The Samba-Bugzilla – Bug 12464
NXDOMAIN not returned from forwarded query
Last modified: 2016-12-14 17:08:50 UTC
When the samba internal DNS server forwards a query to an external DNS server the internal server does not return NXDOMAIN when it should. It returns "No answer"
Using the internal DNS with forwarder:
*** Can't find beef.burger: No answer
Using the external DNS server directly:
> server 220.127.116.11
Default server: 18.104.22.168
** server can't find beef.burger: NXDOMAIN
smb.conf reporduced below.
netbios name = REALM
realm = REALM.COM
workgroup = REALM
dns forwarder = 22.214.171.124
server role = active directory domain controller
path = /usr/local/samba/var/locks/sysvol/relam.com/scripts
read only = No
path = /usr/local/samba/var/locks/sysvol
read only = No
Absolutely correct. Looks like we drop on the floor any forwarder reply that doesn't contain reply records. Let me look into the code here..
Hm, on a first glance over the code, we should be setting state->dns_err for forwarded calls the same was as we set errors for internal lookups, where we certainly handle NXDOMAIN correctly.
That said, I don't think the current DNS tests test the forwarder code path.
Yes, that's how to return the error. However I'm looking at how to return that
up the stack correctly but still return the authority and additional resource records, as bind seems to do. If we just set a werr on the tevent_req then it's treated as a call fail and won't return.
Should have a patch to look at sometime soon(ish). Then I'll work on adding a test for this.