samba4 and libdlz_bind9.so

Fri Jul 8 04:30:54 MDT 2011

2011-07-08 10:35 keltezéssel, Matthieu Patou írta:
> On 08/07/2011 10:45, Gémes Géza wrote:
>> 2011-07-08 00:47 keltezéssel, Kai Blin írta:
>>> On 2011-07-07 20:10, Denis Cardon wrote:
>>>
>>> Hi Denis,
>>>
>>>> thanks a lot for your patches Kai. I pulled out the git master branch
>>>> this afternoon, compiled merrily, provisioned eagerly, and there are
>>>> indeed DNS entries which looks quite fine in the
>>>> cn=MicrosoftDNS,cn=System,<base_dn>  ldap branch. Great!
>>>> However, I still couldn't resolve dns entries. Looking at samba4 debug
>>>> trace, it seems that it is looking at
>>>> dn=CN=MicrosoftDNS,DC=DomainDnsZones,<base_dn>  for dnsZone, and
>>>> not in
>>>> the cn=MicrosoftDNS,cn=System,<base_dn>  where the entries have been
>>>> created.
>>> Ah, that's actually not my fault (tm). While creating the patches, I
>>> decided that I'd put the DNS records into
>>> cn=MicrosoftDNS,cn=System,<base_dn>  where the root server entries
>>> already were living. This seems to match what win2k3 is doing as well.
>>>
>>> Myself, I've mainly done these patches because I'm working on an
>>> implementation of DNS within samba4 itself and my tests using that code
>>> worked just fine. I haven't actually tried this with the dlz module for
>>> bind. Switching the s4 DNS implementation to also use the dlz module is
>>> on my todo list.
>>>
>>>> Moreover, looking at an existing MS AD install, the forward dns
>>>> entries
>>>> where actually in the
>>>> dn=CN=MicrosoftDNS,DC=DomainDnsZones,<base_dn>  and
>>>> it seems to me that it should be in a separate partition.
>>> cn=CN=MicrosoftDNS,DC=DomainDnsZones,<base_dn>  is what I've also seen
>>> used by my win2k8dc server, but as I said, I went for consistency with
>>> the other records. I'll give the dlz module a look once I get around to
>>> that, fixing it to use another base when looking for dnsZones should be
>>> pretty easy.
>>>
>>> Cheers,
>>> Kai
>>>
>> Hi,
>>
>> IMHO the aim to mimic the AD behavior of W2Kx would suggest to use a
>> location which matches the W2Kx DNS servers, so I suggest to modify the
>> location used by the new DNS server to
>> CN=MicrosoftDNS,DC=DomainDnsZones. Anyway in the source4/dns_server
>> directory I've found only one reference to CN=System path in
>> dns_utils.c:122
> Well it do Mimic W2Kx server, as I have at least two W2k3 image with
> all the DNS record in cn=MicrosoftDNS,cn=System,<base_dn>.
>
> For one it has a FL of 2003 and the other has FL 2000. It's not clear
> right now for me if you dcpromo directly a Windows DC with a FL of
> 2003 if it will use cn=CN=MicrosoftDNS,DC=DomainDnsZones,<base_dn> or
> cn=MicrosoftDNS,cn=System,<base_dn>, Metze seems to indicate the former.
>
> In any case Windows 2003 is happy with object in the
> cn=MicrosoftDNS,cn=System,<base_dn> container, so should be samba.
>
> Also moving to CN=MicrosoftDNS,DC=DomainDnsZones, is not just a matter
> of creating a container and telling provision to use it. This
> container is in fact a different naming context so it has to be
> created as such.
>
> A quick and dirty fix for the moment should be something like:
>
> diff --git a/source4/dns_server/dlz_bind9.c
> b/source4/dns_server/dlz_bind9.c
> index 4873112..b52142b 100644
> --- a/source4/dns_server/dlz_bind9.c
> +++ b/source4/dns_server/dlz_bind9.c
> @@ -53,6 +53,7 @@ struct dlz_bind9_data {
>  static const char *zone_prefixes[] = {
> +    "CN=MicrosoftDNS,CN=System",
>      "CN=MicrosoftDNS,DC=DomainDnsZones",
>      "CN=MicrosoftDNS,DC=ForestDnsZones",
>      NULL
>  };
>
>
> Matthieu.
>
Thats sounds reasonable (I've tested with W2K8R2 server with W2K8R2 level)

Will the patch get merged to master anytime soon?

Thank you!

Cheers

Geza