BIND 9.5.0a6 and Windows Server 2003 R2 DDNS updates with GSS-TSIG
David Holder
david.holder at erion.co.uk
Sat Sep 1 08:05:58 UTC 2007
Adam,
Here it is:
> Here is the gdb backtrace.
>
> $ gdb "/usr/local/bin/nsupdate"
> GNU gdb Red Hat Linux (6.6-8.fc7rh)
> Copyright (C) 2006 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i386-redhat-linux-gnu"...
> Using host libthread_db library "/lib/libthread_db.so.1".
> (gdb) run
> Starting program: /usr/local/bin/nsupdate
>
>> > ?
>>
> incorrect section name: ?
>
>> > help
>>
> incorrect section name: help
>
>> > gssapi
>>
> incorrect section name: gssapi
>
>> > quit
>>
>
> Program received signal SIGTERM, Terminated.
> 0x00110402 in __kernel_vsyscall ()
> (gdb) exit
> Undefined command: "exit". Try "help".
> (gdb) quit
> The program is running. Exit anyway? (y or n) y
> [administrator at oak ~]$ gdb "/usr/local/bin/nsupdate"
> GNU gdb Red Hat Linux (6.6-8.fc7rh)
> Copyright (C) 2006 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i386-redhat-linux-gnu"...
> Using host libthread_db library "/lib/libthread_db.so.1".
> (gdb) run
> Starting program: /usr/local/bin/nsupdate
>
>> > gsstsig
>> > update add oak2.active.com 86400 A 192.168.100.100
>> > send
>>
> nsupdate.c:2192: INSIST(result == 0) failed.
>
> Program received signal SIGABRT, Aborted.
> 0x00c67402 in __kernel_vsyscall ()
> (gdb) bt full
> #0 0x00c67402 in __kernel_vsyscall ()
> No symbol table info available.
> #1 0x00cb5fa0 in raise () from /lib/libc.so.6
> No symbol table info available.
> #2 0x00cb78b1 in abort () from /lib/libc.so.6
> No symbol table info available.
> #3 0x0812c83a in default_callback (file=0x8154bac "nsupdate.c", line=2192,
> type=isc_assertiontype_insist, cond=0x816aa67 "result == 0")
> at assertions.c:94
> No locals.
> #4 0x0804f4fa in start_gssrequest (master=<value optimized out>)
> at nsupdate.c:2192
> context = (gss_ctx_id_t) 0x847f8b8
> buf = {magic = 1114990113, base = 0xbfb174d8, length = 32, used = 32,
> current = 32, active = 0, link = {prev = 0xffffffff, next = 0xffffffff},
> mctx = 0x0}
> result = 0
> val = 392362007
> rmsg = (dns_message_t *) 0xb7eed320
> request = (dns_request_t *) 0x0
> fname = {name = {magic = 1145983854,
> ndata = 0xbfb17da8 "\vDNS/w2003r2\006active\003com", length = 24,
> labels = 4, attributes = 1, offsets = 0xbfb17d04 "", buffer = 0xbfb17d84,
> link = {prev = 0xffffffff, next = 0xffffffff}, list = {head = 0x0,
> tail = 0x0}}, offsets = {0 '\0', 12 '\f', 19 '\023', 23 '\027', 32 ' ',
> 167 '�', 23 '\027', 8 '\b', 240 '�', 231 '�', 241 '�', 183 '�', 200 '�',
> 128 '\200', 201 '�', 0 '\0', 244 '�', 207 '�', 221 '�', 0 '\0', 176 '�',
> 239 '�', 71 'G', 8 '\b', 0 '\0', 0 '\0', 0 '\0', 0 '\0', 56 '8', 125 '}',
> 177 '�', 191 '�', 136 '\210', 38 '&', 212 '�', 0 '\0', 176 '�', 239 '�',
> 71 'G', 8 '\b', 176 '�', 239 '�', 71 'G', 8 '\b', 60 '<', 202 '�',
> ---Type <return> to continue, or q <return> to quit---
> 23 '\027', 8 '\b', 60 '<', 202 '�', 23 '\027', 8 '\b', 168 '�', 126 '~',
