Allow the resolv_wrapper to handle NS records

Andrew Bartlett abartlet at samba.org
Sun May 15 19:25:16 UTC 2016 

On Sun, 2016-05-15 at 08:05 -0700, Richard Sharpe wrote:
> On Sat, May 14, 2016 at 10:14 PM, Richard Sharpe
> <realrichardsharpe at gmail.com> wrote:
> > On Sat, May 14, 2016 at 10:12 PM, Andrew Bartlett <
> > abartlet at samba.org> wrote:
> > > On Sat, 2016-05-14 at 21:57 -0700, Richard Sharpe wrote:
> > > > Hi folks,
> > > > 
> > > > To actually get net ads dns register working in the self-test
> > > > environment, two things are needed:
> > > > 
> > > > 1. We need to add some NS records to the dns_host_file,
> > > > 
> > > > 2. resolve_wrapper needs to return them.
> > > > 
> > > > Attached is a patch to do the second.
> > > > 
> > > > When someone tells me where the first is set up I can fix that
> > > > as
> > > > well.
> > > 
> > > samba_dnsupdate writes to it.
> > 
> > Hmmm, OK. I noticed that code, but wasn't sure.
> > 
> > I will spend more time looking at it.
> > 
> > I am now close to being able to write tests for the net ads dns
> > functionality.
> 
> I think I now understand what is going on. selftest/target/Samba4.pm
> sets up the Samba4 conf file with a dns update command in it that
> contains --all-interfaces and --use-file on the command line, which
> causes the DNS stuff to be written to the file specified where
> everyone can used it.
> 
> So, I have two choices:
> 
> 1. Hard-code the knowledge that if --use-file is used, an NS record
> should be added to the update_list.
> 
> 2. Add an additional flag --add-ns that causes an NS record to be
> written when --use-file is employed.
> 
> Any comments?
> 
> I prefer the second so that other users of --use-file do not get
> unexpected results.

The NS record is needed in any case, and --use-file is only a selftest
hack.  

The issue with the patch series I posted is that in theory, we should
be added NS records to both parent and child zones (glue records). 

Given how Samba4 is deployed I really don't see the point, but my patch
series tried to do that.  Many users have complained about the current
situation for much the same reason you have, except that they see it on
secondary DCs, not the primary one, as on the first DC our provision
generated zone contains NS records.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list