Internal DNS server. Failure, when a client a) registers an IP b) deletes that IP c) registers again

Günter Kukkukk linux at kukkukk.com
Sat Jun 1 16:57:22 MDT 2013 

Am Freitag, 31. Mai 2013, 16:40:03 schrieb Günter Kukkukk:
> Am Freitag, 31. Mai 2013, 11:03:46 schrieb Kai Blin:
> > On 2013-05-31 05:04, Günter Kukkukk wrote:
> > 
> > Hi Günter,
> > 
> > > I've have prepared a very first patch (see attachment), which
> > > addresses this issue.
> > > Please comment whether this is the right approach.
> > > Sure, the DEBUG() statements - beside one - should be removed.
> > 
> > Are you seeing the same problem without signing, just to get that whole
> > TSIG mess out of the way?
> 
> Yes, it's also seen when nonsecure updates are done:
> 
> To allow for both secure and nonsecure updates, i added to smb.conf:
>    allow dns updates = true
> 
> When the nsupdate '-g' option is _not_ used (nonsecure):
> ------
> nsupdate
> 
> > update add mytest.intranet01.hom 3600 A 192.168.200.233
> > send  (btw - a simple "return key" can also be used)
> > update delete mytest.intranet01.hom A 192.168.200.233
> > send
> > update add mytest.intranet01.hom 3600 A 192.168.200.233
> > send
> 
> update failed: SERVFAIL
> 
> ------
> bin/samba-tool dns query linux300 intranet01.hom mytest ALL
>   Name=, Records=0, Children=0
> -------
> 
> As expected - same error.
> 
> > All in all, I guess deleting the record at that point makes sense, so I
> > guess I can answer my own question from that TODO comment.
> > 
> > I would love to see a test for that update logic, and then the patch
> > looks good for inclusion.
> > 
> > Cheers,
> > Kai
> 
> PS. For all which are a bit unsure about the "allow dns updates"
> smb.conf option:
> 
> The default is, from ./lib/param/loadparam.c:
> lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "secure only");
> 
> Valid settings are, from ./lib/param/param_table.c:
> /* DNS update options. */
> static const struct enum_list enum_dns_update_settings[] = {
> 	{DNS_UPDATE_OFF, "disabled"},
> 	{DNS_UPDATE_OFF, "No"},
> 	{DNS_UPDATE_OFF, "False"},
> 	{DNS_UPDATE_OFF, "0"},
> 	{DNS_UPDATE_OFF, "Off"},
> 	{DNS_UPDATE_ON, "nonsecure and secure"},
> 	{DNS_UPDATE_ON, "nonsecure"},
> 	{DNS_UPDATE_ON, "Yes"},
> 	{DNS_UPDATE_ON, "True"},
> 	{DNS_UPDATE_ON, "1"},
> 	{DNS_UPDATE_ON, "On"},
> 	{DNS_UPDATE_ON, "enabled"},
> 	{DNS_UPDATE_SIGNED, "secure only"},
> 	{DNS_UPDATE_SIGNED, "secure"},
> 	{DNS_UPDATE_SIGNED, "signed"}, 
> 	{-1, NULL}
> };
> A note to all users: this unsecure option should only be used during
> testing!
> 
> Cheers, Günter

Hi Andrew,

after other work i just came back to my PC and noticed the following 
in the IRC backlog from yesterday:
snip----
06/01/13 10:11:54 <kblin> and without Günter's patch, that obviously fails
06/01/13 10:12:30 <abartlet> such is the frustration of patches that come without the tests to prove them...
snip----

Please explain to me "what you mean with that IRC comment", so i can better understand
your personal view of samba development.

I DID NOT SEND a final PATCH.

In that email i just explained my detailed findings so far about a
_serious_ samba bug - and asked FOR COMMENTS regarding my first patch.

That email contained detailed tests - ISC nsupdate and samba-tool.
Unfortunately NOT samba torture tests - but those can also later be added
when the patch has been discussed - as Kai noticed on reply....

You say that you are frustrated - me too.

Cheers, Günter

More information about the samba-technical mailing list