DNS updates using nsupdate are not working!

Andreas Schneider asn at samba.org
Mon Sep 15 06:06:00 MDT 2014


On Monday 15 September 2014 07:49:36 Rowland Penny wrote:
> On 15/09/14 07:41, Andreas Schneider wrote:
> > On Sunday 14 September 2014 17:44:13 Rowland Penny wrote:
> >> On 14/09/14 16:50, Andreas Schneider wrote:
> >>> On Friday 12 September 2014 15:58:09 Rowland Penny wrote:
> >>>>> 127.0.0.21 is the IP of the DC in 'make test'.
> >>>> 
> >>>> Ah, but you never mentioned that you were using bind etc in a test
> >>>> environment. you just basically said bind9.9.5 couldn't update samba4
> >>>> dns.
> >>> 
> >>> We do not run bind in our test environment, but samba_dnsupdate uses
> >>> nsupdate which is a bind utility.
> >>> 
> >>>>> Windows 2008:
> >>>>> 
> >>>>> asn at magrathea:~> dig -t SOA discworld.site
> >>>> 
> >>>> Hmm, I suspect a science fiction fan here ;-)
> >>>> 
> >>>>> ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> -t SOA discworld.site
> >>>>> ;; global options: +cmd
> >>>>> ;; Got answer:
> >>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31776
> >>>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL:
> >>>>> 2
> >>>>> 
> >>>>> ;; OPT PSEUDOSECTION:
> >>>>> ; EDNS: version: 0, flags:; udp: 4000
> >>>>> ;; QUESTION SECTION:
> >>>>> ;discworld.site.                        IN      SOA
> >>>>> 
> >>>>> ;; ANSWER SECTION:
> >>>>> discworld.site.         3600    IN      SOA     dwad1.discworld.site.
> >>>>> hostmaster.discworld.site. 236 900 600 86400 3600
> >>>>> 
> >>>>> ;; ADDITIONAL SECTION:
> >>>>> dwad1.discworld.site.   3600    IN      A       192.168.100.10
> >>>>> 
> >>>>> ;; Query time: 0 msec
> >>>>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> >>>>> ;; WHEN: Fri Sep 12 16:24:17 CEST 2014
> >>>>> ;; MSG SIZE  rcvd: 112
> >>>> 
> >>>> on my DC:
> >>>> 
> >>>> root at dc01:~# dig -t SOA example.com
> >>>> 
> >>>> ; <<>> DiG 9.9.5-4~bpo70+1-Debian <<>> -t SOA example.com
> >>>> ;; global options: +cmd
> >>>> ;; Got answer:
> >>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62908
> >>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
> >>>> 
> >>>> ;; OPT PSEUDOSECTION:
> >>>> ; EDNS: version: 0, flags:; udp: 4096
> >>>> ;; QUESTION SECTION:
> >>>> ;example.com.            IN    SOA
> >>>> 
> >>>> ;; ANSWER SECTION:
> >>>> example.com.        3600    IN    SOA    dc01.example.com.
> >>>> hostmaster.example.com. 17 900 600 86400 0
> >>>> 
> >>>> ;; AUTHORITY SECTION:
> >>>> example.com.        900    IN    NS    dc01.example.com.
> >>>> 
> >>>> ;; ADDITIONAL SECTION:
> >>>> dc01.example.com.        900    IN    A    192.168.0.2
> >>>> 
> >>>> ;; Query time: 0 msec
> >>>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> >>>> ;; WHEN: Fri Sep 12 15:42:43 BST 2014
> >>>> ;; MSG SIZE  rcvd: 119
> >>>> 
> >>>> Only major difference I can see, is that I have an authority section
> >>> 
> >>> The problem doesn't exist with a Windows DC but with a Samba DC which
> >>> doesn't have the correct SOA entry as you can see in the next lines ...
> >>> 
> >>>>> Samba DC in :make testenv':
> >>>>> 
> >>>>> dig @127.0.0.21 -t SOA samba.example.com
> >>>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
> >>>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
> >>>>> ;; reply from unexpected source: 127.0.0.21#53, expected 127.0.0.21#53
> >>>>> 
> >>>>> ; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> @127.0.0.21 -t SOA
> >>>>> samba.example.com ; (1 server found)
> >>>>> ;; global options: +cmd
> >>>>> ;; connection timed out; no servers could be reached
> >>>> 
> >>>> I don't have a testenv so couldn't do this, but could I ask why
> >>>> '127.0.0.21' ?
> >>> 
> >>> See http://cwrap.org/
> >>> 
> >>> 	-- andreas
> >> 
> >> Hi, I accept all that, but after you posted this:
> >> 
> >> It looks like the SOA record in the DNS server is wrong! The 'nsupdate'
> >> command from bind-utils 9.9.5 is not able to update records cause
> >> querying
> >> the SOA record returns a result nsupdate isn't able to parse.
> >> 
> >> I was just trying to point out that in production it works, 'nsupdate'
> >> from 9.9.5 does update samba4 dlz zones.
> >> 
> >> So long and thanks for all the fish ;-)
> > 
> > With bind dns server or samba internal dns server?
> 
> BIND 9.9.5-4~bpo70+1-Debian (Extended Support Version)

Well, the testsuite uses the internal DNS server and this is the bug report 
about it!



	-- andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org



More information about the samba-technical mailing list