> 177 '�', 191 '�', 132 '\204', 196 '�', 18 '\022', 8 '\b', 112 'p',
> 239 '�', 71 'G', 8 '\b', 152 '\230', 239 '�', 71 'G', 8 '\b', 53 '5',
> 0 '\0', 0 '\0', 0 '\0', 148 '\224', 126 '~', 177 '�', 191 '�', 216 '�',
> 82 'R', 238 '�', 183 '�', 136 '\210', 224 '�', 68 'D', 8 '\b', 53 '5',
> 0 '\0', 0 '\0', 0 '\0', 108 'l', 136 '\210', 53 '5', 0 '\0', 1 '\001',
> 0 '\0', 0 '\0', 0 '\0', 1 '\001', 0 '\0', 0 '\0', 0 '\0', 1 '\001',
> 0 '\0', 0 '\0', 0 '\0', 119 'w', 50 '2', 48 '0', 48 '0', 51 '3', 114 'r',
> 50 '2', 46 '.', 97 'a', 99 'c', 116 't', 105 'i', 118 'v', 101 'e',
> 46 '.', 99 'c', 111 'o', 109 'm', 0 '\0', 183 '�', 100 'd', 164 '�',
> 238 '�', 183 '�'}, buffer = {magic = 1114990113, base = 0xbfb17da8,
> length = 255, used = 24, current = 0, active = 0, link = {
> prev = 0xffffffff, next = 0xffffffff}, mctx = 0x0}, data = {11 '\v',
> 68 'D', 78 'N', 83 'S', 47 '/', 119 'w', 50 '2', 48 '0', 48 '0', 51 '3',
> 114 'r', 50 '2', 6 '\006', 97 'a', 99 'c', 116 't', 105 'i', 118 'v',
> 101 'e', 3 '\003', 99 'c', 111 'o', 109 'm', 0 '\0', 120 'x', 31 '\037',
> 239 '�', 183 '�', 87 'W', 0 '\0', 0 '\0', 0 '\0', 72 'H', 194 '�',
> 237 '�', 183 '�', 219 '�', 139 '\213', 19 '\023', 1 '\001', 1 '\001',
> 0 '\0', 0 '\0', 0 '\0', 72 'H', 194 '�', 237 '�', 183 '�', 1 '\001',
> 0 '\0', 1 '\001', 0 '\0', 120 'x', 1 '\001', 239 '�', 183 '�', 116 't',
> 135 '\207', 177 '�', 191 '�', 56 '8', 126 '~', 177 '�', 191 '�', 8 '\b',
> 126 '~', 177 '�', 191 '�', 188 '�', 244 '�', 6 '\006', 8 '\b', 56 '8',
> 126 '~', 177 '�', 191 '�', 116 't', 135 '\207', 177 '�', 191 '�', 0 '\0',
> 0 '\0', 0 '\0', 0 '\0', 20 '\024', 0 '\0', 0 '\0', 0 '\0', 56 '8',
> 126 '~', 177 '�', 191 '�', 116 't', 135 '\207', 177 '�', 191 '�', 120 'x',
> 126 '~', 177 '�', 191 '�', 121 'y', 6 '\006', 7 '\a', 8 '\b', 116 't',
> 135 '\207', 177 '�', 191 '�', 0 '\0', 0 '\0', 0 '\0', 0 '\0', 1 '\001',
> 0 '\0' <repeats 11 times>, 72 'H', 135 '\207', 177 '�', 191 '�', 0 '\0',
> 0 '\0', 0 '\0', 0 '\0', 150 '\226', 15 '\017', 6 '\006', 8 '\b', 116 't',
> 126 '~', 177 '�', 191 '�', 12 '\f', 211 '�', 238 '�', 183 '�', 24 '\030',
> ---Type <return> to continue, or q <return> to quit---
> 0 '\0', 0 '\0', 0 '\0', 223 '�', 129 '\201', 19 '\023', 8 '\b', 104 'h',
> 208 '�', 237 '�', 183 '�', 190 '�', 0 '\0', 0 '\0', 0 '\0', 24 '\030',
> 0 '\0' <repeats 11 times>, 255 '�', 255 '�', 255 '�', 255 '�', 255 '�',
> 255 '�', 255 '�', 255 '�', 0 '\0', 0 '\0', 0 '\0', 0 '\0', 32 ' ', 0 '\0',
> 0 '\0', 0 '\0', 20 '\024', 0 '\0', 0 '\0', 0 '\0', 96 '`',
> 0 '\0' <repeats 23 times>...}}
> namestr = "w2003r2.active.com\000\000oak.example.com\000�x��\000\000\000\000�x��\000\000\000\000ams\n\000�G\b���\000\000\020\000\000�y���6�\000��G\b�P�\000\000\200��\001\000\000\000����\000\000\000\000\000�\000\000\000\000\000\000\000\000\000\0003�\t\000~\200�\000�y��P��\000\000\000\000\000P��\000\000\000\000\000\210\000\000\000�{��8��\000\004", '\0' <repeats 11 times>, "���\000\002\000\000\000\001\000\000\000�y��\024\201�\000@{���y��\210\000\000\0003r2.a"...
