Internal DNS server. Failure, when a client a) registers an IP b) deletes that IP c) registers again

Günter Kukkukk linux at
Mon Dec 2 17:45:41 MST 2013

Am 01.12.2013 22:21, schrieb Andrew Bartlett:
> On Fri, 2013-05-31 at 05:04 +0200, Günter Kukkukk wrote:
>> I've just started again to work on a DNS failure, which
>> i called myself "the zombie (Records=0, Children=0)" issue.
>> This bug is probably related to bugzilla 9559 and many other
>> user reports to the samba mailing lists.
>> Testcase: Recent git tree
>> Assuming a valid kinit has been done already.
>> ------
>> nsupdate -g
>>> update add mytest.intranet01.hom 3600 A
>>> send
>>> update delete mytest.intranet01.hom A
>>> send
>>> update add mytest.intranet01.hom 3600 A
>>> send
>> ; TSIG error with server: tsig verify failure
>> update failed: SERVFAIL
>> ------ 
>> The TSIG error should be _ignored_ here atm, it is a different issue.
>> Many other clients programs will run the same sequence
>> when updating a record.
>> When we now run
>> samba-tool dns query linux300 intranet01.hom mytest ALL
>>   Name=, Records=0, Children=0
>> This zombie entry _cannot_ be removed by both samba-tool
>> and any dns requests!
>> (But samba-tool can be used to a) assign a new IP record again,
>> and then b) delete it completely)
>> I've talked to some users which see lots of those zombie records!
>> Care must been taken cause e.g.
>>   Name=_msdcs, Records=0, Children=0
>> also contains those zero records.
>> ---------
>> I've have prepared a very first patch (see attachment), which
>> addresses this issue.
>> Please comment whether this is the right approach.
>> Sure, the DEBUG() statements - beside one - should be removed.
>> With the patch applied all works as expected. 
>> Comments welcome. :-)
> Just to loop back on this, it turns out not to be the right approach,
> nor does it match what Windows dos.  This patch creates 100s and 1000s
> of tombstone records in a busy Samba domain, because the records are now
> deleted and re-created regularly.
> It appears the correct approach includes using the dnsTombstoned
> attribute. 
> Andrew Bartlett

Hi Andrew,

sorry, due to other work, i wasn't able to look at samba code for some months - but
that might change now (a bit)...  :-)

AFAIR - when looking at that code those days - i also had some comparative views
on how the DLZ code is doing similar stuff. Don't remember the details, so i might
be wrong here.

Does the "dnsTombstoned" approach also apply to DLZ ?

Cheers, Günter

Have changed all my development environment here completely - so i'm a bit "outdated"
regarding former stuff...

More information about the samba-technical mailing list