timestamp updated. 

Could you please collect and upload TTT traces of that scenario along with a concurrent network trace? I have created a File Transfer workspace for exchanging files for this issue (credentials below). 

To collect the traces, first find "PartnerTTDRecorder_x86_x64.zip" available for download from the workspace. Extract the x64 package to any folder on your DNS server. 

Steps:
	1. From an elevated command prompt, execute: tasklist /FI "IMAGENAME eq dns.exe"
	2. Note the PID of the dns.exe process from the output of the above command.
	3. Execute: C:\TTD\TTTracer.exe -attach PID, where PID is the number from above.
	4. Wait for a little window to pop up in top left corner of your screen, titled “dns01.run”
	5. start a network trace on the Server side
	6. Repro the attempted RDP connection
	7. Stop the network trace and save it
	8. Carefully uncheck the checkbox next to “Tracing” in the small “dns01.run” window. Do not close or exit the small window or you may need to reboot. 
The TTTracer.exe process will generate a trace file, then print out the name and location of the file.

To upload the TTT and network traces:
Log in as: 2107280040000875_douglas at dtmxfer.onmicrosoft.com
1-time: 99[+h3O1

Workspace link: https://support.microsoft.com/files?workspace=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ3c2lkIjoiN2NiYzQyNzEtYjlhYS00ODExLThkNGUtZmM0MzhhY2FkMmY0Iiwic3IiOiIyMTA3MjgwMDQwMDAwODc1IiwiYXBwaWQiOiJlNmVlNDNlYi0wZmJjLTQ1NDYtYmM1Mi00YzE2MWZjZGY0YzQiLCJzdiI6InYxIiwicnMiOiJFeHRlcm5hbCIsInd0aWQiOiJkZTMyMWNmNS00MzNlLTRkYTYtYWJlNC1jZjYzNmNlNzdhMTgiLCJpc3MiOiJodHRwczovL2FwaS5kdG1uZWJ1bGEubWljcm9zb2Z0LmNvbSIsImF1ZCI6Imh0dHA6Ly9zbWMiLCJleHAiOjE2MzUyNjgzNTQsIm5iZiI6MTYyNzQ5MjM1NH0.Jb1Eg9kR676wbAYVhL7k_LAWXXMvgcD7vWBn6-GH8Vz2HZoMzlGr8iN6iJAvQfqWlI78_Jn7sLyjkqjvce_WG1Qt_mfTjg7vd5eB0gr3lxR9C27R_LfdKsLQIV16oe0AzbHwQlnpQEpHT7sYCajmPnxlf-NgTwBvDepr89mUENa7-ftCLCGS-YNk_0mWu9lDjbnTzpmgV094amXj-t5hGVilhUscHiF8ZcTTM8HHn1mAVJv54ogFiTATHukps1Hc4Uv3VhD20NUl4k2n-Vu5Qt-5pbkfba33WxcOG60JhGeD7hnc8g06SthuPsQu8H3WOTWhONUp-CWgyYdBT7byJQ&wid=7cbc4271-b9aa-4811-8d4e-fc438acad2f4

Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team 
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback.  My manager is Natesha Morrison (namorri), +1 (704) 430-4292

-----Original Message-----
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> 
Sent: Wednesday, July 7, 2021 8:51 PM
To: Jeff McCashland <jeffm at microsoft.com>; Andrew Bartlett <abartlet at samba.org>; cifs-protocol <cifs-protocol at lists.samba.org>
Cc: Jeff McCashland <jeffm at microsoftsupport.com>
Subject: Re: [cifs-protocol] [EXTERNAL] [MS-DNSP] sticky static dns updates - TrackingID#2106070040005009

Thanks Jeff!

> I've been able to confirm that when a static record is added to a dnsNode, new records are added as static. This is done so that when a record is manually marked as static by an admin, refreshes don't over-ride the static state. This is tied to whether aging is turned on or off in the zone, which has been a feature of DNS since WS 2008. You can query the zone's aging property using the "Get-DnsServerZoneAging” powershell cmdlet.
> 
> I can also confirm that when a record gets its timestamp refreshed, all of the dynamic records in the dnsNode are refreshed. DNS has always worked this way.

This clarification is very helpful.

I have tests that "prove" both of these things both ways, depending on the order with which I manipulate the records with LDAP and DNS. So it is good to know which I should aim for and which I can put down to artefacts of the way my tests interact with the looser coupling of DNS and AD in Windows.

I don't suppose there is any reliable method of putting aged records in Windows DNS for testing? I don't see a public testsuite for MS-DNSP.

Douglas