[Samba] Internal DNS - TTL enforcement for dynamic updates
Dmitry Khromov
icechrome at gmail.com
Thu Nov 1 14:16:17 MDT 2012
> According to the dump, Windows just doesn't try to send a signed update after receiveng TKEY. However, this host had succeded at least once today. Rebooted it, now no updates happen, but Samba started to say:
> [2012/11/01 14:32:30, 1] ../source4/dns_server/dns_server.c:150(dns_process_send)
> Failed to verify TSIG!
Things get even more interesting. Looks like in fact there are two problems.
I have another two dumps, illustrating the original issue I was talking about. In dump 1 the host is just booted and the record from the previous boot exists. As you can see Samba says SERVFAIL. debug level = 1 says:
[2012/11/01 23:59:44, 1] ../source4/dns_server/dns_query.c:501(handle_tkey)
Tkey handshake completed
[2012/11/01 23:59:48, 1] ../source4/dns_server/dns_update.c:672(handle_updates)
update count is 3
[2012/11/01 23:59:48, 1] ../source4/dns_server/dns_update.c:672(handle_updates)
update count is 3
[2012/11/01 23:59:48, 1] ../source4/dns_server/dns_update.c:672(handle_updates)
update count is 3
[2012/11/01 23:59:48, 1] ../source4/dns_server/dns_update.c:672(handle_updates)
update count is 3
In dump 2 I have just deleted the record. As you can see, only the first update succeeds, then - SERVFAIL again.
P.S. Just in case you're suprised with the updates frequency - it's what we really have in production on "parking" subnets, as a workaround for the Windows 7 DHCPINFORM on non-authoritative subnets problem.
--
Best regards,
Dmitry Khromov
More information about the samba
mailing list