Internal DNS server. Failure, when a client a) registers an IP b) deletes that IP c) registers again
Günter Kukkukk
linux at kukkukk.com
Fri May 31 08:40:03 MDT 2013
Am Freitag, 31. Mai 2013, 11:03:46 schrieb Kai Blin:
> On 2013-05-31 05:04, Günter Kukkukk wrote:
>
> Hi Günter,
>
> > I've have prepared a very first patch (see attachment), which
> > addresses this issue.
> > Please comment whether this is the right approach.
> > Sure, the DEBUG() statements - beside one - should be removed.
>
> Are you seeing the same problem without signing, just to get that whole
> TSIG mess out of the way?
>
Yes, it's also seen when nonsecure updates are done:
To allow for both secure and nonsecure updates, i added to smb.conf:
allow dns updates = true
When the nsupdate '-g' option is _not_ used (nonsecure):
------
nsupdate
> update add mytest.intranet01.hom 3600 A 192.168.200.233
> send (btw - a simple "return key" can also be used)
> update delete mytest.intranet01.hom A 192.168.200.233
> send
> update add mytest.intranet01.hom 3600 A 192.168.200.233
> send
update failed: SERVFAIL
>
------
bin/samba-tool dns query linux300 intranet01.hom mytest ALL
Name=, Records=0, Children=0
-------
As expected - same error.
> All in all, I guess deleting the record at that point makes sense, so I
> guess I can answer my own question from that TODO comment.
>
> I would love to see a test for that update logic, and then the patch
> looks good for inclusion.
>
> Cheers,
> Kai
PS. For all which are a bit unsure about the "allow dns updates"
smb.conf option:
The default is, from ./lib/param/loadparam.c:
lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "secure only");
Valid settings are, from ./lib/param/param_table.c:
/* DNS update options. */
static const struct enum_list enum_dns_update_settings[] = {
{DNS_UPDATE_OFF, "disabled"},
{DNS_UPDATE_OFF, "No"},
{DNS_UPDATE_OFF, "False"},
{DNS_UPDATE_OFF, "0"},
{DNS_UPDATE_OFF, "Off"},
{DNS_UPDATE_ON, "nonsecure and secure"},
{DNS_UPDATE_ON, "nonsecure"},
{DNS_UPDATE_ON, "Yes"},
{DNS_UPDATE_ON, "True"},
{DNS_UPDATE_ON, "1"},
{DNS_UPDATE_ON, "On"},
{DNS_UPDATE_ON, "enabled"},
{DNS_UPDATE_SIGNED, "secure only"},
{DNS_UPDATE_SIGNED, "secure"},
{DNS_UPDATE_SIGNED, "signed"},
{-1, NULL}
};
A note to all users: this unsecure option should only be used during testing!
Cheers, Günter
More information about the samba-technical
mailing list