kerberos dynamic DNS and the internal DNS server
Andrew Bartlett
abartlet at samba.org
Tue Dec 27 18:57:38 MST 2011
On Wed, 2011-12-28 at 00:31 +0100, Kai Blin wrote:
> On 2011-12-23 02:02, Amitay Isaacs wrote:
> Hi Amitay,
>
> > Internal DNS server does not yet support dynamic dns updates. So
> > DNS updates for names (run from samba_dnsupdate script) will not
> > work. For time being you will have to used BIND with dlz_bind9.
>
> That's not true anymore. The reason for the failing updates is that
> we're not starting the internal dns server per default. So far you
> need to also add "server services = +dns" to your smb.conf.
>
> I'll look into submitting a patch to provision that automatically adds
> this line if you provision with the internal backend.
I can't see any support for kerberos authentication of dynamic DNS
updates. We cannot turn on the DNS server until that is sorted out.
Naturally, I'm happy to help or provide advise in implementing that
against GENSEC.
(I also think that once we have GSS-TSIG, we should always require it
and the 'allow dns updates' option you added should be removed).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list