[Samba] Win 10 Pro /registerdns issue with Samba 4.3.9 / TKEY Refused SOA

lingpanda101 at gmail.com lingpanda101 at gmail.com
Tue Aug 23 14:13:43 UTC 2016 

On 8/23/2016 8:58 AM, D Grealish via samba wrote:
> Hi,
>
> We have an issue where an existing Win 10 client is already part of the
> domain, however it's DNS entry isn't updated,
> Is this bug related? https://bugzilla.samba.org/show_bug.cgi?id=11520
>
> please see details below
>
> Ubuntu: 16.04.01 LTS
> Samba: Version 4.3.9-Ubuntu
> Samba Internal DNS
>
> 'allow dns updates = nonsecure' is not specified
>
>> ipconfig /registerdns
> Samba-Log: sudo tail -f /var/log/samba/log.samba
> [2016/08/16 14:57:53.551309, 2]
> ../source4/dns_server/dns_update.c:773(dns_server_process_update)
> Got a dns update request.
> [2016/08/16 14:57:53.551714, 2]
> ../source4/dns_server/dns_update.c:730(dns_update_allowed)
> Update not allowed for unsigned packet.
> [2016/08/16 14:57:53.566702, 1]
> ../source4/dns_server/dns_query.c:523(handle_tkey)
> Tkey handshake completed
> [2016/08/16 14:57:53.570610, 3]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED'
> [2016/08/16 14:57:53.570808, 3]
> ../source4/smbd/process_single.c:114(single_terminate)
> single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() -
> NT_STATUS_CONNECTION_DISCONNECTED]
>
> in the wireshark dump we see:
>
> 71 4.964295 172.16.10.5 172.20.0.39 DNS 156 Dynamic update response
> 0x4806 *Refused
> SOA *testsamba.domain.com CNAME AAAA A A 172.20.0.39
>
> 77 4.970157 172.20.0.39 172.16.10.5 DNS 448 Standard query 0x59f6 TKEY
> 1116-ms-7.90-49f0535.97c7139d-6398-11e6-30bf-a01d48f78dbb TKEY
>
> 80 4.978315 172.16.10.5 172.20.0.39 DNS 412 Standard query response 0x59f6
> TKEY 1116-ms-7.90-49f0535.97c7139d-6398-11e6-30bf-a01d48f78dbb TKEY TSIG
>
> Refused SOA is interesting above
>
> Thanks in Advance
>
> Grealish

It's also normal to receive refused requests in Wireshark. Windows will 
attempt a nonsecure update followed by a secure update by default.

-- 
-James

More information about the samba mailing list