r20170: Fix secure DNS updates to work against

Wnidows 2000 DNS which expects the TKEY payload to
be in the answer section and not in the additional
set of records (like Windows 2003 and the RFC).
(This used to be commit a3b6734fdad5fd92dbec075ebcd8d7044aac45c2)

1 files changed, 12 insertions, 2 deletions

diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c
index d372211a5f..81d7dd596a 100644
--- a/source3/utils/net_dns.c
+++ b/source3/utils/net_dns.c
@@ -118,8 +118,18 @@ DNS_ERROR DoDNSUpdate(ADS_STRUCT *ads, char *pszServerName,
 		}
 
 		err = dns_negotiate_sec_ctx( pszDomainName, pszServerName,
-					     keyname, &gss_context );
-		if (!ERR_DNS_IS_OK(err)) goto error;
+					     keyname, &gss_context, DNS_SRV_ANY );
+
+		/* retry using the Windows 2000 DNS hack */
+		if (!ERR_DNS_IS_OK(err)) {
+			err = dns_negotiate_sec_ctx( pszDomainName, pszServerName,
+						     keyname, &gss_context, 
+						     DNS_SRV_WIN2000 );
+		}
+		
+		if (!ERR_DNS_IS_OK(err))
+			goto error;
+		
 
 		err = dns_sign_update(req, gss_context, keyname,
 				      "gss.microsoft.com", time(NULL), 3600);