Bug 9831 - samba_dnsupdate does not remove IP's that no longer exist
Summary: samba_dnsupdate does not remove IP's that no longer exist
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.0.3
Hardware: x64 Linux
: P5 major (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks: 10810 10077 10749
  Show dependency treegraph
 
Reported: 2013-04-27 11:22 UTC by Steve Thompson
Modified: 2021-05-24 08:28 UTC (History)
3 users (show)

See Also:


Attachments
Untested patches for master (23.13 KB, patch)
2014-07-07 22:12 UTC, Stefan Metzmacher
no flags Details
Temporary patches for v4-1-test (23.17 KB, patch)
2014-07-08 17:42 UTC, Stefan Metzmacher
no flags Details
Untested patches for master (41.83 KB, patch)
2014-07-21 15:15 UTC, Stefan Metzmacher
no flags Details
Patches for v4-1-test (43.62 KB, patch)
2014-09-01 10:30 UTC, Stefan Metzmacher
metze: review?
abartlet: review+
metze: review? (kai)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Steve Thompson 2013-04-27 11:22:44 UTC
Using Samba4 4.0.5 with bind 9.9+dlz. When an IP address appears on a DC's interface (including loopback), the IP is added to the DNS server such that an nslookup or dig of realm.domain.org or dc.realm.domain.org returns that IP address as a valid result, by the actions of samba_dnsupdate. When that IP address is subsequently removed, the DNS entry remains and is not deleted. I would have expected that (1) IP addresses on a loopback interface would not be added to the DNS, and (2) samba_dnsupdate would remove IP addresses that it has previously added when that IP address is no longer present. One has to use
nsupdate to manually clean up; before this, any clients bound to this DC may get authentication failures according to which IP address they choose to use.
Comment 1 Stefan Metzmacher 2014-07-07 10:48:45 UTC
My work in progress can be found here:
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-dns
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=574269449d0cb4dee1bdd

The remaining problem is the DNS delegation for the toplevel
NS records...
Comment 2 Stefan Metzmacher 2014-07-07 22:12:16 UTC
Created attachment 10078 [details]
Untested patches for master

Can someone please test this patches?
Comment 3 Stefan Metzmacher 2014-07-08 17:42:23 UTC
Created attachment 10092 [details]
Temporary patches for v4-1-test

Once I got the master patches tested and pushed
I can upload the patches with cherry-pick -x information,
but the content will be the same so this can be reviewed now.
Comment 4 Andrew Bartlett 2014-07-09 04:41:56 UTC
(In reply to comment #3)
> Created attachment 10092 [details]
> Temporary patches for v4-1-test
> 
> Once I got the master patches tested and pushed
> I can upload the patches with cherry-pick -x information,
> but the content will be the same so this can be reviewed now.

I like the idea very much, but have not had the time to examine them and their behaviour properly.

Sorry,

Andrew Bartlett
Comment 5 Stefan Metzmacher 2014-07-09 08:03:14 UTC
Comment on attachment 10092 [details]
Temporary patches for v4-1-test

No problem. I guess the patches still need more work, as they failed autobuild for me a few times....
Comment 6 Stefan Metzmacher 2014-07-21 15:15:45 UTC
Created attachment 10136 [details]
Untested patches for master

These patches pass autobuild now, but they're not tested in a real environment.
Comment 7 Stefan Metzmacher 2014-09-01 10:30:28 UTC
Created attachment 10245 [details]
Patches for v4-1-test
Comment 8 Karolin Seeger 2014-09-05 18:31:49 UTC
Pushed to autobuild-v4-1-test.
Comment 9 Karolin Seeger 2014-09-08 18:54:59 UTC
Pushed to v4-1-test (included in 4.1.12).
Closing out bug report.

Thanks!