[PATCH] internal DNS server: add missing timestamps on dyn. records and fix adding new dnsRecords

Andrew Bartlett abartlet at samba.org
Tue Mar 4 20:58:28 MST 2014

On Wed, 2014-03-05 at 04:49 +0100, Günter Kukkukk wrote:
> Hello Kai,
> comments inline
> Am 24.02.2014 07:33, schrieb Kai Blin:
> > On 2014-02-22 07:00, Günter Kukkukk wrote:
> > 
> > Hiu Günter,
> > 
> >>>> the missing timestamp on dyn. DNS records should be fixed ASAP - otherwise
> >>>> those records are treated as STATIC DNS entries, which never get scavenged/aged!
> >>>
> >>> You spent some time digging there. Can you add a test that'll pass against the MS AD DNS server for this, so we can make sure not to break it by
> >>> accident?
> >>>
> >>
> >> i think, this time stamp patch is in _no_ way invasive at all - it shouldn't do any harm.
> > 
> > I wasn't afraid that this patch breaks anything, but that's not the point of a test necessarily. As far as I understand, test-driven development at
> > this stage looks like:
> > 
> > 1. find a bug
> > 2. write a test triggering the bug, the test fails
> > 3. fix the bug
> > 4. now the test passes
> > 
> > The main idea is to never run into the same bug again, not to prove that the code written in 3 doesn't break anything.
> > 
> >> All dns tools i used so far put a time stamp on (normal) dyn. dns update records.
> >> There's MS docu around that only "drastic" tools also allow aging of _static_ dns records.
> >>
> >> AFAIK - the internal dns server is the only one not using time stamps:
> >> http://picpaste.com/pics/samba-dns-Skec94fz.1393042765.png
> >>
> >> The samba bind DLZ module does the same for good reasons - but yes - we atm have
> >> no tests around. Which would be a really MAJOR test case to simulate what Microsoft
> >> is doing here.... with scavenging/aging/tombstone handling.
> >> This patch alone can't be simulated at all.
> > 
> > Right, but the "add a dynamic DNS entry, verify it has a >0 TTL" part should be testable, right?
> both patches are in _no_ way related to usual TTL dns lifetime!
> So no _DNS_ test _can_ verify the Microsoft specific internal dwTimeStamp ADS storage.
> (dnsp_DnssrvRpcRecord)
> Sure, after doing some DNS call one could then use LDB queries to verify ADS "dwTimeStamp",
> unfortunately i atm feel not able to add those LDB queries to the dns test module... :-(

I'm sorry you feel that way, because that is exactly what we need.
Searching ldap records from the python DNS test suite should not be
difficult at all, and we have many other test suites using python and
asserting on what is found there that you can use as an example.

As always, I'm very happy to provide guidance and assistance,

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list