[PATCH] Use samba-tool to add DNS entries with samba_dnsupdate

Andrew Bartlett abartlet at samba.org
Thu Mar 12 21:46:56 MDT 2015 

On Wed, 2015-03-04 at 08:01 +0100, Stefan (metze) Metzmacher wrote:
> Hi Andrew,
> 
> > I've been asked by a client to help them rename a DC (in a reproducible,
> > scripted way to assist in creating a test clone of their production
> > network), and it turned out to be much more work than I ever imagined. 
> > 
> > I ended up rewriting samba_dnsupdate to use samba-tool when kinit fails.
> > This is important, because if you change (say with the renamedc script)
> > the host name, and the IP (because if you are moving to the test bench),
> > then Kerberos is the *last* thing that will work.
> > 
> > This uses NTLMSSP to one of the interface IP addresses.
> > 
> > Please review/comment/push!
> 
> I may push some of them.
> 
> > Metze,
> > 
> > Why did you not add NS records to the dns_update_list?  Are we unable to
> > add those with dynamic DNS updates for some reason?  (If so, I'll make a
> > special case to force these to samba-tool). 
> 
> Yes, this is not allowed via dns updates against Windows.
> 
> I'd propose the following syntax:
> 
> RPC ${ZONE} ${TYPE} ${NAME} ${TARGET}
> 
> SERVER = NS server von ZONE
> => samba-tool dns add ${SERVER} ${ZONE} ${NAME}. ${TYPE} ${TARGET}
> 
> ${IF_RWDNS_DOMAIN}RPC ${DNSDOMAIN} NS ${DNSDOMAIN} ${HOSTNAME}
> => samba-tool dns add ${SERVER} ${DNSDOMAIN} ${DNSDOMAIN}. NS ${HOSTNAME}
> ${IF_RWDNS_FOREST}RPC _msdcs.${DNSFOREST} NS _msdcs.${DNSFOREST} ${HOSTNAME}
> => samba-tool dns add ${SERVER} _msdcs.${DNSFOREST} _msdcs.${DNSFOREST}.
> NS ${HOSTNAME}
> ${IF_RWDNS_FOREST}RPC ${DNSFOREST} NS _msdcs.${DNSFOREST} ${HOSTNAME}
> => samba-tool dns add ${SERVER} ${DNSFOREST} _msdcs.${DNSFOREST}. NS
> ${HOSTNAME}
> 
> See
> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=c57c578539e65ce4fa9c4bc2c61b08ad9900a40a

Why not just make NS records go via the RPC layer, leaving the rest of
the syntax as-is?

How does the RPC prefix help, given I already have the transformation
between the different command-line syntaxes for the fallback case?

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150313/c7f9eadc/attachment.pgp>

More information about the samba-technical mailing list