Hay, Tridge,
I was doing some initial research on this today:
dnsRecord: NDR: struct dnsp_DnssrvRpcRecord
wDataLength : 0x0008 (8)
wType : DNS_TYPE_ZERO (0)
dwFlags : 0x00000005 (5)
dwSerial : 0x000002b1 (689)
dwTtlSeconds : 0x00000000 (0)
dwTimeStamp : 0x00000000 (0)
dwReserved : 0x00000000 (0)
data : union dnsRecordData(case 0)
data : DATA_BLOB length=8
[0000] 40 47 30 F4 9F A0 CB 01 @G0.....
what are they for? What is in that 8 bytes of data?
Can you give me more context of when you're seeing this (On the wire?
Elsewhere?). Initially, I share your expectation that wDataLength should be
zero. Do you always see eight.
My review is very preliminary, but I thought I would share with you what I had.
I'm seeing some code that this may be a pointer (( ULONG64 )
record.Data.NOEXIST.pnodeZoneRoot) that wouldn't have any context outside the
running process. And, this doesn't look like a pointer (even if you invert
bytes within DWORDs or do any of the standard byte transformations from network
order). I'm also seeing some other code that suggests that a "tombstone" value
might be stored there as the output of RtlGetSystemTime(), but that doesn't
match the data sample you supplied. Both of the forgoing possibilities would
contain eight bytes, but neither seem to fit (40 47 30 F4 9F A0 CB 01), so the
hunt continues.
Bryan
-----Original Message-----
From: Bryan Burgin
Sent: Monday, December 20, 2010 5:49 PM
To: '[email protected]'
Cc: [email protected]; [email protected]; MSSolve Case Email
Subject: [REG:110122106325012] strange records in DNS LDAP NCs
[dochelp to bcc]
Tridge,
I created SR 110122106325012 to track this issue. An engineer from the
protocols team will contact you soon.
Bryan
-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Monday, December 20, 2010 5:23 PM
To: Interoperability Documentation Help
Cc: [email protected]; [email protected]
Subject: strange records in DNS LDAP NCs
There are a few aspects of the Windows DNS NCs that are puzzling us:
1) we see records like this:
dn:
DC=..SerialNo-W2K8R2B.v2.tridgell.net,DC=v2.tridgell.net,CN=MicrosoftDNS,DC=DomainDnsZones,DC=v2,DC=tridgell,DC=net
dnsRecord: NDR: struct dnsp_DnssrvRpcRecord
wDataLength : 0x0008 (8)
wType : DNS_TYPE_ZERO (0)
dwFlags : 0x00000005 (5)
dwSerial : 0x000002b1 (689)
dwTtlSeconds : 0x00000000 (0)
dwTimeStamp : 0x00000000 (0)
dwReserved : 0x00000000 (0)
data : union dnsRecordData(case 0)
data : DATA_BLOB length=8
[0000] 40 47 30 F4 9F A0 CB 01 @G0.....
what are they for? What is in that 8 bytes of data? What is the significance of
the "..SerialNo-HOSTNAME" records?
The MS-DNSP doc says:
DNS_TYPE_ZERO An empty record type (section 3.6 in [RFC1034] and
section 3.2.2 in [RFC1035]).
0x0000
which isn't very useful!
2) what is the dwReserved field in all the dnsNode records? The MS-DNSP doc
says:
dwReserved: This value MUST be set to 0x00000000 when sent by the client and
ignored on
receipt by the server.
but that makes no sense. These are fields that are sent by the LDAP or DRS
server in response to queries. The values are far too consistent to be random.
Note that we are not asking about the DNS RPC protocol that MS-DNSP
concentrates on. In our case Samba is a DC that is replicating the DNS NCs with
Microsoft DCs. We need to know how to fill in these fields when we create
records that will be replicated to MS DNS servers via DRS.
Cheers, Tridge
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
