[cifs-protocol] [EXTERNAL] [MS-DNSP] sticky static dns updates - TrackingID#2106070040005009

Jeff McCashland jeffm at microsoft.com
Tue Jun 29 20:06:55 UTC 2021 

Hi Douglas,

I've been able to confirm that when a static record is added to a dnsNode, new records are added as static. This is done so that when a record is manually marked as static by an admin, refreshes don't over-ride the static state. This is tied to whether aging is turned on or off in the zone, which has been a feature of DNS since WS 2008. You can query the zone's aging property using the "Get-DnsServerZoneAging” powershell cmdlet.

I can also confirm that when a record gets its timestamp refreshed, all of the dynamic records in the dnsNode are refreshed. DNS has always worked this way. 

Best regards,
Jeff McCashland | Senior Escalation Engineer | Microsoft Protocol Open Specifications Team 
Phone: +1 (425) 703-8300 x38300 | Hours: 9am-5pm | Time zone: (UTC-08:00) Pacific Time (US and Canada)
Local country phone number found here: http://support.microsoft.com/globalenglish | Extension 1138300
We value your feedback.  My manager is Natesha Morrison (namorri), +1 (704) 430-4292

-----Original Message-----
From: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> 
Sent: Sunday, June 20, 2021 3:38 PM
To: Jeff McCashland <jeffm at microsoft.com>; Andrew Bartlett <abartlet at samba.org>; cifs-protocol <cifs-protocol at lists.samba.org>
Cc: Jeff McCashland <jeffm at microsoftsupport.com>
Subject: Re: [cifs-protocol] [EXTERNAL] [MS-DNSP] sticky static dns updates - TrackingID#2106070040005009

hi Jeff,

> I've been reviewing the documentation and source code where we perform operations on the dnsNode. I realize now that scavenging/aging is specific to the resource records, while Tombstoning happens to the dnsNode when connected to AD server. From our source code, it appears the only way we track if a record is static is with the 0 timestamp. I've yet to find any static tracking on the dnsNode itself.
> 
> Can you tell me more about what you're working on and the context of this question? How are you applying the information, and what is the bigger problem you're trying to solve?


I am trying to fix Samba bugs related to scavenging and tombstoning, of which there are many.

In my tests against Windows I find what looks like indeterminate behaviour. The DNS, RPC, and LDAP processes all live in their own timelines, just occasionally syncing up.

As you say, being static is a property of the record in AD, not of the node. But it seems that it is a property of the node in the DNS server. 
And a network can end up with one DNS server that thinks a node is in a static state, while another DNS server thinks it is in a dynamic state, with AD having no knowledge of that. An update from a client will have different effects, depending on which server they choose.

Now, from an interoperability point of view, this is fine. It's like undefined behaviour for a C compiler: do whatever you want. My original question focussed on the "does this replicate? if so, how?" partly because that was the state of my confusion then, but partly also because I thought it was the kind of question I was allowed to ask, about protocols not implementations. Now, though, I think I should have asked the more direct
question:

[Sometimes] the DNS server will mark a record created or updated via DNS update as static when a sibling record is [or was] static. Is this an important part of how things work? Should it be documented?

I have related questions, like:

[Sometimes] the DNS server will update the timestamp of sibling records when a record is updated. Is this an important part of how things work? 
Should it be documented?


Douglas

More information about the cifs-protocol mailing list