> keystr = "392362007.sig-w2003r2.active.com\000\177-\000����\004\000\000\000Du��\223�,\000<\216��ܧ\022\000\000\000\000\000\000\000\000\000L�\022\0000\000\000\0004\216��\001\000\000\000\030�G\b\004\000\000\000+�,\000�\177-\000�v��\004\000\000\000,U,\000��\022\000 at x��\000\000\000\000\001\000\000\000\000\000\000\000L\004\000\000��G\b�\177-\000\004�G\b�u���u��mX,\000\001\000\000\000\004\000\000\000P\206-\000P\206-\000\030�G\b\204�\022\000\200\202-\000$\000\001\000�u���v��"...
> #5 0x0804fdb4 in recvsoa (task=0xb7ee7008, event=0x0) at nsupdate.c:2064
> namebuf = "!fuB8\177��\000\004\000\000\022", '\0' <repeats 11 times>, "��������\000\000\000\000�\211���\211��\234\205-\000\000\000\000\000�>\020\000\000\000\000\000�\177-\000\002\000\000\000�\203��\224\203��U\006-\000\b\000\000\000\024\000\000\000�\177-\000�\211��E\210,\000,��� ���\b\000\000\000�\236,\000\006\000\000\000\200\202-\000\000\000\000\000\000\000\000\000�\211���\203���\201,\000\001", '\0' <repeats 19 times>, "\021��\000�\204��A\005-\000�\211��\000\000\000\0004\000\000\0004�:\000�\211���\211���\177-\000\003\000\000\000`\204"...
> request = (dns_request_t *) 0xb7eea2d8
> result = <value optimized out>
> eresult = <value optimized out>
> ---Type <return> to continue, or q <return> to quit---
> rcvmsg = (dns_message_t *) 0xb7eed218
> section = <value optimized out>
> name = (dns_name_t *) 0xb7edc218
> soaset = (dns_rdataset_t *) 0xb7edefc8
> soa = {common = {rdclass = 1, rdtype = 6, link = {prev = 0xffffffff,
> next = 0xffffffff}}, mctx = 0x0, origin = {magic = 1145983854,
> ndata = 0xb7eee499 "\aw2003r2\006active\003com", length = 20, labels = 4,
> attributes = 1, offsets = 0x0, buffer = 0x0, link = {prev = 0xffffffff,
> next = 0xffffffff}, list = {head = 0x0, tail = 0x0}}, contact = {
> magic = 1145983854, ndata = 0xb7eee4ad "\nhostmaster", length = 12,
> labels = 2, attributes = 1, offsets = 0x0, buffer = 0x0, link = {
> prev = 0xffffffff, next = 0xffffffff}, list = {head = 0x0, tail = 0x0}},
> serial = 37, refresh = 900, retry = 600, expire = 86400, minimum = 3600}
> soarr = {data = 0xb7eee499 "\aw2003r2\006active\003com", length = 52,
> rdclass = 1, type = 6, flags = 0, link = {prev = 0xffffffff,
> next = 0xffffffff}}
> pass = -1078886600
> master = {magic = 1145983854,
> ndata = 0xb7eee499 "\aw2003r2\006active\003com", length = 20, labels = 4,
> attributes = 1, offsets = 0x0, buffer = 0x0, link = {prev = 0xffffffff,
> next = 0xffffffff}, list = {head = 0x0, tail = 0x0}}
> reqinfo = <value optimized out>
> soaquery = (dns_message_t *) 0xb7eed110
> addr = (isc_sockaddr_t *) 0xb7ee1008
> tname = {magic = 135775336, ndata = 0x817ab10 "G{\025\b\026",
> length = 3, labels = 135653732, attributes = 3216082920,
> offsets = 0xbfb187e8 "\024", buffer = 0xb7eea2d8, link = {prev = 0x0,
> next = 0xb7eea2f4}, list = {head = 0xbfb18808, tail = 0x8098426}}
> nlabels = <value optimized out>
> #6 0x08142eb3 in isc__taskmgr_dispatch () at task.c:874
> ---Type <return> to continue, or q <return> to quit---
> manager = (isc_taskmgr_t *) 0xb7edc0f8
> #7 0x08145da3 in evloop () at app.c:357
> when = {seconds = 1188575032, nanoseconds = 423556000}
> tv = {tv_sec = 4, tv_usec = 999574}
> readfds = {__fds_bits = {2097152, 0 <repeats 31 times>}}
> writefds = {__fds_bits = {0 <repeats 32 times>}}
> n = 1
> now = {seconds = 1188575027, nanoseconds = 423982000}
> tvp = <value optimized out>
> maxfd = 22
> readytasks = <value optimized out>
> result = <value optimized out>
> #8 0x0814607d in isc_app_run () at app.c:549
> event = (isc_event_t *) 0x0
> next_event = (isc_event_t *) 0x0
> task = (isc_task_t *) 0x0
> #9 0x0804c070 in main (argc=Cannot access memory at address 0xbba
> ) at nsupdate.c:2543
> result = 0
> (gdb) quit
> The program is running. Exit anyway? (y or n) y
>
>
> Is this what you need?
