Internal DNS server. Failure, when a client a) registers an IP b) deletes that IP c) registers again
Günter Kukkukk
linux at kukkukk.com
Mon Dec 2 17:45:41 MST 2013
Am 01.12.2013 22:21, schrieb Andrew Bartlett:
> On Fri, 2013-05-31 at 05:04 +0200, Günter Kukkukk wrote:
>> I've just started again to work on a DNS failure, which
>> i called myself "the zombie (Records=0, Children=0)" issue.
>>
>> This bug is probably related to bugzilla 9559 and many other
>> user reports to the samba mailing lists.
>>
>> Testcase: Recent git tree
>> Assuming a valid kinit has been done already.
>> ------
>> nsupdate -g
>>> update add mytest.intranet01.hom 3600 A 192.168.200.233
>>> send
>>> update delete mytest.intranet01.hom A 192.168.200.233
>>> send
>>> update add mytest.intranet01.hom 3600 A 192.168.200.233
>>> send
>> ; TSIG error with server: tsig verify failure
>> update failed: SERVFAIL
>> ------
>> The TSIG error should be _ignored_ here atm, it is a different issue.
>> Many other clients programs will run the same sequence
>> when updating a record.
>>
>> When we now run
>> samba-tool dns query linux300 intranet01.hom mytest ALL
>> Name=, Records=0, Children=0
>>
>> This zombie entry _cannot_ be removed by both samba-tool
>> and any dns requests!
>> (But samba-tool can be used to a) assign a new IP record again,
>> and then b) delete it completely)
>> I've talked to some users which see lots of those zombie records!
>> Care must been taken cause e.g.
>> Name=_msdcs, Records=0, Children=0
>> also contains those zero records.
>> ---------
>>
>> I've have prepared a very first patch (see attachment), which
>> addresses this issue.
>> Please comment whether this is the right approach.
>> Sure, the DEBUG() statements - beside one - should be removed.
>>
>> With the patch applied all works as expected.
>>
>> Comments welcome. :-)
>
> Just to loop back on this, it turns out not to be the right approach,
> nor does it match what Windows dos. This patch creates 100s and 1000s
> of tombstone records in a busy Samba domain, because the records are now
> deleted and re-created regularly.
>
> It appears the correct approach includes using the dnsTombstoned
> attribute.
>
> Andrew Bartlett
>
Hi Andrew,
sorry, due to other work, i wasn't able to look at samba code for some months - but
that might change now (a bit)... :-)
AFAIR - when looking at that code those days - i also had some comparative views
on how the DLZ code is doing similar stuff. Don't remember the details, so i might
be wrong here.
Does the "dnsTombstoned" approach also apply to DLZ ?
Cheers, Günter
Have changed all my development environment here completely - so i'm a bit "outdated"
regarding former stuff...
More information about the samba-technical
mailing list