[Pkg-samba-maint] Bug#920755: samba DC, internal dns backend, return NXDOMAIN for empty nonterminals

Martin Kraus debian-bugs at wujiman.net
Mon Jan 28 18:52:50 GMT 2019 

Package: samba
Version: 2:4.9.4+dfsg-2
Severity: normal

Dear Maintainer,

samba domain controller with internal dns backend returns NXDOMAIN for empty nonterminals.
This breaks resolvers with qname minimisation (RFC 7816) enabled (such as unbound) because 
they will not attempt to resolve label below such domain name. 

Example:

_kerberos._tcp.realm.name SRV

The resolver will send _tcp.realm.name, get back NXDOMAIN, and will not attempt to resolve the 
_kerberos._tcp.realm.name domain name. Turning off qname minimisation will resolve this issue 
but is only a workaround.

RFC 2136 seems to specify that empty nonterminals should return NOERROR and that's what the 
resolvers expect.

thank you
Martin Kraus

-- Package-specific info:
* /etc/samba/smb.conf present, but not attached
* /var/lib/samba/dhcp.conf not present

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages samba depends on:
ii  adduser           3.118
ii  dpkg              1.19.2
ii  libbsd0           0.9.1-1
ii  libc6             2.28-5
ii  libldb1           2:1.5.1+really1.4.3-1
ii  libpam-modules    1.1.8-4
ii  libpam-runtime    1.1.8-4
ii  libpopt0          1.16-11
ii  libpython2.7      2.7.15-5
ii  libtalloc2        2.1.14-2
ii  libtdb1           1.3.16-2+b1
ii  libtevent0        0.9.37-1
ii  lsb-base          10.2018112800
ii  procps            2:3.3.15-2
ii  python            2.7.15-4
ii  python-dnspython  1.16.0-1
ii  python-samba      2:4.9.4+dfsg-2
ii  python2.7         2.7.15-5
ii  samba-common      2:4.9.4+dfsg-2
ii  samba-common-bin  2:4.9.4+dfsg-2
ii  samba-libs        2:4.9.4+dfsg-2
ii  tdb-tools         1.3.16-2+b1

Versions of packages samba recommends:
ii  attr                1:2.4.47-2+b2
ii  logrotate           3.14.0-4
ii  samba-dsdb-modules  2:4.9.4+dfsg-2
ii  samba-vfs-modules   2:4.9.4+dfsg-2

Versions of packages samba suggests:
pn  bind9          <none>
pn  bind9utils     <none>
pn  ctdb           <none>
pn  ldb-tools      <none>
ii  ntp            1:4.2.8p12+dfsg-3
pn  smbldap-tools  <none>
pn  ufw            <none>
ii  winbind        2:4.9.4+dfsg-2

-- no debconf information

More information about the Pkg-samba-maint mailing list