Review request: DNS server implementation

tridge at tridge at
Thu Oct 14 18:03:24 MDT 2010

Hi Simo,

 > > This is one of the things that bit Nadya at the AD plugfest. She
 > > thought she'd debug bind using gdb, but didn't know that she needed to
 > > do ". /etc/default/bind" before starting gdb. The resulting errors
 > > were not helpful :-)
 > Not really a bind fault ...

I think it is. A package shouldn't have essential parameters like
spread out in different places. People expect configuration of bind to
be in /etc/bind, but in this case is isn't.

 > > yep. Now multiply this by the number of Linux distros and versions of
 > > distros out there :-)
 > I can assure you it works on Fedora/RHEL with SELinux :-)

do both of those distros have bind 9.7.2rc1 or later? It didn't work
with any earlier version without patches.

Have you had a chance to try bi-directional TSIG-GSS updates with both
old and recent windows server versions and these distros? (you need to
try both w2k3 and w2k8r2, and you need to test both nsupdate -g and
the DNS server support for both cases).

 > My fear is that will make bind a second class citizen to the point it
 > will not work properly, plus we will have yet another daemon to care
 > about, security issues, bugs, etc... the whole package.
 > But as long as it is a compile option I guess I can't complain.

The pattern in Samba4 is to make things runtime options, not compile
time options. So there would be a runtime option to enable/disable the
builtin DNS server. That makes it much easier for people to choose
what options they want when they use a pre-built package.

Because the DNS server will be integrated into the samba binary, the
additional space it takes will be tiny (maybe a few kb?).

Cheers, Tridge

More information about the samba-technical mailing list