[PATCH] samba_dnsupdate: honor 'dns zone scavenging' option, only update if needed (bug 13605)
Stefan Metzmacher
metze at samba.org
Wed Sep 5 20:20:55 UTC 2018
Am 05.09.2018 um 22:19 schrieb Stefan Metzmacher via samba-technical:
> Am 05.09.2018 um 21:34 schrieb Andrew Bartlett via samba-technical:
>> On Wed, 2018-09-05 at 17:12 +0200, Björn Baumbach via samba-technical
>> wrote:
>>> Since scavenging is implemented the samba_dnsupdate command always
>>> updates all dns records required by the dc.
>>>
>>> The attached patch avoids the update if dns zone scavenging is not
>>> enabled.
>>>
>>> This avoids the repeating TSIG error messages, which fill the samba
>>> log
>>> on log level 0:
>>>
>>> # samba_dnsupdate --option='dns zone scavenging = yes' 2>&1 | uniq
>>> -c
>>> 29 ; TSIG error with server: tsig verify failure
>>> 1 Failed update of 29 entries
>>> # echo ${PIPESTATUS[0]}
>>> 29
>>>
>>> # samba_dnsupdate --option='dns zone scavenging = no' 2>&1 | uniq -c
>>> # echo ${PIPESTATUS[0]}
>>> 0
>>>
>>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13605
>>>
>>> Best regards,
>>> Björn
>>
>> But why do we get TSIG errors?
>
> They happen when the nsupdate -g command tries to verify the servers
> signature, but I think we have tests that we generate the same signature
> than Windows, so it seems to be a nsupdate bug. The update itself works
> on the server.
We should really get rid of nsupdate -g, we have all python binding to
do it directly in python code within samba_dnsupdate, we basically just
need to copy and paste the code from the tests.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180905/a23d6531/signature.sig>
More information about the samba-technical
mailing list