> According to the dump, Windows just doesn't try to send a signed update after > receiveng TKEY. However, this host had succeded at least once today. Rebooted > it, now no updates happen, but Samba started to say: > [2012/11/01 14:32:30, 1] > ../source4/dns_server/dns_server.c:150(dns_process_send) > Failed to verify TSIG!
Things get even more interesting. Looks like in fact there are two problems. I have another two dumps, illustrating the original issue I was talking about. In dump 1 the host is just booted and the record from the previous boot exists. As you can see Samba says SERVFAIL. debug level = 1 says: [2012/11/01 23:59:44, 1] ../source4/dns_server/dns_query.c:501(handle_tkey) Tkey handshake completed [2012/11/01 23:59:48, 1] ../source4/dns_server/dns_update.c:672(handle_updates) update count is 3 [2012/11/01 23:59:48, 1] ../source4/dns_server/dns_update.c:672(handle_updates) update count is 3 [2012/11/01 23:59:48, 1] ../source4/dns_server/dns_update.c:672(handle_updates) update count is 3 [2012/11/01 23:59:48, 1] ../source4/dns_server/dns_update.c:672(handle_updates) update count is 3 In dump 2 I have just deleted the record. As you can see, only the first update succeeds, then - SERVFAIL again. P.S. Just in case you're suprised with the updates frequency - it's what we really have in production on "parking" subnets, as a workaround for the Windows 7 DHCPINFORM on non-authoritative subnets problem. -- Best regards, Dmitry Khromov
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba