DNS updates using nsupdate are not working!

Andreas Schneider asn at samba.org
Sun Sep 14 09:50:10 MDT 2014


On Friday 12 September 2014 15:58:09 Rowland Penny wrote:
> > 127.0.0.21 is the IP of the DC in 'make test'.
> 
> Ah, but you never mentioned that you were using bind etc in a test
> environment. you just basically said bind9.9.5 couldn't update samba4 dns.

We do not run bind in our test environment, but samba_dnsupdate uses nsupdate 
which is a bind utility.
 
> > Windows 2008:
> > 
> > asn at magrathea:~> dig -t SOA discworld.site
> 
> Hmm, I suspect a science fiction fan here ;-)
> 
> > ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> -t SOA discworld.site
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31776
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
> > 
> > ;; OPT PSEUDOSECTION:
> > ; EDNS: version: 0, flags:; udp: 4000
> > ;; QUESTION SECTION:
> > ;discworld.site.                        IN      SOA
> > 
> > ;; ANSWER SECTION:
> > discworld.site.         3600    IN      SOA     dwad1.discworld.site.
> > hostmaster.discworld.site. 236 900 600 86400 3600
> > 
> > ;; ADDITIONAL SECTION:
> > dwad1.discworld.site.   3600    IN      A       192.168.100.10
> > 
> > ;; Query time: 0 msec
> > ;; SERVER: 127.0.0.1#53(127.0.0.1)
> > ;; WHEN: Fri Sep 12 16:24:17 CEST 2014
> > ;; MSG SIZE  rcvd: 112
> 
> on my DC:
> 
> root at dc01:~# dig -t SOA example.com
> 
> ; <<>> DiG 9.9.5-4~bpo70+1-Debian <<>> -t SOA example.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62908
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;example.com.            IN    SOA
> 
> ;; ANSWER SECTION:
> example.com.        3600    IN    SOA    dc01.example.com.
> hostmaster.example.com. 17 900 600 86400 0
> 
> ;; AUTHORITY SECTION:
> example.com.        900    IN    NS    dc01.example.com.
> 
> ;; ADDITIONAL SECTION:
> dc01.example.com.        900    IN    A    192.168.0.2
> 
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Sep 12 15:42:43 BST 2014
> ;; MSG SIZE  rcvd: 119
> 
> Only major difference I can see, is that I have an authority section

The problem doesn't exist with a Windows DC but with a Samba DC which doesn't 
have the correct SOA entry as you can see in the next lines ...
 
> > Samba DC in :make testenv':
> > 
> > dig @127.0.0.21 -t SOA samba.example.com
> > ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
> > ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
> > ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
> > 
> > ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> @127.0.0.21 -t SOA
> > samba.example.com ; (1 server found)
> > ;; global options: +cmd
> > ;; connection timed out; no servers could be reached
> 
> I don't have a testenv so couldn't do this, but could I ask why
> '127.0.0.21' ?

See http://cwrap.org/



	-- andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org



More information about the samba-technical mailing list