Default DNS server for Samba 4.0

Matthieu Patou mat at
Thu Sep 6 12:21:30 MDT 2012

On 09/05/2012 05:02 AM, Kai Blin wrote:
> Hi folks,
> if you watched the patch stream, you might have noticed that I pushed a
> set of patches this morning that get the internal DNS server to a point
> where it can correctly negotiate GSS-based TKEYs and then use those
> TKEYs to verify TSIG signatures, e.g. for updates. I have tested this
> with a Samba3 client and a Win7 client, and both can successfully update
> their DNS records using GSS-TSIG signed update requests. (I actually
> pushed a messy set and have reverted it, sorry about that. I'll have a
> clean version up later today.)
> With this code in place, I would suggest that we switch to the internal
> DNS as default for new Samba provisions. Seeing how much of our support
> burden is caused by the BIND setup, I'm hoping to make life easier for
> our users with this step. Defaulting to the internal DNS is something
> that we have discussed a couple of times in the past, and usually the
> only blocker people came up with was the lack of GSS-TSIG support. With
> the blocker gone, let's make the switch.
Great job kai, I'll give it a shot tonight I hope and make your internal 
DNS server my primary DNS server at home.

As far as I'm concerned with recursive DNS working non blocking and 
GSS-based TKEY I'm in the favor of the internal DNS server as default one.

The only question is who will be the maintainer of this code ?


Matthieu Patou
Samba Team

More information about the samba-technical mailing list