[PATCH] samba_dnsupdate: honor 'dns zone scavenging' option, only update if needed (bug 13605)
Rowland Penny
rpenny at samba.org
Wed Sep 5 19:53:40 UTC 2018
On Thu, 06 Sep 2018 07:34:01 +1200
Andrew Bartlett via samba-technical <samba-technical at lists.samba.org>
wrote:
> On Wed, 2018-09-05 at 17:12 +0200, Björn Baumbach via samba-technical
> wrote:
> > Since scavenging is implemented the samba_dnsupdate command always
> > updates all dns records required by the dc.
> >
> > The attached patch avoids the update if dns zone scavenging is not
> > enabled.
> >
> > This avoids the repeating TSIG error messages, which fill the samba
> > log
> > on log level 0:
> >
> > # samba_dnsupdate --option='dns zone scavenging = yes' 2>&1 | uniq
> > -c
> > 29 ; TSIG error with server: tsig verify failure
> > 1 Failed update of 29 entries
> > # echo ${PIPESTATUS[0]}
> > 29
> >
> > # samba_dnsupdate --option='dns zone scavenging = no' 2>&1 | uniq
> > -c # echo ${PIPESTATUS[0]}
> > 0
> >
> > BUG: https://bugzilla.samba.org/show_bug.cgi?id=13605
> >
> > Best regards,
> > Björn
>
> But why do we get TSIG errors?
>
> Andrew Bartlett
>
I have this theory, when samba_dnsupdate gets the kerberos ticket, it
gets it from the nameserver in /etc/resolv.conf. if the nameserver
isn't the DC, it is isn't the correct ticket.
I say theory because I don't get this problem. I use bind9 and point
each DC at itself.
Rowland
More information about the samba-technical
mailing list