[Samba] Device ends up with multiple dns records and IP addresses

Sebastian Arcus s.arcus at open-t.co.uk
Thu Nov 11 13:53:32 UTC 2021

On 10/11/2021 15:59, Rowland Penny via samba wrote:
> On Wed, 2021-11-10 at 15:06 +0000, Sebastian Arcus via samba wrote:
>> On 09/11/2021 14:29, Rowland Penny via samba wrote:
>>> On Tue, 2021-11-09 at 13:08 +0000, Sebastian Arcus via samba wrote:
>>>> I have just checked this server today, and the printer has two IP
>>>> addresses again:
>>>> # host SEC001599AB9439
>>>> SEC001599AB9439.ihs-uk.lan has address
>>>> SEC001599AB9439.ihs-uk.lan has address
>>>> There are some other hosts with multiple IP's - an iPhone has 5
>>>> IP
>>>> addresses.
>>>> I then went to test manually adding a record with two IP
>>>> addresses
>>>> to
>>>> the dns server using the dhcp-dyndns.sh script:
>>>> /etc/dhcpd.d# ./dhcp-ddns.sh add abcdef test1
>>> What OS is this running on ?
>>> I do not recognise '/etc/dhcpd.d'
>>>> However, by inserting debug statements, I discovered that the
>>>> line
>>>> above
>>> Can you supply the script line that crashes for you.
>> Ok - I might have a bit more useful information. I've added lots of
>> debug lines in the script and the source of the error messages seems
>> to
>> be two fold: if there is already an A record in the dns back-end
>> with
>> multiple IPs, and/or a PTR record with multiple hostnames, both the
>> corresponding "samba-tool dns delete ..." statements fail with those
>> errors. Then everything snowballs down the hill, as every time the
>> device gets a new IP address, the script keeps on adding more
>> multiple
>> records to the database, with no chance of recovering from there.
>> I still don't know for sure how did the multiple records happen in
>> the
>> first place. I do know however why I was still getting the error
>> after
>> deleting all the IPs in the dns back-end for this printer - it's
>> because
>> I didn't realise that there was also a PTR record with multiple
>> hostnames, as well as the A record with multiple IPs.
>> Does the above help a bit? I don't know if the script should be
>> changed
>> to recognise multiple IP's / hostnames being returned when querying
>> the
>> dns back-end - and cope with that scenario? Or maybe that should
>> just
>> never ever happen in the first place?
> OK, try upgrading the script, the latest version has this:
>      add)
>          _KERBEROS
>          count=0
>          # does host have an existing 'A' record ?
>          A_REC=$(samba-tool dns query ${Server} ${domain} ${name} A -k
> yes 2>/dev/null | grep 'A:' | awk '{print $2}')
>          if [[ -z $A_REC ]]; then
>              # no A record to delete
>              result1=0
>              samba-tool dns add ${Server} ${domain} "${name}" A ${ip} -k
> yes
>              result2="$?"
>          elif [ "$A_REC" = "${ip}" ]; then
>                # Correct A record exists, do nothing
>                logger "Correct 'A' record exists, not updating."
>                result1=0
>                result2=0
>                count=$((count+1))
>          elif [ "$A_REC" != "${ip}" ]; then
>                # Wrong A record exists
>                logger "'A' record changed, updating record."
>                samba-tool dns delete ${Server} ${domain} "${name}" A
> ${A_REC} -k yes
>                result1="$?"
>                samba-tool dns add ${Server} ${domain} "${name}" A ${ip}
> -k yes
>                result2="$?"
>          fi
> The script now checks if the record exists and then does one of three
> things:
> It adds the record if one doesn't exist
> If the record exists and it matches the supplied data, it does nothing
> If the record exists and it doesn't match the supplied data, the record
> is deleted and a new record added
> The 0.9.0 version of the script did not do this.

Thank you for the suggestion. I've already tried 0.9.3 yesterday. It 
does look like the code is a bit more robust - but the basic issue still 
exists. If somehow the dns back-end ends up with an A record with 
multiple IP addresses, or a PTR record with multiple hostnames (or 
both), the "samba-tool dns query" command returns multiple lines and the 
script is unable to delete the existing records - as it passes a 
multi-line argument to "samba-tool dns delete ..." command - which 
fails. So it just keeps on adding more IPs and/or hostnames to the 
existing records anyway, without deleting existing ones.

Would it be safer for the script to at least detect the presence of 
multi IP / multi host records, and maybe abort trying to add the 
IP/hostname to the DNS back-end - and exit with an error? Or simply exit 
if the "samba-tool dns delete ..." command returns an error? Or maybe 
delete one by one all the IP addresses for the respective A record, and 
all the hostnames for the PTR record - and then create the new A / PTR 

More information about the samba mailing list