Default DNS server for Samba 4.0

Kai Blin kai at
Wed Sep 5 06:02:42 MDT 2012

Hi folks,

if you watched the patch stream, you might have noticed that I pushed a
set of patches this morning that get the internal DNS server to a point
where it can correctly negotiate GSS-based TKEYs and then use those
TKEYs to verify TSIG signatures, e.g. for updates. I have tested this
with a Samba3 client and a Win7 client, and both can successfully update
their DNS records using GSS-TSIG signed update requests. (I actually
pushed a messy set and have reverted it, sorry about that. I'll have a
clean version up later today.)

With this code in place, I would suggest that we switch to the internal
DNS as default for new Samba provisions. Seeing how much of our support
burden is caused by the BIND setup, I'm hoping to make life easier for
our users with this step. Defaulting to the internal DNS is something
that we have discussed a couple of times in the past, and usually the
only blocker people came up with was the lack of GSS-TSIG support. With
the blocker gone, let's make the switch.

What do you think?

Kai Blin
Worldforge developer
Wine developer
Samba team member

More information about the samba-technical mailing list