Default DNS server for Samba 4.0

Jeremy Allison jra at
Wed Sep 5 10:26:50 MDT 2012

On Wed, Sep 05, 2012 at 02:02:42PM +0200, Kai Blin wrote:
> Hi folks,
> if you watched the patch stream, you might have noticed that I pushed a
> set of patches this morning that get the internal DNS server to a point
> where it can correctly negotiate GSS-based TKEYs and then use those
> TKEYs to verify TSIG signatures, e.g. for updates. I have tested this
> with a Samba3 client and a Win7 client, and both can successfully update
> their DNS records using GSS-TSIG signed update requests. (I actually
> pushed a messy set and have reverted it, sorry about that. I'll have a
> clean version up later today.)
> With this code in place, I would suggest that we switch to the internal
> DNS as default for new Samba provisions. Seeing how much of our support
> burden is caused by the BIND setup, I'm hoping to make life easier for
> our users with this step. Defaulting to the internal DNS is something
> that we have discussed a couple of times in the past, and usually the
> only blocker people came up with was the lack of GSS-TSIG support. With
> the blocker gone, let's make the switch.
> What do you think?

+1 and well done Kai !


More information about the samba-technical mailing list