>
> Regards,
> David
> ===========================================================
> Dr David Holder CEng FIET MIEEE
> Erion Ltd, Oakleigh, Upper Sutherland Road, Halifax, HX3 8NT
> Reception: +44 (0)1422 207000
> Direct Dial: +44 (0)131 2026317
> Cell: +44 (0) 7768 456831
>
> Registered in England and Wales. Registered Number 3521142
> VAT Number: GB 698 3633 78
>
>
> -----Original Message-----
> From: Mark Andrews via RT [mailto:bind9-bugs at isc.org]
> Sent: 20 August 2007 00:42
> To: david.holder at erion.co.uk
> Subject: [ISC-Bugs #17099] BIND 9.5.0a6 and Windows Server 2003 R2 DDNS updates with GSS-TSIG
>
> On Sun Aug 19 22:35:05 2007, david.holder at erion.co.uk wrote:
>
>
>> > I had a little trouble getting this message onto the list - here it is
>> > at last (I hope).
>> >
>> >
>>
>>> > > Hi! I am trying to use BIND 9.5's GSS-TSIG functionality to carry
>>>
>> > out secure
>>
>>> > > updates to a Windows Server 2003 R2 AD domain controller.
>>> > >
>>> > >
>>> > >
>>> > > I am using a few different Linux clients. They are all configured to
>>>
>> > use the
>>
>>> > > AD DC as their KDC. This works fine.
>>> > >
>>> > >
>>> > >
>>> > > I have built and tested BIND 9.5 with GSSAPI. So far I have not been
>>>
>> > able to
>>
>>> > > get it to work with Windows.
>>> > >
>>> > >
>>> > >
>>> > > Here is an example of the failure messages I get.
>>> > >
>>> > > /usr/local/bin/nsupdate -d -g -o
>>> > >
>>>
>
> Only one of '-g' and '-o' is required.
>
>
>>>>> > > > > update add oak2.active.com 86400 A 192.168.100.100
>>>>>
>>> > >
>>> > >
>>>
>> >
>>
>>>>> > > > > send
>>>>>
>>> > >
>>> > >
>>> > > Reply from SOA query:
>>> > >
>>> > > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53990
>>> > >
>>> > > ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1,
>>>
>> > ADDITIONAL: 1
>>
>>> > >
>>> > > ;; QUESTION SECTION:
>>> > >
>>> > > ;oak2.active.com. IN SOA
>>> > >
>>> > >
>>> > >
>>> > > ;; AUTHORITY SECTION:
>>> > >
>>> > > active.com. 3600 IN SOA w2003r2.active.com.
>>> > > hostmaster. 32 900 600 86400 3600
>>> > >
>>> > >
>>> > >
>>> > > ;; ADDITIONAL SECTION:
>>> > >
>>> > > w2003r2.active.com. 3600 IN A 192.168.100.101
>>> > >
>>> > >
>>> > >
>>> > > Found zone name: active.com
>>> > >
>>> > > The master is: w2003r2.active.com
>>> > >
>>> > > start_gssrequest
>>> > >
>>> > > nsupdate.c:2192: INSIST(result == 0) failed.
>>> > >
>>> > > Aborted
>>>
>
> Can you do a stack backtrace please showing local variables.
> I'm looking for the value of result.
>
> gdb nsupdate core
> bt full
> quit
>
> If you stipped the binary when installing you will need to use
> the unstripped binary.
>
Regards,
David
------------------------------------------------------------------------
Dr David Holder CEng FIET MIEEE
Erion Ltd, Oakleigh, Upper Sutherland Road, Halifax, HX3 8NT
Reception: +44 (0)1422 207000
Direct Dial: +44 (0)131 2026317
Cell: +44 (0) 7768 456831
Registered in England and Wales. Registered Number 3521142
VAT Number: GB 698 3633 78
Adam Tkac wrote:
> David Holder napsal(a):
>> Danny,
>> Network trace attached for failure.
