[PATCH] Use samba-tool to add DNS entries with samba_dnsupdate

Andreas Schneider asn at samba.org
Wed Sep 2 12:25:06 UTC 2015


On Tuesday 01 September 2015 17:26:22 Andrew Bartlett wrote:
> On Mon, 2015-08-31 at 14:03 +1200, Andrew Bartlett wrote:
> > On Fri, 2015-08-28 at 16:50 +1200, Andrew Bartlett wrote:
> > > On Fri, 2015-08-28 at 15:52 +1200, Andrew Bartlett wrote:
> > > > On Tue, 2015-08-25 at 18:16 +0200, Andreas Schneider wrote:
> > > > > On Tuesday 11 August 2015 16:40:58 Andrew Bartlett wrote:
> > > > > > Can you look at my current samba_dnsupdate branch?  I would
> > > > > > like
> > > > > > to
> > > > > > see
> > > > > > this merged into master as soon as I have tests for it.  It
> > > > > > may
> > > > > > 
> > > > > > not
> > > > > > be
> > > > > > perfect, but it is a massive improvement on the current
> > > > > > state,
> > > > > > and
> > > > > > combined with your dns_update_cache work allows the name and
> > > > > > IP
> > > > > > 
> > > > > > of
> > > > > > a
> > > > > > Samba AD DC to be changed and for us to still recover into a
> > > > > > working
> > > > > > state.
> > > > > > 
> > > > > > This will in turn help a lot of our administrators who
> > > > > > currently
> > > > > > have a
> > > > > > lot of trouble in this situation.
> > > > > > 
> > > > > > (The tests are pending the resolv_wrapper and socket_wrapper
> > > > > > work
> > > > > > 
> > > > > > I'm
> > > > > > sorting out with Andreas).
> > > > > 
> > > > > Hi Andrew,
> > > > > 
> > > > > I've released resolv_wrapper 1.1.3 and socket_wrapper 1.1.4 to
> > > > > use
> > > > > our
> > > > > internal DNS server for testing. It works fine for the standard
> > > > > 
> > > > > AD_DC
> > > > > but it
> > > > > fails setting up the fl2003dc:local environment. I don't know
> > > > > why
> > > > > 
> > > > > it
> > > > > doesn't
> > > > > work there yet. I will look into this next week, if you want to
> > > > > 
> > > > > investigate
> > > > > earlier, you need the changes from here:
> > > > > 
> > > > > https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/
> > > > > ma
> > > > > st
> > > > > er
> > > > > -selftest
> > > > > 
> > > > > 
> > > > > Then run:
> > > > > 
> > > > > make -j testenv SELFTEST_TESTENV="fl2003dc:local"
> > > > > 
> > > > > 
> > > > > It might be another bug in our DNS server ...
> > > > 
> > > > It is, but not in the way you think.  The issue is that we need
> > > > it
> > > > to
> > > > forward DNS queries between the two forests, for the trust to be
> > > > set
> > > > up
> > > > correctly.  While I've currently set up a hack (attached) to make
> > > > 
> > > > it
> > > > forward between the two servers, this may break other things.
> > > > 
> > > > The autobuild got as far as a smb2.notify test failing, that may
> > > > or
> > > > 
> > > > may
> > > > not be related:
> > > > 
> > > > [432(1779)/1870 at 50m34s] samba3.smb2.notify(nt4_dc)
> > > > TESTING CHANGE NOTIFY BASEDIR EVENTS
> > > > maximum runtime exceeded for smbtorture - terminating
> > > > UNEXPECTED(error): samba3.smb2.notify.basedir
> > > > (samba.subunit.RemotedTestCase)(nt4_dc)
> > > > REASON: Exception: Exception: was started but never finished!
> > > > UNEXPECTED(error): samba3.smb2.notify.basedir(nt4_dc)
> > > > (samba.subunit.RemotedTestCase)
> > > > REASON: was started but never finished!
> > > 
> > > The attached patches help ensure we really use resolv_wrapper, and
> > > not
> > > nss_wrapper, and that the 127. addresses used actually get written
> > > into
> > > DNS.
> > 
> > This exposes an interesting thing that we need.  Adding this exposes
> > a
> > missing feature in resolv_wrapper, because it now can no longer find
> > short names, as it needs to implement the 'search' keyword.
> > 
> > https://bugzilla.samba.org/show_bug.cgi?id=11478
> > 
> > I looked into why another improbable case worked (looking for a
> > workaround), and noticed this bug:
> > 
> > https://bugzilla.samba.org/show_bug.cgi?id=11477
> > 
> > Once we fix that, we will need to fix
> > torture/rpc/lsa.c:check_pw_with_krb5(), as it relies on this bug (or
> > run that test against $SERVER_IP).
> > 
> > In the meantime, I'm running another autobuild to see how far we get
> > when using nss_wrapper and resolv_wrapper.
> 
> I've updated my samba_dnsupdate-and-tests-base with an initial test,
> that uses this framework, so I'm keen to see if we can get this in.
> 
> Sorting out the forwarding required for the new trusts tests will be
> key for that, but in the meantime, how do we get these samba_dnsupdate
> improvements to our users?
> 
> Thanks,
> 
> Andrew Bartlett

The patches look fine. Everything is in:

https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-selftest


Can we push that upstream? The version bump patches and the two patches to 
enable it need a RB+ ...


	-- andreas


	-- andreas

-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150902/233210c5/signature.sig>


More information about the samba-technical mailing list