TSIG in libcli/dns

Kai Blin kai at samba.org
Tue Jul 4 13:04:51 UTC 2017

On 2017-07-04 01:52, David Disseldorp wrote:

Hi Dimitris,

> You'll have to match the wire format in the protocol definitions, to
> ensure that Samba remains compatible with other implementations. For
> this I'd suggest digging deeper into the corresponding specs. E.g.
> The RDATA algorithm_name field has a Data Type of "domain-name", which
> is defined in rfc1035 3.1. Name space definitions:
>    Domain names in messages are expressed in terms of a sequence of
>    labels.
>    Each label is represented as a one octet length field followed by that
>    number of octets.  Since every domain name ends with the null label of
>    the root, a domain name is terminated by a length byte of zero.  The
>    high order two bits of every length octet must be zero, and the
>    remaining six bits of the length field limit the label to 63 octets or
>    less.
> At this point it's probably worth getting acquainted with PIDL[1], which
> is used within Samba for simplified data structure marshalling and
> unmarshalling. PIDL allows a developer to define a wire format (e.g.
> struct srv_copychunk_copy in librpc/idl/ioctl.idl) and have it generate
> code for marshalling (e.g. ndr_push_srv_copychunk_copy()), unmarshalling
> (e.g. ndr_pull_srv_copychunk_copy()) and debugging (e.g.
> ndr_print_srv_copychunk_copy()).

We already have a PIDL definition for this, I believe, check out


We also use it in our server-side implementation already:

This just doesn't have tests at the moment, as we don't have client side 
code to test it with, so I wouldn't be surprised if it's broken somewhat. :)


Kai Blin
Samba Developer http://samba.team

More information about the samba-technical mailing list