Internal DNS server. Failure, when a client a) registers an IP b) deletes that IP c) registers again
Günter Kukkukk
linux at kukkukk.com
Sat Jun 1 16:57:22 MDT 2013
Am Freitag, 31. Mai 2013, 16:40:03 schrieb Günter Kukkukk:
> Am Freitag, 31. Mai 2013, 11:03:46 schrieb Kai Blin:
> > On 2013-05-31 05:04, Günter Kukkukk wrote:
> >
> > Hi Günter,
> >
> > > I've have prepared a very first patch (see attachment), which
> > > addresses this issue.
> > > Please comment whether this is the right approach.
> > > Sure, the DEBUG() statements - beside one - should be removed.
> >
> > Are you seeing the same problem without signing, just to get that whole
> > TSIG mess out of the way?
>
> Yes, it's also seen when nonsecure updates are done:
>
> To allow for both secure and nonsecure updates, i added to smb.conf:
> allow dns updates = true
>
> When the nsupdate '-g' option is _not_ used (nonsecure):
> ------
> nsupdate
>
> > update add mytest.intranet01.hom 3600 A 192.168.200.233
> > send (btw - a simple "return key" can also be used)
> > update delete mytest.intranet01.hom A 192.168.200.233
> > send
> > update add mytest.intranet01.hom 3600 A 192.168.200.233
> > send
>
> update failed: SERVFAIL
>
> ------
> bin/samba-tool dns query linux300 intranet01.hom mytest ALL
> Name=, Records=0, Children=0
> -------
>
> As expected - same error.
>
> > All in all, I guess deleting the record at that point makes sense, so I
> > guess I can answer my own question from that TODO comment.
> >
> > I would love to see a test for that update logic, and then the patch
> > looks good for inclusion.
> >
> > Cheers,
> > Kai
>
> PS. For all which are a bit unsure about the "allow dns updates"
> smb.conf option:
>
> The default is, from ./lib/param/loadparam.c:
> lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "secure only");
>
> Valid settings are, from ./lib/param/param_table.c:
> /* DNS update options. */
> static const struct enum_list enum_dns_update_settings[] = {
> {DNS_UPDATE_OFF, "disabled"},
> {DNS_UPDATE_OFF, "No"},
> {DNS_UPDATE_OFF, "False"},
> {DNS_UPDATE_OFF, "0"},
> {DNS_UPDATE_OFF, "Off"},
> {DNS_UPDATE_ON, "nonsecure and secure"},
> {DNS_UPDATE_ON, "nonsecure"},
> {DNS_UPDATE_ON, "Yes"},
> {DNS_UPDATE_ON, "True"},
> {DNS_UPDATE_ON, "1"},
> {DNS_UPDATE_ON, "On"},
> {DNS_UPDATE_ON, "enabled"},
> {DNS_UPDATE_SIGNED, "secure only"},
> {DNS_UPDATE_SIGNED, "secure"},
> {DNS_UPDATE_SIGNED, "signed"},
> {-1, NULL}
> };
> A note to all users: this unsecure option should only be used during
> testing!
>
> Cheers, Günter
Hi Andrew,
after other work i just came back to my PC and noticed the following
in the IRC backlog from yesterday:
snip----
06/01/13 10:11:54 <kblin> and without Günter's patch, that obviously fails
06/01/13 10:12:30 <abartlet> such is the frustration of patches that come without the tests to prove them...
snip----
Please explain to me "what you mean with that IRC comment", so i can better understand
your personal view of samba development.
I DID NOT SEND a final PATCH.
In that email i just explained my detailed findings so far about a
_serious_ samba bug - and asked FOR COMMENTS regarding my first patch.
That email contained detailed tests - ISC nsupdate and samba-tool.
Unfortunately NOT samba torture tests - but those can also later be added
when the patch has been discussed - as Kai noticed on reply....
You say that you are frustrated - me too.
Cheers, Günter
More information about the samba-technical
mailing list