[PATCH] Use samba-tool to add DNS entries with samba_dnsupdate

Stefan (metze) Metzmacher metze at samba.org
Wed Mar 4 00:01:04 MST 2015

Hi Andrew,

> I've been asked by a client to help them rename a DC (in a reproducible,
> scripted way to assist in creating a test clone of their production
> network), and it turned out to be much more work than I ever imagined. 
> I ended up rewriting samba_dnsupdate to use samba-tool when kinit fails.
> This is important, because if you change (say with the renamedc script)
> the host name, and the IP (because if you are moving to the test bench),
> then Kerberos is the *last* thing that will work.
> This uses NTLMSSP to one of the interface IP addresses.
> Please review/comment/push!

I may push some of them.

> Metze,
> Why did you not add NS records to the dns_update_list?  Are we unable to
> add those with dynamic DNS updates for some reason?  (If so, I'll make a
> special case to force these to samba-tool). 

Yes, this is not allowed via dns updates against Windows.

I'd propose the following syntax:


SERVER = NS server von ZONE
=> samba-tool dns add ${SERVER} ${ZONE} ${NAME}. ${TYPE} ${TARGET}

=> samba-tool dns add ${SERVER} ${DNSDOMAIN} ${DNSDOMAIN}. NS ${HOSTNAME}
=> samba-tool dns add ${SERVER} _msdcs.${DNSFOREST} _msdcs.${DNSFOREST}.
=> samba-tool dns add ${SERVER} ${DNSFOREST} _msdcs.${DNSFOREST}. NS



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150304/471e92e2/attachment.pgp>

More information about the samba-technical mailing list