General question - here about python/samba/netcmd/dns.py

Amitay Isaacs amitay at gmail.com
Mon Jun 2 01:29:34 MDT 2014 

Hi,

On Sat, May 31, 2014 at 3:26 PM, Günter Kukkukk <linux at kukkukk.com> wrote:

> Hi all,
>
> just a general question, how to proceed when we seem to violate
> some MS documentation - probably here a silly case.
> Here it's about MS claims "...MUST ignore it"
>
> When using
>   samba-tool dns serverinfo w2008r2
> i noticed that the displayed IPv6 addresses were wrong - see below.
>
>
> python/samba/netcmd/dns.py
> .....
> I already fixed
>    - the IPv6 format string ('%x%x:... to '%02x%02x:...')
>    - the IPv6 array offsets from MaxSa[4:20] to MaxSa[8:24]
> but then started wondering about the port-number (2 bytes) being placed at
>    MaxSa[3] <= would be big-endian
> but the Address Family (0x0002 or 0x0017) is placed at
>    MaxSa[0] <= would be small-endian
>
> Note that both "Address Family" and "Port Number" are 16Bit.
>
> Then i looked at the MS specs in [MS-DNSP].pdf (btw - there is
> an updated version from 15th May 2014)
>
> 2.2.3.2.2.1 DNS ADDR
>
> "Port Number (2 bytes): Senders MUST set this to zero, and receivers MUST
> ignore it."
>


Thanks for noticing this.  If MS spec says we MUST set this to zero and
ignore it when we receive it, we must follow that.



>  ------- current fix - but still uses the port number:
> def dns_addr_array_string(array):
>     ret = []
>     if not array:
>         return ret
>     for i in xrange(array.AddrCount):
>         if array.AddrArray[i].MaxSa[0] == 0x02:
>             addr = '%d.%d.%d.%d (%d)' % \
>                 tuple(array.AddrArray[i].MaxSa[4:8] +
> [array.AddrArray[i].MaxSa[3]])
>         elif array.AddrArray[i].MaxSa[0] == 0x17:
>             addr =
> '%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x
> (%d)' % \
>                 tuple(array.AddrArray[i].MaxSa[8:24] +
> [array.AddrArray[i].MaxSa[3]])
>         else:
>             addr = 'UNKNOWN'
>         ret.append(addr)
>     return ret
> ----------------
>

If you have a patch to drop the port from the output, I would be happy to
push it. :-)


>
> samba-tool dns serverinfo w2008r2
>
> w2008r2 with IPv6 format string fixed, but with wrong array indices:
> ------------------
>   pszServerName               : w2008r2.addlz.kukkukk.com
>   pszDsContainer              :
> cn=MicrosoftDNS,cn=System,DC=addlz,DC=kukkukk,DC=com
>   aipServerAddrs              : ['0000:0000:2a02:8109:8f40:11e0:a1a2:fff8
> (53)', '0000:0000:fd4d:bf13:bb76:c903:0000:0000 (53)',
> '0000:0000:fd4d:bf13:bb76:c903:a1a2:fff8 (53)',
> '0000:0000:fe80:0000:0000:0000:a1a2:fff8 (53)', '192.168.200.81 (53)']
>   aipListenAddrs              : []
>   aipForwarders               : ['192.168.200.70 (53)',
> '0000:0000:2a02:8109:8f40:107c:020c:29ff (53)']
>   dwLogLevel                  : 0
>
>  w2008r2 IPv6 output fixed:
>   ----------------
>   pszServerName               : w2008r2.addlz.kukkukk.com
>   pszDsContainer              :
> cn=MicrosoftDNS,cn=System,DC=addlz,DC=kukkukk,DC=com
>   aipServerAddrs              : ['2a02:8109:8f40:11e0:a1a2:fff8:4aa6:3613
> (53)', 'fd4d:bf13:bb76:c903:0000:0000:0000:0051 (53)',
> 'fd4d:bf13:bb76:c903:a1a2:fff8:4aa6:3613 (53)',
> 'fe80:0000:0000:0000:a1a2:fff8:4aa6:3613 (53)', '192.168.200.81 (53)']
>   aipListenAddrs              : []
>   aipForwarders               : ['192.168.200.70 (53)',
> '2a02:8109:8f40:107c:020c:29ff:fe3b:8649 (53)']
>   dwLogLevel                  : 0
>
>   Samba atm only checks for IPv4 interfaces, which also goes wrong - but
> that has to be another fix:
>   --------------
>   pszServerName               : LI4771-131.addlz.kukkukk.com
>   pszDsContainer              :
> CN=MicrosoftDNS,DC=DomainDnsZones,DC=addlz,DC=kukkukk,DC=com
>   aipServerAddrs              : ['255.255.255.255 (53)', '255.255.255.255
> (53)', '255.255.255.255 (53)', '255.255.255.255 (53)']
>   aipListenAddrs              : ['255.255.255.255 (53)', '255.255.255.255
> (53)', '255.255.255.255 (53)', '255.255.255.255 (53)']
>   aipForwarders               : []
>   dwLogLevel                  : 0
> -----------------------
>

Hmm.. This is odd.  I need to check what information is returned from
load_interface_list().  Something is going wrong with extracting IPs.

Currently we don't have anyway to know the actual addresses used by DNS
server in case of DLZ. I think internal DNS binds to all the IPs
configured.  Since we didn't have a consistent way, I returned all the IPs
listed in load_interface_list().   If you have any other suggestion, please
let me know.


>
> see also dnsdata.c ---> ip4_array_to_dns_addr_array()
> and dnsutils.c
> -------------------
>
> So finally now my question:  :-)
> Should we remove all references to this port specification - here in
> python and
> also in the C-Code, where it is set?
>
> Thanks, Günter
>
> ps - sorry for the long post
>

Yes, that part of the code also needs to be fixed to handle IPv6 addresses
correctly.

Amitay.

More information about the samba-technical mailing list