Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
linux.samba
Message from discussion Internal DNS - TTL enforcement for dynamic updates

View parsed - Show only message text

Received: by 10.216.202.93 with SMTP id c71mr479746weo.3.1352364800913;
        Thu, 08 Nov 2012 00:53:20 -0800 (PST)
From: Dmitry Khromov <icechr...@gmail.com>
Newsgroups: linux.samba
Subject: Re: [Samba] Internal DNS - TTL enforcement for dynamic updates
Date: Thu, 01 Nov 2012 12:00:01 +0100
Message-ID: <k10Fb-66f-7@gated-at.bofh.it>
References: <k06CZ-4Ln-1@gated-at.bofh.it> <k0O1k-7FA-7@gated-at.bofh.it> <k0Y0G-36I-13@gated-at.bofh.it> <k0YDo-3Gq-11@gated-at.bofh.it> <k0YWJ-4ec-1@gated-at.bofh.it>
X-Original-To: Kai Blin <k...@samba.org>
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=date:from:to:cc:subject:message-id:in-reply-to:references:x-mailer
	:mime-version:content-type;
	bh=Lw9F6Z7FBDckW9UUbqI0TSzKvRmHSs1AUf6/Anet0hk=;
	b=j9+BVNbr1Z4ztZ+WC5X0VcVSSU5MkZPghhh2yLvTwbIYC/uxOSydwR+CInwgX2rMxP
	UxsPJEVcCORSh6wcxRBRnLzkTDjPMt4/5xAkN8VHtmsJOr4t2SZgDQjEJeUuQYE6BIu1
	H83Gs/1pk8Ysdn1LLmH47iT/SVud6KNQAT4/QIrNMHMQr+VKfuO0gqXjjp6ogdzeFL8a
	xurN2FzoDY/aNwxI1zO4hWUHembLLn135GgrTsgHxsZTV2YZCNDVy5zdTYggzhD/Zx9+
	kMfMNvdC+su76YYinat2GTXqIkQDxbMH0Vy0WI5/RJSlMCyOA6GjUtQh1W5xUW/Xcy66
	w+Cg==
X-Mailer: Sylpheed 3.2.0 (GTK+ 2.24.10; arm-unknown-linux-gnueabihf)
MIME-Version: 1.0
X-Content-Filtered-By: Mailman/MimeDel 2.1.13
List-ID: General questions regarding Samba <samba.lists.samba.org>
List-Archive: <http://lists.samba.org/pipermail/samba>
Sender: robo...@news.nic.it
Approved: robo...@news.nic.it
Lines: 60
Organization: linux.* mail to news gateway
X-Original-Cc: sa...@lists.samba.org
X-Original-Date: Thu, 1 Nov 2012 14:55:02 +0400
X-Original-Message-ID: <20121101145502.ac7a1a2433ce367b2cc5197a@gmail.com>
X-Original-References: <20121030030834.5c7101c8dfbf9916775af...@gmail.com>
	<20121101012554.7ea5f118dfe4037ada733...@gmail.com>
	<50922DCE.8010...@samba.org>
	<20121101124051.44a0fe5e3165f385f0562...@gmail.com>
	<50923B2C.9070...@samba.org>
X-Original-Sender: samba-boun...@lists.samba.org
Path: q13ni188348wii.0!nntp.google.com!feeder1.cambriumusenet.nl!feed.tweaknews.nl!94.232.116.13.MISMATCH!feed.xsnews.nl!border-3.ams.xsnews.nl!xlned.com!feeder1.xlned.com!newsfeed.xs4all.nl!newsfeed5.news.xs4all.nl!xs4all!newspeer1.nac.net!border4.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!news.mccarragher.com!news.grnet.gr!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!news.mixmin.net!newsfeed.x-privat.org!bofh.it!news.nic.it!robomod
Content-Type: multipart/mixed;
	boundary="Multipart=_Thu__1_Nov_2012_14_55_02_+0400_jpK+cIMvxzY.wRnH"

This is a multi-part message in MIME format.

--Multipart=_Thu__1_Nov_2012_14_55_02_+0400_jpK+cIMvxzY.wRnH
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

> > I expected Samba to behave like MS DNS server and replace the old
> > record with a new one.
> 
> Yes, that should work. If it doesn't work for you, you need to tell us
> some more details about your smb.conf and maybe provide a network
> capture of the failing DNS update.

# cat etc/smb.conf
# Global parameters
[global]
        workgroup = MK_KLIN
        realm = klin.kifato-mk.com
        netbios name = DC1
        interfaces = 192.168.1.24, 127.0.0.1
        bind interfaces only = Yes
        server role = active directory domain controller
        idmap_ldb:use rfc2307  = yes
        debug level = 1
        wins server = 192.168.1.31
        allow dns updates = secure only

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/klin.kifato-mk.com/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

PCAP-formatted dump is attached. According to the dump, Windows just doesn't try to send a signed update after receiveng TKEY. However, this host had succeded at least once today. Rebooted it, now no updates happen, but Samba started to say:
[2012/11/01 14:32:30,  1] ../source4/dns_server/dns_server.c:150(dns_process_send)
  Failed to verify TSIG!
Some background: we already had the same symptoms this week for most of our Windows hosts (and some Samba 3 based, too). Yesterday we had to delete the zone (it was somewhat dirty after years on Windows, e.g. MMC DNS said "Server couldn't load the zone" when you open it on Samba server) and rebuilt it from scratch. As a side effect those TSIG-related messages had gone and records had started to update (one time until deletion). Now it looks like nothing had actually changed.

> Again, we probably need a network capture to see what's
> going on with the DNS MMC failing to update the SOA record.

Attached (PCAP-formatted).

Thanks in advance.
-- 
Best regards,
Dmitry Khromov

--Multipart=_Thu__1_Nov_2012_14_55_02_+0400_jpK+cIMvxzY.wRnH
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
--Multipart=_Thu__1_Nov_2012_14_55_02_+0400_jpK+cIMvxzY.wRnH--

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google