[Samba] Win 10 Pro /registerdns issue with Samba 4.3.9 / TKEY Refused SOA

Ralph Böhme slow at samba.org
Tue Aug 23 15:06:40 UTC 2016 

On Tue, Aug 23, 2016 at 04:56:03PM +0200, Ralph Böhme via samba wrote:
> On Tue, Aug 23, 2016 at 02:58:55PM +0200, D Grealish via samba wrote:
> > Hi,
> > 
> > We have an issue where an existing Win 10 client is already part of the
> > domain, however it's DNS entry isn't updated,
> > Is this bug related? https://bugzilla.samba.org/show_bug.cgi?id=11520
> > 
> > please see details below
> > 
> > Ubuntu: 16.04.01 LTS
> > Samba: Version 4.3.9-Ubuntu
> > Samba Internal DNS
> > 
> > 'allow dns updates = nonsecure' is not specified
> > 
> > >ipconfig /registerdns
> > 
> > Samba-Log: sudo tail -f /var/log/samba/log.samba
> > [2016/08/16 14:57:53.551309, 2]
> > ../source4/dns_server/dns_update.c:773(dns_server_process_update)
> > Got a dns update request.
> > [2016/08/16 14:57:53.551714, 2]
> > ../source4/dns_server/dns_update.c:730(dns_update_allowed)
> > Update not allowed for unsigned packet.
> > [2016/08/16 14:57:53.566702, 1]
> > ../source4/dns_server/dns_query.c:523(handle_tkey)
> > Tkey handshake completed
> > [2016/08/16 14:57:53.570610, 3]
> > ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> > Terminating connection - 'dns_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > NT_STATUS_CONNECTION_DISCONNECTED'
> > [2016/08/16 14:57:53.570808, 3]
> > ../source4/smbd/process_single.c:114(single_terminate)
> > single_terminate: reason[dns_tcp_call_loop: tstream_read_pdu_blob_recv() -
> > NT_STATUS_CONNECTION_DISCONNECTED]
> > 
> > in the wireshark dump we see:
> > 
> > 71 4.964295 172.16.10.5 172.20.0.39 DNS 156 Dynamic update response
> > 0x4806 *Refused
> > SOA *testsamba.domain.com CNAME AAAA A A 172.20.0.39
> > 
> > 77 4.970157 172.20.0.39 172.16.10.5 DNS 448 Standard query 0x59f6 TKEY
> > 1116-ms-7.90-49f0535.97c7139d-6398-11e6-30bf-a01d48f78dbb TKEY
> > 
> > 80 4.978315 172.16.10.5 172.20.0.39 DNS 412 Standard query response 0x59f6
> > TKEY 1116-ms-7.90-49f0535.97c7139d-6398-11e6-30bf-a01d48f78dbb TKEY TSIG
> 
> can you post your full config, a level 10 debug log and a packet
> capture of the issue please? Thanks!

ah, I forgot: the real fix is only available in 4.4 and upwards, but
4.3.11 should ship a hack to make it working there as well. Alas,
looks like the release notes for 4.3.11 don't mention this fix.

Cheerio!
-slow

More information about the samba mailing list