>>
>> This might be obvious but:
>> 192.168.100.101 Windows Server 2003 AD DC
>> 192.168.100.100 FC7 Client with BIND 9.5
>>
>> I got exactly the same results using the nsupdate -g and nsupdate -o.
>>
>> Let me know if you need anything else. I am holiday for two weeks from
>> tomorrow but I will be attempting to pick up email.
>>
>> Regards,
>> David
>> ==================================================================
>> Dr David Holder CEng FIET MIEEE
>> Erion Ltd, Oakleigh, Upper Sutherland Road, Halifax, HX3 8NT
>> Reception: +44 (0)1422 207000
>> Direct Dial: +44 (0)131 2026317
>> Cell: +44 (0) 7768 456831
>>
>> Registered in England and Wales. Registered Number 3521142
>> VAT Number: GB 698 3633 78
>>
>>
>> -----Original Message-----
>> From: Danny Mayer [mailto:mayer at gis.net] Sent: 20 August 2007 00:26
>> To: David Holder
>> Cc: bind-users at isc.org
>> Subject: Re: BIND 9.5.0a6 and Windows Server 2003 R2 DDNS updates with
>> GSS-TSIG
>>
>> David Holder wrote:
>>> I had a little trouble getting this message onto the list - here it
>>> is at
>> last (I hope).
>>>> Hi! I am trying to use BIND 9.5's GSS-TSIG functionality to carry out
>> secure
>>>> updates to a Windows Server 2003 R2 AD domain controller.
>>>>
>>>>
>>>>
>>>> I am using a few different Linux clients. They are all configured
>>>> to use
>> the
>>>> AD DC as their KDC. This works fine.
>>>>
>>>>
>>>>
>>>> I have built and tested BIND 9.5 with GSSAPI. So far I have not
>>>> been able
>> to
>>>> get it to work with Windows.
>>>>
>>
>> It doesn't work yet.
>>
>>>>
>>>>
>>>> Here is an example of the failure messages I get.
>>>>
>>>> /usr/local/bin/nsupdate -d -g -o
>>>>
>>>>>> update add oak2.active.com 86400 A 192.168.100.100
>>>>
>>>>>> send
>>>>
>>>> Reply from SOA query:
>>>>
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53990
>>>>
>>>> ;; flags: qr aa rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 1,
>>>> ADDITIONAL:
>> 1
>>>> ;; QUESTION SECTION:
>>>>
>>>> ;oak2.active.com. IN SOA
>>>>
>>>>
>>>>
>>>> ;; AUTHORITY SECTION:
>>>>
>>>> active.com. 3600 IN SOA w2003r2.active.com.
>>>> hostmaster. 32 900 600 86400 3600
>>>>
>>>>
>>>>
>>>> ;; ADDITIONAL SECTION:
>>>>
>>>> w2003r2.active.com. 3600 IN A 192.168.100.101
>>>>
>>>>
>>>>
>>>> Found zone name: active.com
>>>>
>>>> The master is: w2003r2.active.com
>>>>
>>>> start_gssrequest
>>>>
>>>> nsupdate.c:2192: INSIST(result == 0) failed.
>>>>
>>>> Aborted
>>>>
>>>>
>>>>
>>>> If I do a klist I see the following.
>>>>
>>>> Ticket cache: FILE:/tmp/krb5cc_513
>>>>
>>>> Default principal: administrator at ACTIVE.COM
>>>>
>>>>
>>>>
>>>> Valid starting Expires Service principal
>>>>
>>>> 08/08/07 13:06:09 08/08/07 23:07:35 krbtgt/ACTIVE.COM at ACTIVE.COM
>>>>
>>>> renew until 08/09/07 13:06:09
>>>>
>>>> 08/08/07 13:31:26 08/08/07 23:07:35 DNS/w2003r2.active.com at ACTIVE.COM
>>>>
>>>> renew until 08/09/07 13:06:09
>>>>
>>>>
>>>>
>>>> I have carried out network traces and found that Windows to Windows
>> dynamic
>>>> updates look different from the BIND to Windows dynamic updates.
>>
>> I wouldn't be surprised.
>>
>>>>
>>>>
>>>> Has anyone tried this before? What information do you need to look at
>> this?
>>>> Traces logs configuration info? And is this the correct mailing
>>>> list for
>>>> this problem?
>>>>
>>
>> The network traces would be useful. Is this with wireshark?
>>
>> Danny
>>
>>
>
> Also good will be attach backtrace from nsupdate to identify what
> exactly fails
>
> Adam
More information about the bind-users
mailing list