Web lists-archives.com

Re: [Samba] Are secure DNS updates truly working?




On 8/29/2017 6:54 PM, George via samba wrote:
On Tue, Aug 29, 2017 at 6:55 PM, lingpanda101 <lingpanda101 at gmail.com >
wrote:

      I can confirm they work on 4.6.7. I do recall they have worked for
several prior versions as well. I can't seem to get PTR records to
register though.

The refused request doesn't necessarily mean it's not working. Windows
will send an un-secure request first, followed by a secure request if
required.


--
--
James


You are right with that, I was looking at the first unauthenticated
attempt. Still, the 2nd authenticated attempt fails. Wireshark reports
"Server failure" in this case, and Samba log as follows:

[2017/08/29 19:25:27.837126,  2]
../source4/dns_server/dns_update.c:773(dns_server_process_update)
   Got a dns update request.
[2017/08/29 19:25:27.837704,  1]
../source4/dns_server/dns_update.c:684(handle_updates)
   update count is 3
[2017/08/29 19:25:27.837734,  2]
../source4/dns_server/dns_update.c:389(handle_one_update)
   Looking at record:
[2017/08/29 19:25:27.837743,  2]
../source4/dns_server/dns_update.c:390(handle_one_update)
[2017/08/29 19:25:27.837748,  1] ../librpc/ndr/ndr.c:413(ndr_print_debug)
        discard_const(update): struct dns_res_rec
           name                     : 'foo.domain.com'
           rr_type                  : DNS_QTYPE_AAAA (0x1C)
           rr_class                 : DNS_QCLASS_ANY (0xFF)
           ttl                      : 0x00000000 (0)
           length                   : 0x0000 (0)
           rdata                    : union dns_rdata(case 0x1C)
           ipv6_record              : (null)
           unexpected               : DATA_BLOB length=0


Any ideas?

--
George

What you posted was a response to a IPv6 request (AAAA) record. What type of record are you attempting to register?

--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba