Bug 13019 - Dynamic DNS updates with the internal DNS are not working
Summary: Dynamic DNS updates with the internal DNS are not working
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DNS server (internal) (show other bugs)
Version: 4.7.0rc3
Hardware: All All
: P5 major (vote)
Target Milestone: 4.7
Assignee: Jule Anger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks: 13605
  Show dependency treegraph
 
Reported: 2017-09-06 09:15 UTC by Andreas Schneider
Modified: 2024-08-15 12:13 UTC (History)
9 users (show)

See Also:


Attachments
Patches for v4-20-test (79.78 KB, text/plain)
2024-06-06 10:02 UTC, Stefan Metzmacher
abartlet: review+
metze: review? (slow)
Details
Patches for v4-19-test (79.80 KB, text/plain)
2024-06-06 10:03 UTC, Stefan Metzmacher
abartlet: review+
metze: review? (slow)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2017-09-06 09:15:27 UTC
Dynamic DNS updates with the internal DNS are not working in master and 4.7.

[2017/09/06 11:03:50.958794,  1, pid=17121, effective(0, 0), real(0, 0)] ../auth/kerberos/gssapi_helper.c:388(gssapi_check_packet)
  GSS VerifyMic failed: A token had an invalid Message Integrity Check (MIC): Success
[2017/09/06 11:03:50.958805,  0, pid=17121, effective(0, 0), real(0, 0)] ../source4/auth/gensec/gensec_gssapi.c:1344(gensec_gssapi_check_packet)
  gssapi_check_packet(hdr_signing=0,sig_size=28,data=124,pdu=124) failed: NT_STATUS_ACCESS_DENIED

Reproducer:
Provision an AD DC with internal DNS
samba_dnsupdate --verbose --all-names
Comment 1 Andrew Bartlett 2017-09-06 09:49:43 UTC
How was this not picked up by the dns_tkey tests, or the samba_dnsupdate tests?

What do we need to extend those tests to do?
Comment 2 Andrew Bartlett 2017-09-06 09:50:24 UTC
Marking as blocking 4.7 until triaged.
Comment 3 Andreas Schneider 2017-09-06 11:44:35 UTC
I dunno. Do we run:

samba_dnsupdate --verbose --all-names

I don't think so because it looks for the current interfaces and ip addresses of it ...
Comment 4 Björn Baumbach 2017-09-06 14:00:58 UTC
I've just tried this on a Debian Stretch with a 4.7.0rc5 build, which uses Samba's Heimdal.

All records were created successfully (besides the tsig verify failures).
Comment 5 Andreas Schneider 2017-09-06 19:18:57 UTC
I also get this with:


HEAD is now at 07bb954d929... VERSION: Bump version up to 4.5.0pre1


Seems like the MIC verification is broken since quite some time or the issue is with nssupdate which we really should get rid of.
Comment 6 Andrew Bartlett 2017-09-06 19:53:09 UTC
BTW, Bug 11520 tracks the previous failure up to 4.5.
Comment 7 Andreas Schneider 2017-09-07 08:23:07 UTC
I've tested the fixes from bug #11520. I guess it is a change in nsupdate or nsupdate is broken?
Comment 8 Andrew Bartlett 2017-09-09 19:05:26 UTC
Removing the regression flag, as this clearly isn't a regression.
Comment 9 (mail address dead) 2017-11-08 15:27:02 UTC
It's also not working in 
- 4.5.14-SerNet-Ubuntu-17.trusty
- 4.6.9-SerNet-Ubuntu-12.trusty
Comment 10 Samba QA Contact 2024-06-06 03:19:06 UTC
This bug was referenced in samba master:

