Web lists-archives.com

[Samba] Are secure DNS updates truly working?

Hi team,

I recently upgrade some servers from v4.3.5 (affected by
https://bugzilla.samba.org/show_bug.cgi?id=11520 ) to v4.5.8 (default in
Debian Stretch) and was expecting secure DNS updates to be working again,
but they are not.

My logs show the same issues reported on bug 11520:

[2017/08/29 15:21:01.990467,  2]
  Got a dns update request.
[2017/08/29 15:21:01.990841,  2]
  Update not allowed for unsigned packet.
[2017/08/29 15:21:02.001791,  1]
  Tkey handshake completed

DNS records are not updated by Win7 clients and a Wireshark capture shows
Samba returns "Refused" to the request (I'm using Samba internal DNS).
Setting "allow dns updates = nonsecure" works fine, as before.

Can anyone confirm that this was indeed fixed? What else could be the
reason for the failures?


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba