Internal DNS server. Failure, when a client a) registers an IP b) deletes that IP c) registers again

Andrew Bartlett abartlet at samba.org
Sun Dec 1 14:21:51 MST 2013 

On Fri, 2013-05-31 at 05:04 +0200, Günter Kukkukk wrote:
> I've just started again to work on a DNS failure, which
> i called myself "the zombie (Records=0, Children=0)" issue.
> 
> This bug is probably related to bugzilla 9559 and many other
> user reports to the samba mailing lists.
> 
> Testcase: Recent git tree
> Assuming a valid kinit has been done already.
> ------
> nsupdate -g
> > update add mytest.intranet01.hom 3600 A 192.168.200.233
> > send
> > update delete mytest.intranet01.hom A 192.168.200.233
> > send
> > update add mytest.intranet01.hom 3600 A 192.168.200.233
> > send
> ; TSIG error with server: tsig verify failure
> update failed: SERVFAIL
> ------ 
> The TSIG error should be _ignored_ here atm, it is a different issue.
> Many other clients programs will run the same sequence
> when updating a record.
> 
> When we now run
> samba-tool dns query linux300 intranet01.hom mytest ALL
>   Name=, Records=0, Children=0
> 
> This zombie entry _cannot_ be removed by both samba-tool
> and any dns requests!
> (But samba-tool can be used to a) assign a new IP record again,
> and then b) delete it completely)
> I've talked to some users which see lots of those zombie records!
> Care must been taken cause e.g.
>   Name=_msdcs, Records=0, Children=0
> also contains those zero records.
> ---------
> 
> I've have prepared a very first patch (see attachment), which
> addresses this issue.
> Please comment whether this is the right approach.
> Sure, the DEBUG() statements - beside one - should be removed.
> 
> With the patch applied all works as expected. 
> 
> Comments welcome. :-)

Just to loop back on this, it turns out not to be the right approach,
nor does it match what Windows dos.  This patch creates 100s and 1000s
of tombstone records in a busy Samba domain, because the records are now
deleted and re-created regularly.

It appears the correct approach includes using the dnsTombstoned
attribute. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list