ae23d512a724650ae2de1178ac43deff8266aa56
c594cbad4af97031bb7b5b0eb2fb228b00acf646
c741d0f3969abe821e8ee2a10f848159eb2749fe
ce591464cb12ab00a5d5752a7cea5f909c3c3f1b
6e997f93d53ac45af79aec030bad73f51bdc5629
f8dfa9b33bdedffbe2e3b6e229ffae4beb3c712e
cd747307d845f3cff723a7916aeeb31458f19202
27d92fa808c6617353c36fdb230504e880f4925b
1b1e7e06cf6ebd283de73c351267d53b42663d2f
b0af60e7850e656ef98edeac657c66b853080dab
740bda87a80b97816d892e8f7aae28759f6916ec
3c7cb85eaf8371be55a371601cc354440dab7a94
b9b03ca503c43c7ee06df6c331839bd47f9eac8c
de4ed363d378f2065a4634f94af80ea0e3965c96
8324d0739dfdd0a081c403e298a9038ee7df681f
848318338b2972f331e067bf1c8d6c7dac0748c8
88457da00d4110b419f7a7ccabcd542fa77e463f
753428a3b6c488c4aacea04d2ddb9ea73244695a
708a6fae6978e1462e1a53f4ee08f11b51a5637a
a56627b0d125ef7b456bebe307087f324f1f0422
fa0f23e69eaf4f475bc9dc9aa0e23c7bd5208250
3467d1491490830d61d16cb6278051daf48466fc
bd0235cd515d5602ed9501bfc810a2487364ea10
ae7538af04435658d2ba6dcab109beecb6c5f13e
5906ed94f2c5c68e83c63e7c201534eeb323cfe7
db350bc573b378fb0615bdd8592cc9c62f6db146
76fec2668e73b9d15447abee551d5c04148aaf27
ed61c57e02309b738e73fb12877a0a565b627724
Comment 11 Stefan Metzmacher 2024-06-06 10:02:52 UTC
Created attachment 18329 [details]
Patches for v4-20-test
Comment 12 Stefan Metzmacher 2024-06-06 10:03:17 UTC
Created attachment 18330 [details]
Patches for v4-19-test
Comment 13 Jule Anger 2024-06-18 07:20:47 UTC
Pushed to autobuild-v4-{20,19}-test.
Comment 14 Samba QA Contact 2024-06-18 08:34:05 UTC
This bug was referenced in samba v4-20-test:

19fc5bb6b9d75ddb1b031817c7ee7688d7ca587f
3bd80a2545a57b88e58cedf5f9d7281fef15b361
c00749edb35115e111739473d7db57f33bff55a3
f7f0518b46a9d5c26fc6a362105c463bc6865817
9cfc2e24331139dd4f8a4d2feb3bf335bd8cb049
12d4e452410f29cb23e130ddeaf44592ba98b7b2
e58fe908371c46b9e0e4518e7f9614ac796a584a
85784854629c406f23cc46f075012696b59b392c
da7c313740d01f85c1c2f4e0c6bdecaa5bedbbfa
c7a936ecd2723440f46eb1423135fcb391164943
501a25a1f07dc71699ae9610010b13d05d652573
6438249cf1e52375c343f61dce8100cba614997e
7dabac46b5ac13949c450424d54f8cf4b39733e0
fdfd4e8adcee923909a0dc64cce5c867fb6c2a23
bda80382eb5f501eda1764c57832c8a386490427
ff0afdd1b056d26af785fc34209eded06615c9a4
5a98bc50263c03a8302587f8f5e6baf62e1234b5
9137bb66ab48d1220d88537c9a403a376439da28
a7f3293ddf764aa370db0147e245d73b687f29e4
ed8ef00c297026350ea79e79248f2b9a0eaabe6b
6e395cabf38b6ad42fbdcb56e72f08940cb070f3
7ddd758da50cc04a527061209c2f809b66b56f1f
299818567ea8238a791942428bcf9887e9738ac8
3b36f447040d28bfc6494e84edbf98f947cba2a3
f663b386156afec4a8d8bd5f99b5ffe7f365f144
fdd61d60caa96ca585f94916873a3485de1acf5b
89817ed2165320185d7254872a5c875cb04f12d1
df54d3fdda9cf9ad526c25fa13bca2daf75df356
Comment 15 Samba QA Contact 2024-06-19 14:34:26 UTC
This bug was referenced in samba v4-20-stable (Release samba-4.20.2):

19fc5bb6b9d75ddb1b031817c7ee7688d7ca587f
3bd80a2545a57b88e58cedf5f9d7281fef15b361
c00749edb35115e111739473d7db57f33bff55a3
f7f0518b46a9d5c26fc6a362105c463bc6865817
9cfc2e24331139dd4f8a4d2feb3bf335bd8cb049
12d4e452410f29cb23e130ddeaf44592ba98b7b2
e58fe908371c46b9e0e4518e7f9614ac796a584a
85784854629c406f23cc46f075012696b59b392c
da7c313740d01f85c1c2f4e0c6bdecaa5bedbbfa
c7a936ecd2723440f46eb1423135fcb391164943
501a25a1f07dc71699ae9610010b13d05d652573
6438249cf1e52375c343f61dce8100cba614997e
7dabac46b5ac13949c450424d54f8cf4b39733e0
fdfd4e8adcee923909a0dc64cce5c867fb6c2a23
bda80382eb5f501eda1764c57832c8a386490427
ff0afdd1b056d26af785fc34209eded06615c9a4
5a98bc50263c03a8302587f8f5e6baf62e1234b5
9137bb66ab48d1220d88537c9a403a376439da28
a7f3293ddf764aa370db0147e245d73b687f29e4
ed8ef00c297026350ea79e79248f2b9a0eaabe6b
6e395cabf38b6ad42fbdcb56e72f08940cb070f3
7ddd758da50cc04a527061209c2f809b66b56f1f
299818567ea8238a791942428bcf9887e9738ac8
3b36f447040d28bfc6494e84edbf98f947cba2a3
f663b386156afec4a8d8bd5f99b5ffe7f365f144
fdd61d60caa96ca585f94916873a3485de1acf5b
89817ed2165320185d7254872a5c875cb04f12d1
df54d3fdda9cf9ad526c25fa13bca2daf75df356
Comment 16 Samba QA Contact 2024-07-03 09:57:05 UTC
This bug was referenced in samba v4-19-test:

