Provision with DNS data in AD (was Re: samba4 and

Amitay Isaacs amitay at
Tue Aug 30 21:35:02 MDT 2011

Hi Geza,

On Mon, Jul 11, 2011 at 3:39 AM, Gémes Géza <geza at> wrote:

> Hi,
> Attached is the current state of my patch, which creates and uses
> DomainDNSZones and ForestDNSZones containers at provision if the domain
> level is 2008 or greater. According to my tests the creation and use of
> this containers is independent of the domain (or forest level) (I've
> created and destroyed four 1 domain forests on a Win2008R2 server wit
> functionality levels: 2000, 2003, 2008 and 2008r2 and the only
> difference was, that from 2003 to 2008r2 it also created
> CN=RootDNSServers,CN=MicrosoftDNS,DC=DomainDNSZones with the same
> content as CN=RootDNSServers,CN=MicrosoftDNS,CN=System), so it seems,
> that the DomainDNSZones and ForestDNSZones containers presence depends
> more from the os version than the domain or forest level. However since
> provision doesn't use any os_version like variables and not willing to
> create one I've coupled my os_version variable with the domain_level
> used by the provision script.
> The patch is still incomplete (and POSSIBLY BUGGY) I hadn't time to test
> it yet. I still need (at least) to create the entries under
> DC=_msdcs,CN=MicrosoftDNS,DC=ForestDNSZones.
> Unfortunately I'll be offline for the next 10 days, so please be patient
> with me (which doesn't mean) that I'm not open to criticism ;-)
> Still need to better understand the structures used by RPC, maybe the
> functions used by different parts of the provisioning.
> In the meantime it would be very helpful if someone could give me some
> examples how to read the data from an ndr encoded structure (I couldn't
> figure out how to use ndr_unpach() and ndr_print() :-(  )
> Thanks
> Cheers
> Geza

I am also interested in getting dlz_bind9 to work with DomainDnsZones and
I would like to work from your patch to add all the missing entries and do
some testing.

Have you made any more changes since this patch?


More information about the samba-technical mailing list