[PATCH] samba_dnsupdate: honor 'dns zone scavenging' option, only update if needed (bug 13605)
Björn Baumbach
bb at sernet.de
Wed Sep 12 09:08:31 UTC 2018
Hi!
I've updated the patch together with Metze. For further information,
please see the commit message.
I'll push this version, soon.
Best regards,
Björn
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From fe0768c7c0e9d673d9b73d0ba9e15ba83fb6fd8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb at sernet.de>
Date: Wed, 5 Sep 2018 16:54:01 +0200
Subject: [PATCH] samba_dnsupdate: honor 'dns zone scavenging' option, only
update if needed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Since scavenging is implemented the samba_dnsupdate command always updates all
dns records required by the dc. This is not needed if dns zone scavenging
is not enabled.
This avoids the repeating TSIG error messages:
# samba_dnsupdate --option='dns zone scavenging = yes' 2>&1 | uniq -c
29 ; TSIG error with server: tsig verify failure
1 Failed update of 29 entries
# echo ${PIPESTATUS[0]}
29
# samba_dnsupdate --option='dns zone scavenging = no' 2>&1 | uniq -c
# echo ${PIPESTATUS[0]}
0
Note that this results in about 60 lines in the log file,
which triggered every 10 minutes ("dnsupdate:name interval=600" is the default).
This restores the behavior before 8ef42d4dab4dfaf5ad225b33f7748914f14dcd8c,
if "dns zone scavenging" is not switched on (which is still the default).
Avoiding the message from happening at all is subject for more debugging,
most likely they are caused by bugs in 'nsupdate -g' (from the bind package).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13605
Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Björn Baumbach <bb at sernet.de>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
selftest/knownfail.d/dns | 2 --
source4/scripting/bin/samba_dnsupdate | 15 ++++++++++++++-
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/selftest/knownfail.d/dns b/selftest/knownfail.d/dns
index d23f5eb..ca18b43 100644
--- a/selftest/knownfail.d/dns
+++ b/selftest/knownfail.d/dns
@@ -70,5 +70,3 @@ samba.tests.dns.__main__.TestSimpleQueries.test_qtype_all_query\(rodc:local\)
# The SOA override should not pass against the RODC, it must not overstamp
samba.tests.dns.__main__.TestSimpleQueries.test_one_SOA_query\(rodc:local\)
-.*samba.tests.blackbox.samba_dnsupdate.SambaDnsUpdateTests.test_samba_dnsupate_set_ip
-.*samba.tests.blackbox.samba_dnsupdate.SambaDnsUpdateTests.test_samba_dnsupate_no_change
diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
index 071cebe..fda3beb 100755
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -102,6 +102,8 @@ else:
nsupdate_cmd = lp.get('nsupdate command')
+dns_zone_scavenging = lp.get("dns zone scavenging")
+
if len(IPs) == 0:
print "No IP interfaces - skipping DNS updates"
sys.exit(0)
@@ -847,7 +849,18 @@ for d in dns_list:
rebuild_cache = True
if opts.verbose:
print "need cache add: %s" % d
- update_list.append(d)
+ if dns_zone_scavenging:
+ update_list.append(d)
+ if opts.verbose:
+ print "scavenging requires update: %s" % d
+ elif opts.all_names:
+ update_list.append(d)
+ if opts.verbose:
+ print "force update: %s" % d
+ elif not check_dns_name(d):
+ update_list.append(d)
+ if opts.verbose:
+ print "need update: %s" % d
for c in cache_list:
found = False
--
1.9.1
More information about the samba-technical
mailing list