samba4 and libdlz_bind9.so

Fri Jul 8 02:35:33 MDT 2011

On 08/07/2011 10:45, Gémes Géza wrote:
> 2011-07-08 00:47 keltezéssel, Kai Blin írta:
>> On 2011-07-07 20:10, Denis Cardon wrote:
>>
>> Hi Denis,
>>
>>> thanks a lot for your patches Kai. I pulled out the git master branch
>>> this afternoon, compiled merrily, provisioned eagerly, and there are
>>> indeed DNS entries which looks quite fine in the
>>> cn=MicrosoftDNS,cn=System,<base_dn>  ldap branch. Great!
>>> However, I still couldn't resolve dns entries. Looking at samba4 debug
>>> trace, it seems that it is looking at
>>> dn=CN=MicrosoftDNS,DC=DomainDnsZones,<base_dn>  for dnsZone, and not in
>>> the cn=MicrosoftDNS,cn=System,<base_dn>  where the entries have been
>>> created.
>> Ah, that's actually not my fault (tm). While creating the patches, I
>> decided that I'd put the DNS records into
>> cn=MicrosoftDNS,cn=System,<base_dn>  where the root server entries
>> already were living. This seems to match what win2k3 is doing as well.
>>
>> Myself, I've mainly done these patches because I'm working on an
>> implementation of DNS within samba4 itself and my tests using that code
>> worked just fine. I haven't actually tried this with the dlz module for
>> bind. Switching the s4 DNS implementation to also use the dlz module is
>> on my todo list.
>>
>>> Moreover, looking at an existing MS AD install, the forward dns entries
>>> where actually in the dn=CN=MicrosoftDNS,DC=DomainDnsZones,<base_dn>  and
>>> it seems to me that it should be in a separate partition.
>> cn=CN=MicrosoftDNS,DC=DomainDnsZones,<base_dn>  is what I've also seen
>> used by my win2k8dc server, but as I said, I went for consistency with
>> the other records. I'll give the dlz module a look once I get around to
>> that, fixing it to use another base when looking for dnsZones should be
>> pretty easy.
>>
>> Cheers,
>> Kai
>>
> Hi,
>
> IMHO the aim to mimic the AD behavior of W2Kx would suggest to use a
> location which matches the W2Kx DNS servers, so I suggest to modify the
> location used by the new DNS server to
> CN=MicrosoftDNS,DC=DomainDnsZones. Anyway in the source4/dns_server
> directory I've found only one reference to CN=System path in dns_utils.c:122
Well it do Mimic W2Kx server, as I have at least two W2k3 image with all 
the DNS record in cn=MicrosoftDNS,cn=System,<base_dn>.

For one it has a FL of 2003 and the other has FL 2000. It's not clear 
right now for me if you dcpromo directly a Windows DC with a FL of 2003 
if it will use cn=CN=MicrosoftDNS,DC=DomainDnsZones,<base_dn> or 
cn=MicrosoftDNS,cn=System,<base_dn>, Metze seems to indicate the former.

In any case Windows 2003 is happy with object in the 
cn=MicrosoftDNS,cn=System,<base_dn> container, so should be samba.

Also moving to CN=MicrosoftDNS,DC=DomainDnsZones, is not just a matter 
of creating a container and telling provision to use it. This container 
is in fact a different naming context so it has to be created as such.

A quick and dirty fix for the moment should be something like:

diff --git a/source4/dns_server/dlz_bind9.c b/source4/dns_server/dlz_bind9.c
index 4873112..b52142b 100644
--- a/source4/dns_server/dlz_bind9.c
+++ b/source4/dns_server/dlz_bind9.c
@@ -53,6 +53,7 @@ struct dlz_bind9_data {
  static const char *zone_prefixes[] = {
+    "CN=MicrosoftDNS,CN=System",
      "CN=MicrosoftDNS,DC=DomainDnsZones",
      "CN=MicrosoftDNS,DC=ForestDnsZones",
      NULL
  };


Matthieu.

-- 
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary


