[Samba] Problem with dynamic DNS

Aki Tuomi cmouse at cmouse.fi
Tue Sep 8 07:33:18 UTC 2015 

Hi!

We are facing problems with Windows 10 and dynamic DNS. The problem is that
samba_dlz prevents AAAA deletion. Can we permit AAAA somehow or fix this?

Disabling IPv6 and removing IPv6 driver from interface made no difference
whatsoever. This works on Windows 7 just fine.

Samba version: 4.1.6-Ubuntu

We see the following with wireshark:

Domain Name System (query)
    Transaction ID: 0x8aa4
    Flags: 0x2800 Dynamic update
        0... .... .... .... = Response: Message is a query
        .010 1... .... .... = Opcode: Dynamic update (5)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...0 .... .... = Recursion desired: Don't do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data: Unacceptable
    Zones: 1
    Prerequisites: 1
    Updates: 3
    Additional RRs: 1
    Zone
        gwad.fi: type SOA, class IN
            Name: gwad.fi
            Type: SOA (Start of zone of authority)
            Class: IN (0x0001)
    Prerequisites
        GW-PC03.gwad.fi: type CNAME, class NONE
            Name: GW-PC03.gwad.fi
            Type: CNAME (Canonical name for an alias)
            Class: NONE (0x00fe)
            Time to live: 0 seconds
            Data length: 0
    Updates
        GW-PC03.gwad.fi: type AAAA, class ANY
            Name: GW-PC03.gwad.fi
            Type: AAAA (IPv6 address)
            Class: ANY (0x00ff)
            Time to live: 0 seconds
            Data length: 0
        GW-PC03.gwad.fi: type A, class ANY
            Name: GW-PC03.gwad.fi
            Type: A (Host address)
            Class: ANY (0x00ff)
            Time to live: 0 seconds
            Data length: 0
        GW-PC03.gwad.fi: type A, class IN, addr 10.132.2.103
            Name: GW-PC03.gwad.fi
            Type: A (Host address)
            Class: IN (0x0001)
            Time to live: 20 minutes
            Data length: 4
            Addr: 10.132.2.103 (10.132.2.103)
    Additional records
        1180-ms-7.2-3c5a3.9620e2ee-55f9-11e5-d29b-14dae91532dd: type TSIG, class ANY
            Name: 1180-ms-7.2-3c5a3.9620e2ee-55f9-11e5-d29b-14dae91532dd
            Type: TSIG (Transaction Signature)
            Class: ANY (0x00ff)
            Time to live: 0 seconds
            Data length: 54
            Algorithm Name: gss-tsig
            Time signed: Sep  8, 2015 10:23:18.000000000 EEST
            Fudge: 36000
            MAC Size: 28
            MAC
                No dissector for algorithm:gss-tsig
            Original Id: 35492
            Error: No error (0)
            Other Len: 0


And this in syslog:

Sep  8 10:24:57 gw-dc01 named[14101]: samba_dlz: starting transaction on zone gwad.fi
Sep  8 10:24:57 gw-dc01 named[14101]: samba_dlz: disallowing update of signer=gw-pc03\$\@GWAD.FI name=GW-PC03.gwad.fi type=AAAA error=insufficient access rights
Sep  8 10:24:57 gw-dc01 named[14101]: client 10.132.2.103#49508/key gw-pc03\$\@GWAD.FI: updating zone 'gwad.fi/NONE': update failed: rejected by secure update (REFUSED)
Sep  8 10:24:57 gw-dc01 named[14101]: samba_dlz: cancelling transaction on zone gwad.fi

Kind regards
Aki Tuomi

More information about the samba mailing list