Bug 607 - "dns proxy" seems broken
"dns proxy" seems broken
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: nmbd
3.0.2a
All Linux
: P2 normal
: none
Assigned To: Jeremy Allison
:
Depends on:
Blocks: 807
  Show dependency treegraph
 
Reported: 2003-10-13 05:23 UTC by Daniel Beschorner
Modified: 2005-01-20 11:28 UTC (History)
1 user (show)

See Also:


Attachments
Patch I've appied. (989 bytes, patch)
2004-06-28 17:51 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Beschorner 2003-10-13 05:23:57 UTC
the "dns proxy" functionality, enabled per default, seems not to work.
Comment 1 Gerald (Jerry) Carter 2004-03-05 09:55:07 UTC
I tried to reproduce this on the current 3.0o cvs tree 
and everythings works ok.  Working on getting more 
information from a bug report on the samba ml.
Comment 2 Andrew Bartlett 2004-03-05 17:23:46 UTC
I can't reproduce this on Samba 3.0.3pre1 (CVS).  
Comment 3 Daniel Beschorner 2004-03-06 10:09:52 UTC
I tested it right now on my old NT4 system with 3.0.2a.

"ping SERVER" works.
but a "\\SERVER" command to see the list of shares fails ("SERVER not found").
Maybe the dns proxy doesn't serve the necessary WINS types??
Our workaround is to enable the "use DNS for windows name resolution" checkbox.
Comment 4 Gerald (Jerry) Carter 2004-03-06 12:22:06 UTC
are reports are that this working correctly.  
Closing the report.
Comment 5 Daniel Beschorner 2004-03-06 17:02:24 UTC
The behaviour definitly changed from 2.2.
Suddenly (and still) I can't use shares from servers outside my wins reach.
In 2.2 they were resolved per dns proxy.
I don't talk about name resolution in general (ping works), but \\server works 
different than 2.2, it throws an error.
It's not a critical issue, I can live without it, but I don't think it is 
working correctly.
Comment 6 Gerald (Jerry) Carter 2004-03-07 04:47:42 UTC
None of the tsting by Samba developers points to 
'dns proxy' being broken.  I would recommend 
that you look at a network trace from the client 
and see why the name resolution is failing.

If you can prove that 'dns proxy' is not working as 
expected, please feel free to reopen thus report.
Comment 7 Daniel Beschorner 2004-03-07 12:07:51 UTC
confirmed!
After a nmbd restart it works.
Don't ask me why, the underlying dns resolver system wasn't changed during nmbd 
run time.
I will keep an eye on this and track more data if it happens again.
Thanks anyway!
Comment 8 Daniel Beschorner 2004-03-09 07:37:47 UTC
after some runtime of nmbd it fails again, next restart cures it
Comment 9 Gerald (Jerry) Carter 2004-03-12 11:48:30 UTC
From Dimitry:

I just found why dns proxy doesn't work in samba 3.

It do dns lookup for first time and then caches value 
with some TTL.  Than it checks for name in cache first.
But, when TTL is expired nmbd doesn't delete name from 
cache!  This is why dns proxy doesn't work.   don't know 
how this cache machanism works and have no enough time to 
learn :-(  So, I just did quick hack- if nmbd finds that 
name is expired it tries to resolve it with dns.

diff nmbd_winsserver.c.orig nmbd_winsserver.c

1489a1490,1497
>                       if(lp_dns_proxy() && ((question->name_type == 0x20) ||
question->name_type == 0)) {
>                               DEBUG(3,("wins_process_name_query: name query
for name %s is expired - doing dns lookup.\n",
>                               nmb_namestr(question) ));
>
>                               queue_dns_query(p, question, &namerec);
>                               return;
>                       }
>

Certanly, this is not right way, but this works for me.
Comment 10 Jeff Gerard 2004-06-24 06:59:29 UTC
Is there any plan to fix this problem in any future release of Samba?  I 
installed FC2 which was prepackaged with Samba 3.0.4 and ran into this 
problem.  I pulled my hair out trying to figure out what was happening.  I 
uninstalled 3.0.4 and tried 3.0.5 and the problem still exists.

