[PATCH] Use samba-tool to add DNS entries with samba_dnsupdate
Andreas Schneider
asn at samba.org
Tue Sep 8 06:59:05 UTC 2015
On Tuesday, September 08, 2015 09:36:57 AM Andrew Bartlett wrote:
> On Mon, 2015-09-07 at 16:46 +0200, Andreas Schneider wrote:
> > On Monday, September 07, 2015 03:45:36 PM Andrew Bartlett wrote:
> > > On Thu, 2015-09-03 at 18:53 +0200, Andreas Schneider wrote:
> > >
> > > I would review this, but can you please propose a patch with a
> > > clearer
> > > title and rationalle for 'dns faking'. Can we please define it
> > >
> > > into:
> > > - nss DNS emulation
> > > - resolv DNS emulation
> >
> > nss DNS emulation is used by most of our code.
> > resolv DNS emulation is only used for SRV lookups.
> >
> > resolv DNS emulation works only because libresolv is a library on its
> > own and
> > it is using socket function we wrap with socket_wrapper.
> >
> > getaddrinfo calls gethosbyname3 which comes from libnss_dns.so and it
> > calls
> > __libc_res_nsearch().
> >
> > Maybe we can intercept __libc_res_nsearch(). I have to play around
> > with it.
>
> Andreas,
>
> Thanks for looking into that. But backing up a little, what of the
> above does 'dns faking' turn on and off?
resolv_wrapper can either direct queries specifying a nameserver in our own
resolv.conf file or fake it (with a dns_hosts_file). This is only for code
with uses res_(n)search or res_(n)query e.g. libkrb5 or samba code doing SRV
record lookups.
All other name resolution is going trough nss_wrapper which wraps
getaddrinfo(), gethosbyname*() etc.
> For me, we must have a single source of truth for the names, either a
> (single) file, or a DNS server over socket_wrapper. The part-way
> solutions we have and are being proposed are just messing with my head.
>
> The challenge I have is that I want to only rely on our DNS server, not
> also the static hosts file. This is because I want to test changing IP
> addresses and names (which is the client task that triggered all this,
> a tested set of scripts to change the IP and name of a DC).
If you want to support only one resource you should implement support to load
NSS host modules in nss_wrapper. Then implement a NSS host dns module using
libresolv or directly dlopen() libresolv_wrapper.so.
This way you only have one source for DNS ...
I'm happy to discuss details and review patches you send for nss_wrapper
upstream.
Cheers,
-- andreas
More information about the samba-technical
mailing list