13502 – Can't update DNS entry from RODC

Bug 13502 - Can't update DNS entry from RODC

Summary: Can't update DNS entry from RODC

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	DNS server (internal) (show other bugs)
Version:	4.7.4
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Kai Blin
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-07-02 12:51 UTC by Jean-Sébastien Bevilacqua
Modified:	2020-03-11 09:49 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Error log 1 (6.63 KB, text/x-log) 2018-07-02 12:51 UTC, Jean-Sébastien Bevilacqua	no flags	Details
Error log 2 (4.71 KB, text/x-log) 2018-07-02 12:52 UTC, Jean-Sébastien Bevilacqua	no flags	Details
Succession of calls to samba_dnsupdate, showing non-updates entries (18.97 KB, text/plain) 2018-10-10 14:06 UTC, Julien ROPÉ	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jean-Sébastien Bevilacqua 2018-07-02 12:51:55 UTC

Created attachment 14268 [details]
Error log 1

Hello,

When I try to update DNS entries from my RODC, I got error (in my_rodc_error.log attachment).
Moreover, my client tried to do the same and he got another error (client_rodc_error.log).

That's strange because if you manually add the DNS entry, it works well.

Sincerely,
Jean-Sébastien BEVILACQUA

Comment 1 Jean-Sébastien Bevilacqua 2018-07-02 12:52:15 UTC

Created attachment 14269 [details]
Error log 2

Comment 2 Julien ROPÉ 2018-10-10 14:06:27 UTC

Created attachment 14526 [details]
Succession of calls to samba_dnsupdate, showing non-updates entries


 Hi,

 I am working on this issue, and found the following :

 Environment:
  Domain: mondomaine.lan
  Sites:
  - Default-First-Site-Name (associated to subnet 192.168.56.0/24)
  - Secondary (associated to subnet 192.168.57.0/24)
  Domain controllers:
  - sambarwdc - DC - on site "Default-First-Site-Name"
  - sambarodc - RODC - on site "Secondary"


 After joining the domain as an RODC, when I run the "samba_dnsupdate" command, the RODC makes the "failed DNS update" errors reported above, associated to a timeout error.
 But if you check those entries (using "host -t SRV [entry]"), they will actually be found.

 Yet if you call "samba_dnsupdate" again, there are two entries that keep being updated - and this is repeatable each time you run the command.
 Those are
  _gc._tcp.Secondary._sites.mondomaine.lan
 _ldap._tcp.Secondary._sites.gc._msdcs.mondomaine.lan

 Testing those two entries show that they are effectively not registered in the DNS.

 The log attached shows the following sequence:
 - samba_dnsupdate right after joining as an RODC
 - several new calls to show the same entries being updated
 - verifying the entries are not found using "host -t SRV"

 I feel that the initial failure due to Timeout are actually not a bug - maybe the timeout is too short, but apparently the update succeeds in the end, so it's not really an issue.
 Now for the two entries that keeps being updated - even though no error are shown when we update them - this is a concern.

 Why are those updates failing? Is there something we can do to fix that, or is it a bug?

 Any advice is welcome to troubleshoot this.

 Regards,
 Julien