Bug 12451 - We set dwTimeStamp value of dnsRecord attributes is updated incorrectly
We set dwTimeStamp value of dnsRecord attributes is updated incorrectly
Status: REOPENED
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DNS server
4.5.1
All All
: P5 normal
: ---
Assigned To: Stefan Metzmacher
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-25 15:13 UTC by Stefan Metzmacher
Modified: 2019-08-01 13:17 UTC (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2016-11-25 15:13:06 UTC
Currently we mark dynamic dns updates as 'static' and rpc updates dynamic.
Comment 1 Louis 2019-05-03 06:51:17 UTC
Hai, the texts on the site : https://wiki.samba.org/index.php/Samba_4.9_Features_added/changed 

Suggests that this bug exists in older version, which suggests if fixed in newer samba version but its unclear if this is fixed or not since the bug report is still open. 

A small update is very appriciated?
Comment 2 Louis 2019-05-06 08:49:42 UTC
this bug is related to : 

https://bugzilla.samba.org/show_bug.cgi?id=13926 

due to these mismatches, DDNS updates might go wrong.
Comment 3 Stefan Metzmacher 2019-07-31 08:00:22 UTC
This got fixed as part of bug #10812 for 4.9.0
Comment 4 Alex MacCuish 2019-07-31 16:54:29 UTC
Is there a dbcheck for this yet? On my installation I'm still seeing some static updates marked as dynamic and some dynamic ones as static.
Comment 5 Stefan Metzmacher 2019-08-01 12:52:20 UTC
(In reply to Alex MacCuish from comment #4)

No not yet, that's the hard part :-(

It's not clear how dbcheck could detect records which should
be cleaned up.

One idea would be looking at the owner in the ntSecurityDescriptor
and if it's related to a computer account we could fix the
timestamp to the value of the dnsRecord stamp in replPropertyMetaData.
Comment 6 Stefan Metzmacher 2019-08-01 12:53:40 UTC
(In reply to Stefan Metzmacher from comment #5)

And all records not owned by a computer are static.
Comment 7 Stefan Metzmacher 2019-08-01 12:55:56 UTC
I'm reopening this for the missing dbcheck addition.
Comment 8 Alex MacCuish 2019-08-01 13:07:48 UTC
(In reply to Stefan Metzmacher from comment #5)

My main use will be for Apple devices joined to AD. They have an annoying habit of never deleting their IPv6 addresses (they frequently create new ones, privacy extensions etc), so some of my machines end up having hundreds of AAAA records.

Just checking through the ACLs on my DNS records, your idea of checking to see if the owner sid is a computer account looks pretty reasonable. Either that, or a command for samba-tool dns to allow an admin to manually correct the records :)

The only question is the DC SRV records. Are these meant to be static or dyanmic? They seem to be owned by "SYSTEM" but I have a mix of dynamic and static there, a newly promoted DC has set it's records as static, but other DCs have timestamps.
Comment 9 Stefan Metzmacher 2019-08-01 13:17:38 UTC
(In reply to Alex MacCuish from comment #8)

I think records owned by SYSTEM should be static, but we'd need to check
in a Windows domain.