[Samba] dynamic DNS updates by DHCP script only for IPv4

Rowland Penny rpenny at samba.org
Wed Nov 22 22:07:42 UTC 2023 

On Wed, 22 Nov 2023 22:29:40 +0100
Thomas Schachtner via samba <samba at lists.samba.org> wrote:



> VPNs will not teach how IPv6 is working.

Well, no, but you should, in my opinion, be teaching best practice and
connecting a computer directory, isn't, again in my opinion, best
practice.

> It's difficult do explain things like prefix delegations when people 
> connect via VPN and do not actually use it. Also, when exposing 25
> web servers for a lab session, it's quite complicated to make them
> publicly available using a reverse proxy or port forwarding rules.
> It's awkward... It's difficult to learn how IPv6 is working when
> hiding many functions of IPv6. I agree with you: I am also not sure
> if I would activate IPv6 for all end user's workstations in a
> production environment... But that's not the point here.

I must be missing the point, your education environment is a type of
production and as such your classes should be taught how it would work
in production, but that is just my opinion.

> >> And as IPv6 addresses are hard to remember, it would be good to
> >> have them available in the DNS.
> >> All stations get fixed (=reserved) IPv6 addresses and they register
> >> themselves in the DNS.
> >>
> >> But it seems as if the IPv6 updates from Windows don't work
> >> correctly with bind_dlz zones, either. Maybe it's not so easy to
> >> get it all running...
> > Windows computers do not actually need a script to update the dns,
> > they can do it themselves, if you do use a script, you have to stop
> > the Windows computers from updating their own records.
> >
> > Rowland
> I understand that there are two update mechanisms then which might 
> interfere with each other.

There are two mechanisms:
One is the script, which only works with a dhcp server, the other is
Windows clients that will try and change their dns data in AD, but only
when it changes.

> But there are different usage scenarios:
> - Non-AD computers will receive their IP addresses from the DHCP
> server. It would be great if they were available in the DNS. That's
> what the script is taking care of.

At the moment the script will only update IPv4 'A' and 'PTR' records.

> - AD computers which have static IP addresses are not visible to the 
> DHCP server. If such a device is either changing its name or its IP 
> address, probably no one thinks of manually changing the values in
> the DNS server. In this case, it would be good if the Active
> Directory (or: the Winodws client) takes care of that job.

They work in a similar way, but again only if they have dynamic dns
records, if they are fixed, then the sysadmin needs to update the
dns records in AD.

> 
> Can they both be addressed without getting into trouble?
> 

From my understanding, this could probably be made to work, but only
easily if using either dhcp assigned dns data or by allowing the
Windows computers to change their own records without a script.

Rowland

More information about the samba mailing list