mirror of
https://github.com/samba-team/samba.git
synced 2025-03-01 04:58:35 +03:00
f5bb81a920
DNS packet signing is broken in 4.3 and older. Fixes are available in master and 4.4. Backporting the complete patchset turned out to be too difficult, so we use this hack to get authenticated DDNS updates working again. By simply NOT signing out DNS-TKEY response, the client won't get a broken DNS-TSIG record which caused the client to not start the authenticated DDNS update. DNS RFCs do require signing TKEY responses, but luckily real world clients are forgiving and accept unsigned TKEY responses. This was tested with Windows 7. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-3-test): Thu Jun 23 15:35:39 CEST 2016 on sn-devel-104