DNS updates using nsupdate are not working!

Rowland Penny repenny241155 at gmail.com
Mon Sep 15 00:49:36 MDT 2014


On 15/09/14 07:41, Andreas Schneider wrote:
> On Sunday 14 September 2014 17:44:13 Rowland Penny wrote:
>> On 14/09/14 16:50, Andreas Schneider wrote:
>>> On Friday 12 September 2014 15:58:09 Rowland Penny wrote:
>>>>> 127.0.0.21 is the IP of the DC in 'make test'.
>>>> Ah, but you never mentioned that you were using bind etc in a test
>>>> environment. you just basically said bind9.9.5 couldn't update samba4
>>>> dns.
>>> We do not run bind in our test environment, but samba_dnsupdate uses
>>> nsupdate which is a bind utility.
>>>
>>>>> Windows 2008:
>>>>>
>>>>> asn at magrathea:~> dig -t SOA discworld.site
>>>> Hmm, I suspect a science fiction fan here ;-)
>>>>
>>>>> ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> -t SOA discworld.site
>>>>> ;; global options: +cmd
>>>>> ;; Got answer:
>>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31776
>>>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
>>>>>
>>>>> ;; OPT PSEUDOSECTION:
>>>>> ; EDNS: version: 0, flags:; udp: 4000
>>>>> ;; QUESTION SECTION:
>>>>> ;discworld.site.                        IN      SOA
>>>>>
>>>>> ;; ANSWER SECTION:
>>>>> discworld.site.         3600    IN      SOA     dwad1.discworld.site.
>>>>> hostmaster.discworld.site. 236 900 600 86400 3600
>>>>>
>>>>> ;; ADDITIONAL SECTION:
>>>>> dwad1.discworld.site.   3600    IN      A       192.168.100.10
>>>>>
>>>>> ;; Query time: 0 msec
>>>>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>>>>> ;; WHEN: Fri Sep 12 16:24:17 CEST 2014
>>>>> ;; MSG SIZE  rcvd: 112
>>>> on my DC:
>>>>
>>>> root at dc01:~# dig -t SOA example.com
>>>>
>>>> ; <<>> DiG 9.9.5-4~bpo70+1-Debian <<>> -t SOA example.com
>>>> ;; global options: +cmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62908
>>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
>>>>
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags:; udp: 4096
>>>> ;; QUESTION SECTION:
>>>> ;example.com.            IN    SOA
>>>>
>>>> ;; ANSWER SECTION:
>>>> example.com.        3600    IN    SOA    dc01.example.com.
>>>> hostmaster.example.com. 17 900 600 86400 0
>>>>
>>>> ;; AUTHORITY SECTION:
>>>> example.com.        900    IN    NS    dc01.example.com.
>>>>
>>>> ;; ADDITIONAL SECTION:
>>>> dc01.example.com.        900    IN    A    192.168.0.2
>>>>
>>>> ;; Query time: 0 msec
>>>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>>>> ;; WHEN: Fri Sep 12 15:42:43 BST 2014
>>>> ;; MSG SIZE  rcvd: 119
>>>>
>>>> Only major difference I can see, is that I have an authority section
>>> The problem doesn't exist with a Windows DC but with a Samba DC which
>>> doesn't have the correct SOA entry as you can see in the next lines ...
>>>
>>>>> Samba DC in :make testenv':
>>>>>
>>>>> dig @127.0.0.21 -t SOA samba.example.com
>>>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
>>>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
>>>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
>>>>>
>>>>> ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> @127.0.0.21 -t SOA
>>>>> samba.example.com ; (1 server found)
>>>>> ;; global options: +cmd
>>>>> ;; connection timed out; no servers could be reached
>>>> I don't have a testenv so couldn't do this, but could I ask why
>>>> '127.0.0.21' ?
>>> See http://cwrap.org/
>>>
>>> 	-- andreas
>> Hi, I accept all that, but after you posted this:
>>
>> It looks like the SOA record in the DNS server is wrong! The 'nsupdate'
>> command from bind-utils 9.9.5 is not able to update records cause querying
>> the SOA record returns a result nsupdate isn't able to parse.
>>
>> I was just trying to point out that in production it works, 'nsupdate'
>> from 9.9.5 does update samba4 dlz zones.
>>
>> So long and thanks for all the fish ;-)
> With bind dns server or samba internal dns server?
>
BIND 9.9.5-4~bpo70+1-Debian (Extended Support Version)

Rowland
>
> 	-- andreas
>



More information about the samba-technical mailing list