DNS updates using nsupdate are not working!
Andreas Schneider
asn at samba.org
Mon Sep 15 00:41:54 MDT 2014
On Sunday 14 September 2014 17:44:13 Rowland Penny wrote:
> On 14/09/14 16:50, Andreas Schneider wrote:
> > On Friday 12 September 2014 15:58:09 Rowland Penny wrote:
> >>> 127.0.0.21 is the IP of the DC in 'make test'.
> >>
> >> Ah, but you never mentioned that you were using bind etc in a test
> >> environment. you just basically said bind9.9.5 couldn't update samba4
> >> dns.
> >
> > We do not run bind in our test environment, but samba_dnsupdate uses
> > nsupdate which is a bind utility.
> >
> >>> Windows 2008:
> >>>
> >>> asn at magrathea:~> dig -t SOA discworld.site
> >>
> >> Hmm, I suspect a science fiction fan here ;-)
> >>
> >>> ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> -t SOA discworld.site
> >>> ;; global options: +cmd
> >>> ;; Got answer:
> >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31776
> >>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
> >>>
> >>> ;; OPT PSEUDOSECTION:
> >>> ; EDNS: version: 0, flags:; udp: 4000
> >>> ;; QUESTION SECTION:
> >>> ;discworld.site. IN SOA
> >>>
> >>> ;; ANSWER SECTION:
> >>> discworld.site. 3600 IN SOA dwad1.discworld.site.
> >>> hostmaster.discworld.site. 236 900 600 86400 3600
> >>>
> >>> ;; ADDITIONAL SECTION:
> >>> dwad1.discworld.site. 3600 IN A 192.168.100.10
> >>>
> >>> ;; Query time: 0 msec
> >>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> >>> ;; WHEN: Fri Sep 12 16:24:17 CEST 2014
> >>> ;; MSG SIZE rcvd: 112
> >>
> >> on my DC:
> >>
> >> root at dc01:~# dig -t SOA example.com
> >>
> >> ; <<>> DiG 9.9.5-4~bpo70+1-Debian <<>> -t SOA example.com
> >> ;; global options: +cmd
> >> ;; Got answer:
> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62908
> >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
> >>
> >> ;; OPT PSEUDOSECTION:
> >> ; EDNS: version: 0, flags:; udp: 4096
> >> ;; QUESTION SECTION:
> >> ;example.com. IN SOA
> >>
> >> ;; ANSWER SECTION:
> >> example.com. 3600 IN SOA dc01.example.com.
> >> hostmaster.example.com. 17 900 600 86400 0
> >>
> >> ;; AUTHORITY SECTION:
> >> example.com. 900 IN NS dc01.example.com.
> >>
> >> ;; ADDITIONAL SECTION:
> >> dc01.example.com. 900 IN A 192.168.0.2
> >>
> >> ;; Query time: 0 msec
> >> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> >> ;; WHEN: Fri Sep 12 15:42:43 BST 2014
> >> ;; MSG SIZE rcvd: 119
> >>
> >> Only major difference I can see, is that I have an authority section
> >
> > The problem doesn't exist with a Windows DC but with a Samba DC which
> > doesn't have the correct SOA entry as you can see in the next lines ...
> >
> >>> Samba DC in :make testenv':
> >>>
> >>> dig @127.0.0.21 -t SOA samba.example.com
> >>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
> >>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
> >>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
> >>>
> >>> ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> @127.0.0.21 -t SOA
> >>> samba.example.com ; (1 server found)
> >>> ;; global options: +cmd
> >>> ;; connection timed out; no servers could be reached
> >>
> >> I don't have a testenv so couldn't do this, but could I ask why
> >> '127.0.0.21' ?
> >
> > See http://cwrap.org/
> >
> > -- andreas
>
> Hi, I accept all that, but after you posted this:
>
> It looks like the SOA record in the DNS server is wrong! The 'nsupdate'
> command from bind-utils 9.9.5 is not able to update records cause querying
> the SOA record returns a result nsupdate isn't able to parse.
>
> I was just trying to point out that in production it works, 'nsupdate'
> from 9.9.5 does update samba4 dlz zones.
>
> So long and thanks for all the fish ;-)
With bind dns server or samba internal dns server?
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list