DNS updates using nsupdate are not working!
Rowland Penny
repenny241155 at gmail.com
Sun Sep 14 10:44:13 MDT 2014
On 14/09/14 16:50, Andreas Schneider wrote:
> On Friday 12 September 2014 15:58:09 Rowland Penny wrote:
>>> 127.0.0.21 is the IP of the DC in 'make test'.
>> Ah, but you never mentioned that you were using bind etc in a test
>> environment. you just basically said bind9.9.5 couldn't update samba4 dns.
> We do not run bind in our test environment, but samba_dnsupdate uses nsupdate
> which is a bind utility.
>
>>> Windows 2008:
>>>
>>> asn at magrathea:~> dig -t SOA discworld.site
>> Hmm, I suspect a science fiction fan here ;-)
>>
>>> ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> -t SOA discworld.site
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31776
>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
>>>
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags:; udp: 4000
>>> ;; QUESTION SECTION:
>>> ;discworld.site. IN SOA
>>>
>>> ;; ANSWER SECTION:
>>> discworld.site. 3600 IN SOA dwad1.discworld.site.
>>> hostmaster.discworld.site. 236 900 600 86400 3600
>>>
>>> ;; ADDITIONAL SECTION:
>>> dwad1.discworld.site. 3600 IN A 192.168.100.10
>>>
>>> ;; Query time: 0 msec
>>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>>> ;; WHEN: Fri Sep 12 16:24:17 CEST 2014
>>> ;; MSG SIZE rcvd: 112
>> on my DC:
>>
>> root at dc01:~# dig -t SOA example.com
>>
>> ; <<>> DiG 9.9.5-4~bpo70+1-Debian <<>> -t SOA example.com
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62908
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
>>
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ;; QUESTION SECTION:
>> ;example.com. IN SOA
>>
>> ;; ANSWER SECTION:
>> example.com. 3600 IN SOA dc01.example.com.
>> hostmaster.example.com. 17 900 600 86400 0
>>
>> ;; AUTHORITY SECTION:
>> example.com. 900 IN NS dc01.example.com.
>>
>> ;; ADDITIONAL SECTION:
>> dc01.example.com. 900 IN A 192.168.0.2
>>
>> ;; Query time: 0 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Fri Sep 12 15:42:43 BST 2014
>> ;; MSG SIZE rcvd: 119
>>
>> Only major difference I can see, is that I have an authority section
> The problem doesn't exist with a Windows DC but with a Samba DC which doesn't
> have the correct SOA entry as you can see in the next lines ...
>
>>> Samba DC in :make testenv':
>>>
>>> dig @127.0.0.21 -t SOA samba.example.com
>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
>>>
>>> ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> @127.0.0.21 -t SOA
>>> samba.example.com ; (1 server found)
>>> ;; global options: +cmd
>>> ;; connection timed out; no servers could be reached
>> I don't have a testenv so couldn't do this, but could I ask why
>> '127.0.0.21' ?
> See http://cwrap.org/
>
>
>
> -- andreas
>
Hi, I accept all that, but after you posted this:
It looks like the SOA record in the DNS server is wrong! The 'nsupdate'
command from bind-utils 9.9.5 is not able to update records cause querying the
SOA record returns a result nsupdate isn't able to parse.
I was just trying to point out that in production it works, 'nsupdate'
from 9.9.5 does update samba4 dlz zones.
So long and thanks for all the fish ;-)
Rowland
More information about the samba-technical
mailing list