DNS updates using nsupdate are not working!

Andreas Schneider asn at samba.org
Fri Sep 12 08:32:27 MDT 2014


On Friday 12 September 2014 12:09:36 Rowland Penny wrote:
> On 12/09/14 09:40, Andreas Schneider wrote:
> > Hello,
> > 
> > I'm trying to get samba_dnsupdate working but I can't. Nobody has time to
> > explain me how the DNS stuff works. So now I'm moving the ball to you!
> > 
> > It looks like the SOA record in the DNS server is wrong! The 'nsupdate'
> > command from bind-utils 9.9.5 is not able to update records cause querying
> > the SOA record returns a result nsupdate isn't able to parse.
> > 
> > Reproducer:
> > 
> > 1. Get socket_wrapper from:
> >     http://git.cryptomilk.org/projects/socket_wrapper.git/log/?h=fix
> >     (This implements fnctl(fd, F_DUPFD, ...) needed by nsupdate)
> > 
> > 2. Compile and install it, see README.install
> > 
> >     (mkdir mybuilddir
> > 	 
> > 	 cd mybuildir
> > 	 
> >      cmake -DCMAKE_INSTALL_PREFIX=/usr -DLIB_SUFFIX=64 /path/to/source)
> > 
> > 3. Compile Samba master git tree
> > 4. Run 'make testenv SAMBA_OPTIONS=-d10'
> > 5. Call 'SOCKET_WRAPPER_PCAP_FILE=nsupdate.pcap nsupdate -g'
> > 
> >     server 127.0.0.21
> >     update add wurst.samba.example.com. 900 AAAA fd00::5357:5f20
> >     show
> >     send
> > 
> > You can inspect server logs and the pcap file now and see it yourself!
> > 
> > 
> > Regards,
> > 
> > 	-- andreas
> 
> This seems really strange posting this in reply to a post from one of
> the samba devs, but I run a Samba4 AD DC on Debian 7.5 with bind9.9.5
> and I have no problem in using nsupdate to update the DNS records. What
> I did notice and it is probably a typo, is that your server is
> 127.0.0.21 not 127.0.0.1

127.0.0.21 is the IP of the DC in 'make test'.

Windows 2008:

asn at magrathea:~> dig -t SOA discworld.site

; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> -t SOA discworld.site
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31776
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;discworld.site.                        IN      SOA

;; ANSWER SECTION:
discworld.site.         3600    IN      SOA     dwad1.discworld.site. 
hostmaster.discworld.site. 236 900 600 86400 3600

;; ADDITIONAL SECTION:
dwad1.discworld.site.   3600    IN      A       192.168.100.10

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 12 16:24:17 CEST 2014
;; MSG SIZE  rcvd: 112


Samba DC in :make testenv':

dig @127.0.0.21 -t SOA samba.example.com
;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53

; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> @127.0.0.21 -t SOA samba.example.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

 
> I don't use ipv6 so this may be your problem, does the update work for
> ipv4 addresses ?

Did you try the reproducer I posted above?



	-- andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org



More information about the samba-technical mailing list