[PATCH] Use samba-tool to add DNS entries with samba_dnsupdate

Stefan Metzmacher metze at samba.org
Wed Sep 2 14:35:20 UTC 2015

Hi Andrew,

>> This exposes an interesting thing that we need.  Adding this exposes 
>> a
>> missing feature in resolv_wrapper, because it now can no longer find
>> short names, as it needs to implement the 'search' keyword.
>> https://bugzilla.samba.org/show_bug.cgi?id=11478
>> I looked into why another improbable case worked (looking for a
>> workaround), and noticed this bug:
>> https://bugzilla.samba.org/show_bug.cgi?id=11477
>> Once we fix that, we will need to fix
>> torture/rpc/lsa.c:check_pw_with_krb5(), as it relies on this bug (or
>> run that test against $SERVER_IP).
>> In the meantime, I'm running another autobuild to see how far we get
>> when using nss_wrapper and resolv_wrapper.
> I've updated my samba_dnsupdate-and-tests-base with an initial test,
> that uses this framework, so I'm keen to see if we can get this in.

Please remove
it doesn't belong there.

I think the dns_update_list is not really correct, it means we
would try to update NS records via dns and only some of them also
via RPC. See

We should only do it via RPC and all domains, see

Can we squash

> Sorting out the forwarding required for the new trusts tests will be
> key for that,

We should implement the conditional dns forwarder logic and also read
the configured forwarders for the ldb file instead of smb.conf.

> but in the meantime, how do we get these samba_dnsupdate
> improvements to our users?

One problem is that 'dns_update_list' is a config file, it would be
good to have a way to update it as part of an samba update.

A possible solution might be, not copying 'dns_update_list' as part of
the provision/dc join, and use the one from

So we could use a logic like this:

a) if /var/lib/samba/private/dns_update_list does not exist we use
  /usr/share/samba/setup/dns_update_list. This will be the case for all
  new installations.

b) if /var/lib/samba/private/dns_update_list.extra exist internally
   append its content to the content of a)

This way we can update existing installations in future more easily
(similar to what we did with the 'samba_dsdb' ldb module).

If we do this we should also use such a logic for spn_update_list.

If wanted packagers can add some rpm of dpkg magic to delete
/var/lib/samba/private/dns_update_list if it wasn't modified by the admin.

Otherwise an admin can remove /var/lib/samba/private/dns_update_list on
his own.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150902/16ca1f7f/signature.sig>

More information about the samba-technical mailing list