samba_dnsupdate: honor 'dns zone scavenging' option, only update if needed

Since scavenging is implemented the samba_dnsupdate command always updates all
dns records required by the dc. This is not needed if dns zone scavenging
is not enabled.

This avoids the repeating TSIG error messages:

 # samba_dnsupdate --option='dns zone scavenging = yes' 2>&1 | uniq -c
     29 ; TSIG error with server: tsig verify failure
      1 Failed update of 29 entries
 # echo ${PIPESTATUS[0]}
 29

 # samba_dnsupdate --option='dns zone scavenging = no' 2>&1 | uniq -c
 # echo ${PIPESTATUS[0]}
 0

Note that this results in about 60 lines in the log file,
which triggered every 10 minutes ("dnsupdate:name interval=600" is the default).

This restores the behavior before 8ef42d4dab4dfaf5ad225b33f7748914f14dcd8c,
if "dns zone scavenging" is not switched on (which is still the default).

Avoiding the message from happening at all is subject for more debugging,
most likely they are caused by bugs in 'nsupdate -g' (from the bind package).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13605

Pair-programmed-with: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/selftest/knownfail.d/dns b/selftest/knownfail.d/dns
index 99b0f1d63a08e785414e3ac4afbea170f5f071b7..a5176654cc2889efb499ff4d34d2989a9d041461 100644 (file)
--- a/selftest/knownfail.d/dns
+++ b/selftest/knownfail.d/dns
@@ -69,5 +69,3 @@ samba.tests.dns.__main__.TestSimpleQueries.test_qtype_all_query\(rodc:local\)
 
 # The SOA override should not pass against the RODC, it must not overstamp
 samba.tests.dns.__main__.TestSimpleQueries.test_one_SOA_query\(rodc:local\)
-.*samba.tests.blackbox.samba_dnsupdate.SambaDnsUpdateTests.test_samba_dnsupate_set_ip
-.*samba.tests.blackbox.samba_dnsupdate.SambaDnsUpdateTests.test_samba_dnsupate_no_change

diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
index 071cebee7eea0358463e0674f28b765ef36b0dc7..fda3beb631bdaee35720754986a52ad16e50ffb0 100755 (executable)
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -102,6 +102,8 @@ else:
 
 nsupdate_cmd = lp.get('nsupdate command')
 
+dns_zone_scavenging = lp.get("dns zone scavenging")
+
 if len(IPs) == 0:
     print "No IP interfaces - skipping DNS updates"
     sys.exit(0)
@@ -847,7 +849,18 @@ for d in dns_list:
         rebuild_cache = True
         if opts.verbose:
             print "need cache add: %s" % d
-    update_list.append(d)
+    if dns_zone_scavenging:
+        update_list.append(d)
+        if opts.verbose:
+            print "scavenging requires update: %s" % d
+    elif opts.all_names:
+        update_list.append(d)
+        if opts.verbose:
+            print "force update: %s" % d
+    elif not check_dns_name(d):
+        update_list.append(d)
+        if opts.verbose:
+            print "need update: %s" % d
 
 for c in cache_list:
     found = False