[Samba] Are secure DNS updates truly working?
lingpanda101
lingpanda101 at gmail.com
Tue Aug 29 19:55:07 UTC 2017
On 8/29/2017 3:27 PM, George via samba wrote:
> Hi team,
>
> I recently upgrade some servers from v4.3.5 (affected by
> https://bugzilla.samba.org/show_bug.cgi?id=11520 ) to v4.5.8 (default in
> Debian Stretch) and was expecting secure DNS updates to be working again,
> but they are not.
>
> My logs show the same issues reported on bug 11520:
>
> [2017/08/29 15:21:01.990467, 2]
> ../source4/dns_server/dns_update.c:773(dns_server_process_update)
> Got a dns update request.
> [2017/08/29 15:21:01.990841, 2]
> ../source4/dns_server/dns_update.c:730(dns_update_allowed)
> Update not allowed for unsigned packet.
> [2017/08/29 15:21:02.001791, 1]
> ../source4/dns_server/dns_query.c:880(handle_tkey)
> Tkey handshake completed
>
> DNS records are not updated by Win7 clients and a Wireshark capture shows
> Samba returns "Refused" to the request (I'm using Samba internal DNS).
> Setting "allow dns updates = nonsecure" works fine, as before.
>
> Can anyone confirm that this was indeed fixed? What else could be the
> reason for the failures?
>
> Thanks,
>
> George
I can confirm they work on 4.6.7. I do recall they have worked for
several prior versions as well. I can't seem to get PTR records to
register though.
The refused request doesn't necessarily mean it's not working. Windows
will send an un-secure request first, followed by a secure request if
required.
--
--
James
More information about the samba
mailing list