samba - Nov 2021 - Device ends up with multiple dns records and IP addresses

On 22/10/2021 16:28, Rowland Penny via samba wrote:
> On Wed, 2021-10-20 at 11:40 +0100, Sebastian Arcus via samba wrote:
>> I have a server with:
>>
>> Samba 4.9.4 in AD mode
>> Bind 9.14.2
>> ISC Dhcpd 4.4.1
>>
>> Samba is configured to use Bind for the dns back-end, and dynamic
>> dns
>> updates from dhcpd->Samba->Bind are configured using the script
at
>> Samba.org
>>
>> I have this strange situation where one of the printers has ended up
>> with 11 records in the dns back-end:
>>
>> # host SEC001599AB9439
>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.184
>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.176
>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.179
>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.144
>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.241
>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.229
>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.231
>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.172
>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.177
>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.235
>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.182
>>
>> In order to start troubleshooting, I can't get my head around which
>> software is not working properly. Is it the job of dhcpd not to allow
>> a
>> same device to request a different IP, or is it the Samba script, or
>> Samba, or Bind? Which one should normally prevent this from
>> happening?
>> Thank you much for any suggestions.
> 
> Sorry to be so long in replying.
> 
> Not sure what is going on here.
> 
> dhcp passes the full ipaddress to the update script e.g. 192.168.0.56
> 
> in the 'add' case, any existing 'A' record for the computer
is obtained
> by running 'samba-tool dns query'. If no record is found, a new one
is
> added. If an 'A' record that matches the supplied ipaddress is
found,
> then nothing happens. finally, if the ipaddress found by samba-tool is
> different from the ipaddress passed to the script, then the existing
> 'A' record is deleted and a new one added.
> 
> Is there any way that the printer is updating its own record ?
Thank you for getting back to me with the detailed info. I guess I must 
have an older version of the script, as the 'add' case uses the 
following code to obtain the A record for the computer (at the top it 
reads v0.9.0):

     # does host have an existing 'A' record ?
     A_REC=$(host -t A "${name}" | awk '{print $NF}')

Still, I'm not sure how the above could have resulted in multiple
'A'
records.

Regarding your question, I can't really think how the printer would be 
able to update its own dns record. It is a Samsung SCX-4833FD - and I 
can't see how it would have the authority to ask Bind or Samba to update 
the record directly. Even if it tried, I believe it would be refused - I 
think?

I am a bit mystified by all this. I deleted all the A records for this 
printer, and let it renew its IP address. It's been 4 days and I've just
checked - it still has only one A record.

I guess I'll keep an eye on things, and if it happens again, I will try 
to run the ddns update script by hand, and see if I can figure out what 
is happening.

Still, your explanation above was very useful - thank you again for 
taking the time.

Sebastian

On 22/10/2021 22:15, Sebastian Arcus via samba wrote:
> On 22/10/2021 16:28, Rowland Penny via samba wrote:
>> On Wed, 2021-10-20 at 11:40 +0100, Sebastian Arcus via samba wrote:
>>> I have a server with:
>>>
>>> Samba 4.9.4 in AD mode
>>> Bind 9.14.2
>>> ISC Dhcpd 4.4.1
>>>
>>> Samba is configured to use Bind for the dns back-end, and dynamic
>>> dns
>>> updates from dhcpd->Samba->Bind are configured using the
script at
>>> Samba.org
>>>
>>> I have this strange situation where one of the printers has ended
up
>>> with 11 records in the dns back-end:
>>>
>>> # host SEC001599AB9439
>>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.184
>>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.176
>>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.179
>>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.144
>>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.241
>>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.229
>>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.231
>>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.172
>>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.177
>>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.235
>>> SEC001599AB9439.ihs-uk.lan has address 192.168.51.182
>>>
>>> In order to start troubleshooting, I can't get my head around
which
>>> software is not working properly. Is it the job of dhcpd not to
allow
>>> a
>>> same device to request a different IP, or is it the Samba script,
or
>>> Samba, or Bind? Which one should normally prevent this from
>>> happening?
>>> Thank you much for any suggestions.
>>
>> Sorry to be so long in replying.
>>
>> Not sure what is going on here.
>>
>> dhcp passes the full ipaddress to the update script e.g. 192.168.0.56
>>
>> in the 'add' case, any existing 'A' record for the
computer is obtained
>> by running 'samba-tool dns query'. If no record is found, a new
one is
>> added. If an 'A' record that matches the supplied ipaddress is
found,
>> then nothing happens. finally, if the ipaddress found by samba-tool is
>> different from the ipaddress passed to the script, then the existing
>> 'A' record is deleted and a new one added.
>>
>> Is there any way that the printer is updating its own record ?
> 
> Thank you for getting back to me with the detailed info. I guess I must 
> have an older version of the script, as the 'add' case uses the 
> following code to obtain the A record for the computer (at the top it 
> reads v0.9.0):
> 
>  ??? # does host have an existing 'A' record ?
>  ??? A_REC=$(host -t A "${name}" | awk '{print $NF}')
> 
> Still, I'm not sure how the above could have resulted in multiple
'A'
> records.
> 
> Regarding your question, I can't really think how the printer would be 
> able to update its own dns record. It is a Samsung SCX-4833FD - and I 
> can't see how it would have the authority to ask Bind or Samba to
update
> the record directly. Even if it tried, I believe it would be refused - I 
> think?
> 
> I am a bit mystified by all this. I deleted all the A records for this 
> printer, and let it renew its IP address. It's been 4 days and I've
just
> checked - it still has only one A record.
> 
> I guess I'll keep an eye on things, and if it happens again, I will try
> to run the ddns update script by hand, and see if I can figure out what 
> is happening.
> 
> Still, your explanation above was very useful - thank you again for 
> taking the time.

I have just checked this server today, and the printer has two IP 
addresses again:


# host SEC001599AB9439
SEC001599AB9439.ihs-uk.lan has address 192.168.51.235
SEC001599AB9439.ihs-uk.lan has address 192.168.51.229


There are some other hosts with multiple IP's - an iPhone has 5 IP 
addresses.

I then went to test manually adding a record with two IP addresses to 
the dns server using the dhcp-dyndns.sh script:



/etc/dhcpd.d# ./dhcp-ddns.sh add 192.168.51.200 abcdef test1
Record added successfully
192.168.51
192.168.51
200
ERROR(runtime): uncaught exception - (9701, 
'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 177, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/dns.py", line
1071, in run
     raise e
Record added successfully
root at ihs-server:/etc/dhcpd.d# host test1
test1.ihs-uk.lan has address 192.168.51.200



./dhcp-ddns.sh add 192.168.51.201 abcdef test1
ERROR(runtime): uncaught exception - (9701, 
'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 177, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/dns.py", line
1071, in run
     raise e
Record added successfully
192.168.51
192.168.51
201
ERROR(runtime): uncaught exception - (9701, 
'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST')
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 177, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/dns.py", line
1071, in run
     raise e
Record added successfully


# host test1
test1.ihs-uk.lan has address 192.168.51.200
test1.ihs-uk.lan has address 192.168.51.201


As can be seen, something appears to go wrong when the script is run - 
and then the host ends up with multiple IP addresses.

I then manually deleted one of the records and that seems to work:


# samba-tool dns delete ihs-server ihs-uk.lan "test1" A 192.168.51.200
-k yes
Password for [administrator at IHS-UK.LAN]:
Record deleted successfully


However, by inserting debug statements, I discovered that the line above 
crashes with the error when run through the script, although it runs 
fine on the command line. Does this throw a bit more light on what is 
happening? Thank you for any hints