Web lists-archives.com

Re: [Samba] Samba, AD, 'short' name resolving...




On Fri, 15 Jun 2018 11:47:22 +0200
"L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx> wrote:

> Im wondering why your log below shows this order, i just noticed. 
> 
> Why is the computer tring to set the A records 2 x. 
> Lines 1-13, show a successfull commit of the A/AAAA records. 
> ( TSIG key ok ) 

It is a bit more than that, if you look closely, everything is
duplicated except the last line. Why it is doing this, I have no idea.

If you split up the last portion, you get this:

Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: starting transaction on zone ad.fvg.lnf.it
Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: cancelling transaction on zone ad.fvg.lnf.it
Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: starting transaction on zone ad.fvg.lnf.it
Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: allowing update of signer=ALBERT\$\@AD.FVG.LNF.IT name=ALBERT.ad.fvg.lnf.it tcpaddr= type=AAAA key=1628-ms-7.213-4064bc3.c1816194-6fb1-11e8-5eb7-3464a91c1e49/160/0
Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: allowing update of signer=ALBERT\$\@AD.FVG.LNF.IT name=ALBERT.ad.fvg.lnf.it tcpaddr= type=A key=1628-ms-7.213-4064bc3.c1816194-6fb1-11e8-5eb7-3464a91c1e49/160/0
Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: allowing update of signer=ALBERT\$\@AD.FVG.LNF.IT name=ALBERT.ad.fvg.lnf.it tcpaddr= type=A key=1628-ms-7.213-4064bc3.c1816194-6fb1-11e8-5eb7-3464a91c1e49/160/0
Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: subtracted rdataset ALBERT.ad.fvg.lnf.it 'ALBERT.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.64'
Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: added rdataset ALBERT.ad.fvg.lnf.it 'ALBERT.ad.fvg.lnf.it.#0111200#011IN#011A#01110.5.2.64'
Jun 15 05:48:40 vdcsv2 named[6494]: samba_dlz: committed transaction on zone ad.fvg.lnf.it

######

Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#57791: update 'ad.fvg.lnf.it/IN' denied
Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#50303/key ALBERT\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'ALBERT.ad.fvg.lnf.it' AAAA
Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#50303/key ALBERT\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': deleting rrset at 'ALBERT.ad.fvg.lnf.it' A
Jun 15 05:48:40 vdcsv2 named[6494]: client 10.5.2.64#50303/key ALBERT\$\@AD.FVG.LNF.IT: updating zone 'ad.fvg.lnf.it/NONE': adding an RR at 'ALBERT.ad.fvg.lnf.it' A
Jun 15 05:48:45 vdcsv2 named[6494]: client 10.5.2.64#50303: request has invalid signature: TSIG 1628-ms-7.213-4064bc3.c1816194-6fb1-11e8-5eb7-3464a91c1e49 (ALBERT\$\@AD.FVG.LNF.IT): tsig verify failure (BADSIG)

I think the first part is dnsupdate doing the update and the second
part is the client trying to update its own record and failing.
Just what is telling 'dnsupdate' to update the records ??

> 
> Where is the reverse zone? 
> 

There doesn't seem to be one.

Rowland
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba