Bug#920755: samba DC, internal dns backend, return NXDOMAIN for empty nonterminals

Mon, 28 Jan 2019 11:03:16 -0800 

Package: samba
Version: 2:4.9.4+dfsg-2
Severity: normal

Dear Maintainer,

samba domain controller with internal dns backend returns NXDOMAIN for empty 
nonterminals.
This breaks resolvers with qname minimisation (RFC 7816) enabled (such as 
unbound) because 
they will not attempt to resolve label below such domain name. 

Example:

_kerberos._tcp.realm.name SRV

The resolver will send _tcp.realm.name, get back NXDOMAIN, and will not attempt 
to resolve the 
_kerberos._tcp.realm.name domain name. Turning off qname minimisation will 
resolve this issue 
but is only a workaround.

RFC 2136 seems to specify that empty nonterminals should return NOERROR and 
that's what the 
resolvers expect.

thank you
Martin Kraus

-- Package-specific info:
* /etc/samba/smb.conf present, but not attached
* /var/lib/samba/dhcp.conf not present

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages samba depends on:
ii  adduser           3.118
ii  dpkg              1.19.2
ii  libbsd0           0.9.1-1
ii  libc6             2.28-5
ii  libldb1           2:1.5.1+really1.4.3-1
ii  libpam-modules    1.1.8-4
ii  libpam-runtime    1.1.8-4
ii  libpopt0          1.16-11
ii  libpython2.7      2.7.15-5
ii  libtalloc2        2.1.14-2
ii  libtdb1           1.3.16-2+b1
ii  libtevent0        0.9.37-1
ii  lsb-base          10.2018112800
ii  procps            2:3.3.15-2
ii  python            2.7.15-4
ii  python-dnspython  1.16.0-1
ii  python-samba      2:4.9.4+dfsg-2
ii  python2.7         2.7.15-5
ii  samba-common      2:4.9.4+dfsg-2
ii  samba-common-bin  2:4.9.4+dfsg-2
ii  samba-libs        2:4.9.4+dfsg-2
ii  tdb-tools         1.3.16-2+b1

Versions of packages samba recommends:
ii  attr                1:2.4.47-2+b2
ii  logrotate           3.14.0-4
ii  samba-dsdb-modules  2:4.9.4+dfsg-2
ii  samba-vfs-modules   2:4.9.4+dfsg-2

Versions of packages samba suggests:
pn  bind9          <none>
pn  bind9utils     <none>
pn  ctdb           <none>
pn  ldb-tools      <none>
ii  ntp            1:4.2.8p12+dfsg-3
pn  smbldap-tools  <none>
pn  ufw            <none>
ii  winbind        2:4.9.4+dfsg-2

-- no debconf information

Reply via email to