resolv_wrapper and __res functions (was: Re: [PATCH 0/5] dns: Add authority record to replies)
Andrew Bartlett
abartlet at samba.org
Tue Aug 11 03:24:53 UTC 2015
On Mon, 2015-08-10 at 10:31 +0200, Andreas Schneider wrote:
> On Monday 10 August 2015 14:22:11 Andrew Bartlett wrote:
> > On Wed, 2015-08-05 at 08:48 +0200, Kai Blin wrote:
> > > On 30/07/15 13:24, Kai Blin wrote:
> > >
> > > Ok, after some more digging..
> > >
> > > > But also it looks like nsupdate keeps sending SOA requests and
> > > > not
> > > > liking our reply. I'll investigate a bit more to find out what
> > > > the
> > > > heck
> > > > it's expecting.
> > >
> > > Something between `make testenv` and calling nsupdate with
> > > SOCKETWRAPPER
> > > seems to be misplacing the UDP packets from the server. Both
> > > `nsupdate`
> > > as well as `nsupdate -g` work just fine against an actual Samba
> > > AD DC
> > >
> > > provisioned outside our test environment. Ok, `nsupdate -g`
> > > complains
> > >
> > > about the TSIG coming from the server, but that's an unrelated
> > > bug.
> > >
> > > The PCAP file captured by socketwrapper in `make testenv` also
> > > looks
> > > identical to what happens on the wire for a real system, but
> > > `nsupdate`
> > > still keeps resending the SOA request and not seeing the reply
> > > until
> > > it
> > > gives up claiming the name server could not be reached.
> > >
> > > So, seeing how that is an unrelated issue, can these patches go
> > > in
> > > now?
>
> That nsupdate doesn't work is a bug in socket_wrapper and a bug in
> the bind
> low level functions. I've fixed the socket_wrapper bug here:
>
> https://git.cryptomilk.org/projects/socket_wrapper.git/commit/?h=fix&
> id=15f15429436ae429d47b6e624a123b33505a732f
>
> A test is missing to push it upstream. I'm working on that.
Great. This is making it much easier to test samba_dnsupate.
> I've reported the bind bug here:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1250921
How should we work around that in the meantime? Export an environment
variable when we run nsupdate to say ignore the limit?
> > I've reproduced the same thing. I needed this patch (or at least
> > the
> > __res_nquery part) to get that far however, as otherwise
> > resolv_wrapper
> > was exiting the samba_dnsupdate binary with 255, unable to find
> > res_nquery when that has been defined aside to __res_nquery.
>
> Andrew, could you please provide a patch the resolv_wrapper
> repository:
>
> https://git.samba.org/resolv_wrapper.git/?p=resolv_wrapper.git;a=summ
> ary
Sure. Do you think it's the right approach?
Thanks,
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list