[PATCH] Use samba-tool to add DNS entries with samba_dnsupdate

Stefan (metze) Metzmacher metze at samba.org
Sat Mar 14 03:33:45 MDT 2015 

Am 14.03.2015 um 10:19 schrieb Andrew Bartlett:
> On Sat, 2015-03-14 at 10:07 +0100, Stefan (metze) Metzmacher wrote:
>> Hi Andrew,
>>
>>>>> Why did you not add NS records to the dns_update_list?  Are we unable to
>>>>> add those with dynamic DNS updates for some reason?  (If so, I'll make a
>>>>> special case to force these to samba-tool). 
>>>>
>>>> Yes, this is not allowed via dns updates against Windows.
>>>>
>>>> I'd propose the following syntax:
>>>>
>>>> RPC ${ZONE} ${TYPE} ${NAME} ${TARGET}
>>>>
>>>> SERVER = NS server von ZONE
>>>> => samba-tool dns add ${SERVER} ${ZONE} ${NAME}. ${TYPE} ${TARGET}
>>>>
>>>> ${IF_RWDNS_DOMAIN}RPC ${DNSDOMAIN} NS ${DNSDOMAIN} ${HOSTNAME}
>>>> => samba-tool dns add ${SERVER} ${DNSDOMAIN} ${DNSDOMAIN}. NS ${HOSTNAME}
>>>> ${IF_RWDNS_FOREST}RPC _msdcs.${DNSFOREST} NS _msdcs.${DNSFOREST} ${HOSTNAME}
>>>> => samba-tool dns add ${SERVER} _msdcs.${DNSFOREST} _msdcs.${DNSFOREST}.
>>>> NS ${HOSTNAME}
>>>> ${IF_RWDNS_FOREST}RPC ${DNSFOREST} NS _msdcs.${DNSFOREST} ${HOSTNAME}
>>>> => samba-tool dns add ${SERVER} ${DNSFOREST} _msdcs.${DNSFOREST}. NS
>>>> ${HOSTNAME}
>>>>
>>>> See
>>>> https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=c57c578539e65ce4fa9c4bc2c61b08ad9900a40a
>>>
>>> Why not just make NS records go via the RPC layer, leaving the rest of
>>> the syntax as-is?
>>
>> Also note that we require _msdcs.${DNSFOREST} to be updated twice.
>> Once in the _msdcs.${DNSFOREST} zone and in the ${DNSFOREST} (see above).
> 
> OK, the glue records.
> 
>> This is not possible with the current syntax.
>>
>> So it's basicaly just "RPC ${ZONE} " in front of what we have.
>>
>>> How does the RPC prefix help, given I already have the transformation
>>> between the different command-line syntaxes for the fallback case?
>>
>> I think there're also other name types which require RPC to be used
>> and currently the dns_update_list file is flexible enough to be extended
>> by the admin. E.g. it's possible to add MX records, which would likely
>> to require
>> rpc too.
> 
> What is special about MX records?

It's just an example. But as far as I remember Windows rejects more
than just NS updates via DNS. But I just tested that MX records work
over DNS.

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150314/a0621809/attachment.pgp>

More information about the samba-technical mailing list