Internal DNS server. Failure, when a client a) registers an IP b) deletes that IP c) registers again

Günter Kukkukk linux at kukkukk.com
Fri May 31 08:40:03 MDT 2013 

Am Freitag, 31. Mai 2013, 11:03:46 schrieb Kai Blin:
> On 2013-05-31 05:04, Günter Kukkukk wrote:
> 
> Hi Günter,
> 
> > I've have prepared a very first patch (see attachment), which
> > addresses this issue.
> > Please comment whether this is the right approach.
> > Sure, the DEBUG() statements - beside one - should be removed.
> 
> Are you seeing the same problem without signing, just to get that whole
> TSIG mess out of the way?
> 
Yes, it's also seen when nonsecure updates are done:

To allow for both secure and nonsecure updates, i added to smb.conf:
   allow dns updates = true

When the nsupdate '-g' option is _not_ used (nonsecure):
------
nsupdate
> update add mytest.intranet01.hom 3600 A 192.168.200.233
> send  (btw - a simple "return key" can also be used)
> update delete mytest.intranet01.hom A 192.168.200.233
> send
> update add mytest.intranet01.hom 3600 A 192.168.200.233
> send
update failed: SERVFAIL
> 
------
bin/samba-tool dns query linux300 intranet01.hom mytest ALL
  Name=, Records=0, Children=0
-------

As expected - same error.

> All in all, I guess deleting the record at that point makes sense, so I
> guess I can answer my own question from that TODO comment.
> 
> I would love to see a test for that update logic, and then the patch
> looks good for inclusion.
> 
> Cheers,
> Kai

PS. For all which are a bit unsure about the "allow dns updates"
smb.conf option:

The default is, from ./lib/param/loadparam.c:
lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "secure only");

Valid settings are, from ./lib/param/param_table.c:
/* DNS update options. */
static const struct enum_list enum_dns_update_settings[] = {
	{DNS_UPDATE_OFF, "disabled"},
	{DNS_UPDATE_OFF, "No"},
	{DNS_UPDATE_OFF, "False"},
	{DNS_UPDATE_OFF, "0"},
	{DNS_UPDATE_OFF, "Off"},
	{DNS_UPDATE_ON, "nonsecure and secure"},
	{DNS_UPDATE_ON, "nonsecure"},
	{DNS_UPDATE_ON, "Yes"},
	{DNS_UPDATE_ON, "True"},
	{DNS_UPDATE_ON, "1"},
	{DNS_UPDATE_ON, "On"},
	{DNS_UPDATE_ON, "enabled"},
	{DNS_UPDATE_SIGNED, "secure only"},
	{DNS_UPDATE_SIGNED, "secure"},
	{DNS_UPDATE_SIGNED, "signed"},
	{-1, NULL}
};
A note to all users: this unsecure option should only be used during testing!

Cheers, Günter

More information about the samba-technical mailing list