[PATCH] samba_dnsupdate: honor 'dns zone scavenging' option, only update if needed (bug 13605)
Stefan Metzmacher
metze at samba.org
Wed Sep 5 20:19:18 UTC 2018
Am 05.09.2018 um 21:34 schrieb Andrew Bartlett via samba-technical:
> On Wed, 2018-09-05 at 17:12 +0200, Björn Baumbach via samba-technical
> wrote:
>> Since scavenging is implemented the samba_dnsupdate command always
>> updates all dns records required by the dc.
>>
>> The attached patch avoids the update if dns zone scavenging is not
>> enabled.
>>
>> This avoids the repeating TSIG error messages, which fill the samba
>> log
>> on log level 0:
>>
>> # samba_dnsupdate --option='dns zone scavenging = yes' 2>&1 | uniq
>> -c
>> 29 ; TSIG error with server: tsig verify failure
>> 1 Failed update of 29 entries
>> # echo ${PIPESTATUS[0]}
>> 29
>>
>> # samba_dnsupdate --option='dns zone scavenging = no' 2>&1 | uniq -c
>> # echo ${PIPESTATUS[0]}
>> 0
>>
>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13605
>>
>> Best regards,
>> Björn
>
> But why do we get TSIG errors?
They happen when the nsupdate -g command tries to verify the servers
signature, but I think we have tests that we generate the same signature
than Windows, so it seems to be a nsupdate bug. The update itself works
on the server.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180905/9997c5f7/signature.sig>
More information about the samba-technical
mailing list