Hello Tridge, Thank you for your questions regarding TSIG DNS update. A future version of the [MS-ADSO] document Section 4.1 - System Environment will contain a link to a Windows Behavior to clarify this. The Windows Behavior will read something similar to the following:
RFC 2136 allows dynamic update responses to be formed in two ways. 1) Respond with the ZOCOUNT, PRCOUNT, UPCOUNT and ADCOUNT fields and corresponding sections copied from the request. 2) Respond with the ZOCOUNT, PRCOUNT, UPCOUNT and ADCOUNT fields set to 0 and without copying the corresponding sections from the request. The Windows DNS server in Windows NT, Windows 2000, Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2 use Method 1 when formatting dynamic update responses. The Window DNS client in Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 of the Windows DNS client expect Method 1 when parsing dynamic update responses and may log an error when parsing dynamic update responses that use Method 2. The Windows DNS client in Windows 7 and Windows Server 2008 R2 will accept either method of formatting dynamic update responses. Please let me know if this fully answers your questions. Thanks John Dunning Senior Escalation Engineer Microsoft Corporation US-CSS DSC PROTOCOL TEAM Email: [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Monday, February 15, 2010 3:25 PM To: John Dunning Cc: Interoperability Documentation Help; [email protected]; MSSolve Case Email Subject: [REG:110021555585893] RE: question on DNS TSIG dynamic updates Hi John, > There was a foul up in communications Friday as you should have > been sent a reply that day. no worries. The initial ack doesn't really matter that much :-) > I also received the email regarding your findings and request to > update the [MS-GSSA] document. I think what you are looking for is > a reference to information indicating that a windows client will > only try the signed update if the response from the DNS server for > the unsigned request includes fields from the request. Please let > me know if I am understanding this correctly. I think that I am but > I want to make sure we are on the same page. yes, assuming that we have correctly diagnosed the problem, then that is what we'd like. If there are any other conditions for MS clients doing TSIG-GSS requests then please add those too. Cheers, Tridge _______________________________________________ cifs-protocol mailing list [email protected] https://lists.samba.org/mailman/listinfo/cifs-protocol
