Bug 9939 - samba_dnsupdate should re-add missing records from dns_update_list
samba_dnsupdate should re-add missing records from dns_update_list
Status: NEW
Product: Samba 4.0
Classification: Unclassified
Component: Tools
4.0.6
x64 Linux
: P5 enhancement
: ---
Assigned To: Amitay Isaacs
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-07 22:48 UTC by Marc Muehlfeld
Modified: 2015-12-07 00:15 UTC (History)
3 users (show)

See Also:


Attachments
Samba level 10 debug while running samba_dnsupdate (10.38 KB, application/octet-stream)
2013-06-27 15:56 UTC, Marc Muehlfeld
no flags Details
Bind debug level 10 log (212.35 KB, application/octet-stream)
2013-06-28 17:55 UTC, Marc Muehlfeld
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Muehlfeld 2013-06-07 22:48:31 UTC
If a user deletes an important AD DNS record, it would be good, if samba_dnsupdate could re-add it again.

For example I had deleted "_ldap._tcp.samdom.example.com". Then I run samba_dnsupdate. The command says it didn't find the entry (right). Later in the output it tries to update the not existing record what fails:

Looking for DNS entry SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389 as _ldap._tcp.samdom.example.com.
Failed to find DNS entry SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389
...
...
Calling nsupdate for SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389
Failed nsupdate: SRV _ldap._tcp.samdom.example.com dc1.samdom.example.com 389 : [Errno 2] No such file or directory
Failed update of 1 entries


It would be good, if the records from /usr/local/samba/private/dns_update_list would be re-added, if they don't exist any more. Or are there any concern?
Comment 1 Amitay Isaacs 2013-06-27 12:36:30 UTC
The script samba_dnsupdate is designed to add any missing entries back.

I tried deleting _ldap._tcp entry from DNS and when samba_dnsupdate runs, the entry is added back. So I'm not sure I understand what problem you are seeing.

This looks like nsupdate or DNS server issue rather than the problem with samba_dnsupdate script.

Are you running with Internal DNS server or BIND?
Comment 2 Marc Muehlfeld 2013-06-27 15:56:39 UTC
Created attachment 9003 [details]
Samba level 10 debug while running samba_dnsupdate

Hello Amitay,

here, after I e. g. deleted the _ldap._tcp entry, it wasn't recreated by samba_dnsupdate and the command printed the error I wrote in comment #1.

I'm using BIND 9.8.5-P1. But I switched temporary my two test DC to internal DNS, but the error is the same when I run samba_dnsupdate and the entry it isn't re-added.

Find attached a Samba level 10 debug log, that was captured, while I run samba_dnsupdate (this time with the internal DNS).

Anything else I can provide for debugging?
Comment 3 Amitay Isaacs 2013-06-28 07:50:53 UTC
Actually more useful would be DNS server logs.  Can you re-run this with BIND and paste BIND DLZ log?

You can run BIND in the foreground as /usr/sbin/named -u named -f -g.  If you are on debian based systems replace -u named with -u bind.

Also, how are you deleting the DNS entry _ldap._tcp?  Are you using samba-tool dns to delete it?
Comment 4 Marc Muehlfeld 2013-06-28 17:55:48 UTC
Created attachment 9004 [details]
Bind debug level 10 log

(In reply to comment #3)
> You can run BIND in the foreground as /usr/sbin/named -u named -f -g.  If you
> are on debian based systems replace -u named with -u bind.
>
> Also, how are you deleting the DNS entry _ldap._tcp?  Are you using samba-tool
> dns to delete it?

I added "-d 10" to the DLZ module and start named manually.

The attached named logfile contains the following:
- Deleting _ldap._tcp. via Windows 7 DNS MMC
- Run "samba_dnsupdate --verbose". ("Failed update of 1 entries")
- Delete _kerberos._tcp via 
  # samba-tool dns delete localhost samdom.example.com _kerberos._tcp.samdom.example.com SRV "dc1.samdom.example.com. 88 0 100"
- Run "samba_dnsupdate --verbose". ("Failed update of 2 entries")