Bug 11675 - DNS update failure on CNAME-constrained initial update
Summary: DNS update failure on CNAME-constrained initial update
Status: RESOLVED DUPLICATE of bug 11520
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DNS server (internal) (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-01-14 23:27 UTC by Andrew Bartlett
Modified: 2016-06-20 07:18 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2016-01-14 23:27:37 UTC 
A Windows client will first attempt to update the DNS server with an unsigned dynamic update, with a constraint that the CNAME record must not exist. 

The exact form of the update response is critical, the difference (additional records) between BIND and internal DNS is enough to make a Windows client fail to retry with a GSS-TSIG response.
Comment 1 Andrew Bartlett 2016-01-14 23:28:03 UTC 
I'm working on this for a client.
Comment 2 Stefan Metzmacher 2016-01-15 09:20:12 UTC 
(In reply to Andrew Bartlett from comment #1)

Does BIND or SAMBA generate the wrong response, or both?
Comment 3 Andrew Bartlett 2016-01-18 01:24:38 UTC 
Our initial diagnosis was that the BIND9 and Windows servers behaved the same, and that internal DNS had a different response.  However, we have had another customer raise a very similar issue with BIND9, so we will be looking into the whole area in detail, and most likely raising additional bugs.

We have some network traces (internally), and expect to take some more in that investigation stage.
Comment 4 Garming Sam 2016-06-20 07:18:48 UTC 
I think this should just be a dupe of bug 11520. Will reopen/open another bug if this isn't the case.

*** This bug has been marked as a duplicate of bug 11520 ***