DNS updates using nsupdate are not working!

Rowland Penny repenny241155 at gmail.com
Sun Sep 14 10:44:13 MDT 2014 

On 14/09/14 16:50, Andreas Schneider wrote:
> On Friday 12 September 2014 15:58:09 Rowland Penny wrote:
>>> 127.0.0.21 is the IP of the DC in 'make test'.
>> Ah, but you never mentioned that you were using bind etc in a test
>> environment. you just basically said bind9.9.5 couldn't update samba4 dns.
> We do not run bind in our test environment, but samba_dnsupdate uses nsupdate
> which is a bind utility.
>   
>>> Windows 2008:
>>>
>>> asn at magrathea:~> dig -t SOA discworld.site
>> Hmm, I suspect a science fiction fan here ;-)
>>
>>> ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> -t SOA discworld.site
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31776
>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
>>>
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags:; udp: 4000
>>> ;; QUESTION SECTION:
>>> ;discworld.site.                        IN      SOA
>>>
>>> ;; ANSWER SECTION:
>>> discworld.site.         3600    IN      SOA     dwad1.discworld.site.
>>> hostmaster.discworld.site. 236 900 600 86400 3600
>>>
>>> ;; ADDITIONAL SECTION:
>>> dwad1.discworld.site.   3600    IN      A       192.168.100.10
>>>
>>> ;; Query time: 0 msec
>>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>>> ;; WHEN: Fri Sep 12 16:24:17 CEST 2014
>>> ;; MSG SIZE  rcvd: 112
>> on my DC:
>>
>> root at dc01:~# dig -t SOA example.com
>>
>> ; <<>> DiG 9.9.5-4~bpo70+1-Debian <<>> -t SOA example.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62908
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;example.com.            IN    SOA
>>
>> ;; ANSWER SECTION:
>> example.com.        3600    IN    SOA    dc01.example.com.
>> hostmaster.example.com. 17 900 600 86400 0
>>
>> ;; AUTHORITY SECTION:
>> example.com.        900    IN    NS    dc01.example.com.
>>
>> ;; ADDITIONAL SECTION:
>> dc01.example.com.        900    IN    A    192.168.0.2
>>
>> ;; Query time: 0 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Fri Sep 12 15:42:43 BST 2014
>> ;; MSG SIZE  rcvd: 119
>>
>> Only major difference I can see, is that I have an authority section
> The problem doesn't exist with a Windows DC but with a Samba DC which doesn't
> have the correct SOA entry as you can see in the next lines ...
>   
>>> Samba DC in :make testenv':
>>>
>>> dig @127.0.0.21 -t SOA samba.example.com
>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
>>>
>>> ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> @127.0.0.21 -t SOA
>>> samba.example.com ; (1 server found)
>>> ;; global options: +cmd
>>> ;; connection timed out; no servers could be reached
>> I don't have a testenv so couldn't do this, but could I ask why
>> '127.0.0.21' ?
> See http://cwrap.org/
>
>
>
> 	-- andreas
>
Hi, I accept all that, but after you posted this:

It looks like the SOA record in the DNS server is wrong! The 'nsupdate'
command from bind-utils 9.9.5 is not able to update records cause querying the
SOA record returns a result nsupdate isn't able to parse.

I was just trying to point out that in production it works, 'nsupdate' 
from 9.9.5 does update samba4 dlz zones.

So long and thanks for all the fish ;-)

Rowland

More information about the samba-technical mailing list