samba 4 dns update dynamic
Roberto Farias
bettoguaruja at hotmail.com
Fri Feb 15 13:36:46 MST 2013
Samuel Cabrero <scabrero <at> zentyal.com> writes:
>
> Hi Roberto,
>
> I have a set of patches for the samba DLZ and bind9 that allow to update
> the zone using symmetric TSIG keys, working with ISC DHCP. It is a bit
> tricky but works.
>
> The patch for bind9 is required to send the key to the DLZ
> implementation, base64 encoded. The patch for the samba DLZ includes a
> bison parser to read the session key from /run/named/session.key and the
> keys in the file /etc/bind/keys. Both keys are compared to allow or deny
> the update.
>
> I am not sure about the security implications of this approach, maybe
> someone could have a look at it and comment on. You can find binary
> packages for ubuntu with the patches in
> https://launchpad.net/~kernevil/+archive/bind9 and
> https://launchpad.net/~kernevil/+archive/samba4-bundled
>
> Cheers.
>
Hi Samuel,
In my tests with Debian 6.0.6 + Bind 9.8.1-P1 + Samba 4.0.3 (DLZ), I received
the following message in the log:
named[859]: samba_dlz: starting transaction on zone example.com
named[859]: client 192.168.200.100#48738: update 'example.com/IN' denied
named[859]: samba_dlz: canceling transaction on zone example.com
I'll test the Samba 4 on Ubuntu using the packages you mentioned
Thanks for the help.
More information about the samba-technical
mailing list