What I did find out is that it takes 2 hours (ttl=7200) for the problem to 
crop up.  If I restart smbd/nmbd and try to ping certain addresses from a 
windows workstation, (using ns-updates in my example) nmbd logs the initial 
dns lookup with a ttl of 7200 and after the 2 hours expires, I see this in my 
logs: (ignore timestamps as I have had to patch log info together)

[2004/06/23 13:55:57, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request
(1485)
  wins_process_name_query: name query for name NS-UPDATES<00> from IP 
10.239.10.38
[2004/06/23 13:55:57, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request
(1531)
  wins_process_name_query: name query for name NS-UPDATES<00> - name expired. 
Returning fail.

The original entry would have looked similar to this:

[2004/06/23 13:56:49, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request
(1485)
  wins_process_name_query: name query for name NS-UPDATES<00> from IP 
10.239.10.38
[2004/06/23 13:56:49, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request
(1549)
  wins_process_name_query: name query for name NS-UPDATES<00> not found - 
doing dns lookup.
[2004/06/23 13:56:49, 3] nmbd/asyncdns.c:queue_dns_query(308)
  added DNS query for NS-UPDATES<00>
[2004/06/23 13:56:49, 3] nmbd/asyncdns.c:add_dns_result(43)
  add_dns_result: DNS gave answer for NS-UPDATES of 10.3.9.100
[2004/06/23 13:56:49, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(236)
  add_name_to_subnet: Added netbios name NS-UPDATES<00> with first IP 
10.3.9.100 ttl=7200 nb_flags= 4 to subnet WINS_SERVER_SUBNET
Comment 11 Jeff Gerard 2004-06-25 11:52:05 UTC
fyi, using the "hack" that Dimitry posted, and some slight modifications, I 
was able to workaround this problem.

I added the following (in nmbd_winsserver.c - Samba 3.0.4):

		if(lp_dns_proxy() && (namerec->data.death_time != 
PERMANENT_TTL) && (namerec->data.death_time < p->timestamp) && ((question-
>name_type == 0x20) || question->name_type == 0)) {
			DEBUG(3,("wins_process_name_query: name query for name 
%s is expired - doing dns lookup.\n",
					nmb_namestr(question) ));

			queue_dns_query(p, question, &namerec);
			return;
		}


right above:

		if( (namerec->data.death_time != PERMANENT_TTL) && (namerec-
>data.death_time < p->timestamp) ) {
			DEBUG(3,("wins_process_name_query: name query for name 
%s - name expired. Returning fail.\n",
					nmb_namestr(question) ));
			send_wins_name_query_response(NAM_ERR, p, namerec);
			return;
		}

If I used Dimitry's idea, every lookup that would normally have generated a 
ttl of 7200 would have been looked up each and every time.  The way I did this 
above (which I'm sure is not an optimal solution) the lookup gets cached for 
7200 seconds then when it expires, gets looked up again and cached for another 
7200 seconds.
Comment 12 Jeremy Allison 2004-06-28 17:51:29 UTC
Created attachment 549 [details]
Patch I've appied.

This should fix it - please re-open if not.
Jeremy.
Comment 13 Jeff Gerard 2004-10-12 07:20:56 UTC
It appears the patch by Jeremy works on <=3.0.5.  The patch fails on 3.0.6 and 
3.0.7

#cd samba-3.0.6/source
#patch -p0 <../../winspatch2 
patching file nmbd/nmbd_winsserver.c
Reversed (or previously applied) patch detected!  Assume -R? [n] n
Apply anyway? [n] n
Skipping patch.
1 out of 1 hunk ignored -- saving rejects to file nmbd/nmbd_winsserver.c.rej

With our without the patch on >= 3.0.6 the 2 hour problem returns.
Comment 14 Jeremy Allison 2004-10-15 10:56:12 UTC
This message when you try and apply to 3.0.6 and above :

atching file nmbd/nmbd_winsserver.c
Reversed (or previously applied) patch detected!  Assume -R? [n] n
Apply anyway? [n] n

Means the patch is already included in that release. That's why you
can't re-apply it.

If this is still failing for you on 3.0.7 and above can you attach a capture
file or log showing the name lookup failing and a dump of your wins db.

Jeremy.
Comment 15 Gerald (Jerry) Carter 2004-10-25 10:50:14 UTC
FIxed in 3.0.6.  Reopen if that is not the case.
Comment 16 Daniel Beschorner 2004-10-26 01:16:16 UTC
It works in 3.0.7.
Comment 17 Jeff Gerard 2004-10-27 09:07:01 UTC
I apologize.  I recompiled 3.0.7 and I can confirm that it does indeed work.

Sorry again.
Jeff Gerard