1c807412b88e5c2a125f4860ece0488a3d9f7c1e
1800543b0adc9027c6d6420c08344334ad0fefa5
313ca15a84576f8b877d2673bba9560bb068a058
606b7034f5d5ee45285e50534184c654245c8ad0
fdac589752ef86cca11b6569ae5a30978d5fda7e
b1222378a29974109c2b20623770b93a93a8e726
a086e96f2692a313b97ce37c781ea97ff5c15d84
48be174b0216adc1de4aaa1a29ed7210189c1223
2741574e32f839eec1f3fdb582817492050ae055
16c21888ea4c2d5d9d77374cb05efdad622a984f
e120078e2c3bea0435f8435e7b00ec8e31a0fbb6
f984b281c5fbe06328cc758a870baed175b46796
eb18b228d1b2994c205592963b30c6a55ab6538c
4bc0619b1e2a529881691e28b8efabe0e56abd21
4d4b39c102d3f4114343559644d3fd589ce0c69e
0ee7660ffe56a6da590bf655b00948fb8bdc4db3
e50968ed096920a7794993db968ef9dfa7db11ae
d5c6276f5342a1b4d7f004157b45f2f81335805f
4a7d14efe475459f7ff1b84d1bdaab2baff5e104
662c467566638ed6b4ac56beaa71bcd396c82501
234503e23759a8984bac63826e0104788473bbdb
cbf10a68e1c1b67cab3d5862461075d28ae176bf
7a457c6813d35c6a5c21df474b32bd9b24bb94d4
288744a74b5bbc99c40c6a66eda58efde6545d7d
c7188e1746422ea97c316a130c61962e9b187e7b
6d3d87babdc8bfa72ee30f7b102155b49ba24748
c29dc6e79b031c6e807d64b04f2061a558b80ef1
fd58608723f9f76dc3d80d16d88d865aba916e59
Comment 17 Jule Anger 2024-07-03 10:03:35 UTC
Closing out bug report.

Thanks!
Comment 18 Samba QA Contact 2024-08-15 12:13:54 UTC
This bug was referenced in samba v4-19-stable (Release samba-4.19.8):

1c807412b88e5c2a125f4860ece0488a3d9f7c1e
1800543b0adc9027c6d6420c08344334ad0fefa5
313ca15a84576f8b877d2673bba9560bb068a058
606b7034f5d5ee45285e50534184c654245c8ad0
fdac589752ef86cca11b6569ae5a30978d5fda7e
b1222378a29974109c2b20623770b93a93a8e726
a086e96f2692a313b97ce37c781ea97ff5c15d84
48be174b0216adc1de4aaa1a29ed7210189c1223
2741574e32f839eec1f3fdb582817492050ae055
16c21888ea4c2d5d9d77374cb05efdad622a984f
e120078e2c3bea0435f8435e7b00ec8e31a0fbb6
f984b281c5fbe06328cc758a870baed175b46796
eb18b228d1b2994c205592963b30c6a55ab6538c
4bc0619b1e2a529881691e28b8efabe0e56abd21
4d4b39c102d3f4114343559644d3fd589ce0c69e
0ee7660ffe56a6da590bf655b00948fb8bdc4db3
e50968ed096920a7794993db968ef9dfa7db11ae
d5c6276f5342a1b4d7f004157b45f2f81335805f
4a7d14efe475459f7ff1b84d1bdaab2baff5e104
662c467566638ed6b4ac56beaa71bcd396c82501
234503e23759a8984bac63826e0104788473bbdb
cbf10a68e1c1b67cab3d5862461075d28ae176bf
7a457c6813d35c6a5c21df474b32bd9b24bb94d4
288744a74b5bbc99c40c6a66eda58efde6545d7d
c7188e1746422ea97c316a130c61962e9b187e7b
6d3d87babdc8bfa72ee30f7b102155b49ba24748
c29dc6e79b031c6e807d64b04f2061a558b80ef1
fd58608723f9f76dc3d80d16d88d865aba916e59