[Samba] Bind 9.12.x support status

Taner Tas taner76 at gmail.com
Thu Sep 6 08:27:12 UTC 2018

On Thu, 06 Sep 2018 09:29:15 +1200
Andrew Bartlett <abartlet at samba.org> wrote:

> On Thu, 2018-09-06 at 00:01 +0300, Taner Tas via samba wrote:
> > Hi,
> > 
> > I recently noticed that when doing "samba_dns --all-names --verbose"
> > against Bind-9.12, I can't update dns records. I'm getting these
> > error messages for each record to update:
> >   
> I think this is the key (pardon the pun):
> > daemon.err [6942]: samba_dlz: spnego update failed  
> Are you running a build with MIT Kerberos?
> There is a replay cache implemented in that codebase that we need to
> disable/work around in Samba, because we do a deliberate replay (we
> parse/decrypt it a second time to get the PAC) of the Kerberos ticket
> here.
> Andrew Bartlett

You're spot on about MIT Kerberos. I mistakenly compiled Bind-9.12
against MIT Kerberos. It took me hours to find the cause the problem.
I re-compiled with Heimdal and I confirm that "samba_dns --all-names
--verbose" command runs just fine with Bind-9.12. So, we can assume
that there no issues with the bind-9.12.patch here:


I created a PR for Alpine Linux to solve my fault at first place:


Taner Tas

More information about the samba mailing list