DNS updates using nsupdate are not working!
Andreas Schneider
asn at samba.org
Fri Sep 12 08:32:27 MDT 2014
On Friday 12 September 2014 12:09:36 Rowland Penny wrote:
> On 12/09/14 09:40, Andreas Schneider wrote:
> > Hello,
> >
> > I'm trying to get samba_dnsupdate working but I can't. Nobody has time to
> > explain me how the DNS stuff works. So now I'm moving the ball to you!
> >
> > It looks like the SOA record in the DNS server is wrong! The 'nsupdate'
> > command from bind-utils 9.9.5 is not able to update records cause querying
> > the SOA record returns a result nsupdate isn't able to parse.
> >
> > Reproducer:
> >
> > 1. Get socket_wrapper from:
> > http://git.cryptomilk.org/projects/socket_wrapper.git/log/?h=fix
> > (This implements fnctl(fd, F_DUPFD, ...) needed by nsupdate)
> >
> > 2. Compile and install it, see README.install
> >
> > (mkdir mybuilddir
> >
> > cd mybuildir
> >
> > cmake -DCMAKE_INSTALL_PREFIX=/usr -DLIB_SUFFIX=64 /path/to/source)
> >
> > 3. Compile Samba master git tree
> > 4. Run 'make testenv SAMBA_OPTIONS=-d10'
> > 5. Call 'SOCKET_WRAPPER_PCAP_FILE=nsupdate.pcap nsupdate -g'
> >
> > server 127.0.0.21
> > update add wurst.samba.example.com. 900 AAAA fd00::5357:5f20
> > show
> > send
> >
> > You can inspect server logs and the pcap file now and see it yourself!
> >
> >
> > Regards,
> >
> > -- andreas
>
> This seems really strange posting this in reply to a post from one of
> the samba devs, but I run a Samba4 AD DC on Debian 7.5 with bind9.9.5
> and I have no problem in using nsupdate to update the DNS records. What
> I did notice and it is probably a typo, is that your server is
> 127.0.0.21 not 127.0.0.1
127.0.0.21 is the IP of the DC in 'make test'.
Windows 2008:
asn at magrathea:~> dig -t SOA discworld.site
; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> -t SOA discworld.site
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31776
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;discworld.site. IN SOA
;; ANSWER SECTION:
discworld.site. 3600 IN SOA dwad1.discworld.site.
hostmaster.discworld.site. 236 900 600 86400 3600
;; ADDITIONAL SECTION:
dwad1.discworld.site. 3600 IN A 192.168.100.10
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Sep 12 16:24:17 CEST 2014
;; MSG SIZE rcvd: 112
Samba DC in :make testenv':
dig @127.0.0.21 -t SOA samba.example.com
;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> @127.0.0.21 -t SOA samba.example.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
> I don't use ipv6 so this may be your problem, does the update work for
> ipv4 addresses ?
Did you try the reproducer I posted above?
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list