resolv_wrapper and __res functions (was: Re: [PATCH 0/5] dns: Add authority record to replies)

Andrew Bartlett abartlet at samba.org
Tue Aug 11 03:24:53 UTC 2015 

On Mon, 2015-08-10 at 10:31 +0200, Andreas Schneider wrote:
> On Monday 10 August 2015 14:22:11 Andrew Bartlett wrote:
> > On Wed, 2015-08-05 at 08:48 +0200, Kai Blin wrote:
> > > On 30/07/15 13:24, Kai Blin wrote:
> > > 
> > > Ok, after some more digging..
> > > 
> > > > But also it looks like nsupdate keeps sending SOA requests and 
> > > > not
> > > > liking our reply. I'll investigate a bit more to find out what 
> > > > the
> > > > heck
> > > > it's expecting.
> > > 
> > > Something between `make testenv` and calling nsupdate with
> > > SOCKETWRAPPER
> > > seems to be misplacing the UDP packets from the server. Both
> > > `nsupdate`
> > > as well as `nsupdate -g` work just fine against an actual Samba 
> > > AD DC
> > > 
> > > provisioned outside our test environment. Ok, `nsupdate -g` 
> > > complains
> > > 
> > > about the TSIG coming from the server, but that's an unrelated 
> > > bug.
> > > 
> > > The PCAP file captured by socketwrapper in `make testenv` also 
> > > looks
> > > identical to what happens on the wire for a real system, but
> > > `nsupdate`
> > > still keeps resending the SOA request and not seeing the reply 
> > > until
> > > it
> > > gives up claiming the name server could not be reached.
> > > 
> > > So, seeing how that is an unrelated issue, can these patches go 
> > > in
> > > now?
> 
> That nsupdate doesn't work is a bug in socket_wrapper and a bug in 
> the bind 
> low level functions. I've fixed the socket_wrapper bug here:
> 
> https://git.cryptomilk.org/projects/socket_wrapper.git/commit/?h=fix&
> id=15f15429436ae429d47b6e624a123b33505a732f
> 
> A test is missing to push it upstream. I'm working on that.

Great.  This is making it much easier to test samba_dnsupate.

> I've reported the bind bug here:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1250921

How should we work around that in the meantime?  Export an environment
variable when we run nsupdate to say ignore the limit?

> > I've reproduced the same thing.  I needed this patch (or at least 
> > the
> > __res_nquery part) to get that far however, as otherwise 
> > resolv_wrapper
> > was exiting the samba_dnsupdate binary with 255, unable to find
> > res_nquery when that has been defined aside to __res_nquery.
> 
> Andrew, could you please provide a patch the resolv_wrapper 
> repository:
> 
> https://git.samba.org/resolv_wrapper.git/?p=resolv_wrapper.git;a=summ
> ary

Sure.  Do you think it's the right approach?

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba

More information about the samba-technical mailing list