Allow the resolv_wrapper to handle NS records

Richard Sharpe realrichardsharpe at gmail.com
Sun May 15 19:37:15 UTC 2016 

On Sun, May 15, 2016 at 12:25 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Sun, 2016-05-15 at 08:05 -0700, Richard Sharpe wrote:
>> On Sat, May 14, 2016 at 10:14 PM, Richard Sharpe
>> <realrichardsharpe at gmail.com> wrote:
>> > On Sat, May 14, 2016 at 10:12 PM, Andrew Bartlett <
>> > abartlet at samba.org> wrote:
>> > > On Sat, 2016-05-14 at 21:57 -0700, Richard Sharpe wrote:
>> > > > Hi folks,
>> > > >
>> > > > To actually get net ads dns register working in the self-test
>> > > > environment, two things are needed:
>> > > >
>> > > > 1. We need to add some NS records to the dns_host_file,
>> > > >
>> > > > 2. resolve_wrapper needs to return them.
>> > > >
>> > > > Attached is a patch to do the second.
>> > > >
>> > > > When someone tells me where the first is set up I can fix that
>> > > > as
>> > > > well.
>> > >
>> > > samba_dnsupdate writes to it.
>> >
>> > Hmmm, OK. I noticed that code, but wasn't sure.
>> >
>> > I will spend more time looking at it.
>> >
>> > I am now close to being able to write tests for the net ads dns
>> > functionality.
>>
>> I think I now understand what is going on. selftest/target/Samba4.pm
>> sets up the Samba4 conf file with a dns update command in it that
>> contains --all-interfaces and --use-file on the command line, which
>> causes the DNS stuff to be written to the file specified where
>> everyone can used it.
>>
>> So, I have two choices:
>>
>> 1. Hard-code the knowledge that if --use-file is used, an NS record
>> should be added to the update_list.
>>
>> 2. Add an additional flag --add-ns that causes an NS record to be
>> written when --use-file is employed.
>>
>> Any comments?
>>
>> I prefer the second so that other users of --use-file do not get
>> unexpected results.
>
> The NS record is needed in any case, and --use-file is only a selftest
> hack.
>
> The issue with the patch series I posted is that in theory, we should
> be added NS records to both parent and child zones (glue records).

Hmmm, if I have this correct, this means that we should add A records
to the parent (example.com) for the name server(s)
(localdc.samba.example.com) in the child domain so they can be
supplied in the additional section when someone looks up
domain.example.com

However, how does that affect secondary DCs? Maybe I need to set
something like this up using containers and see what the issues are.

> Given how Samba4 is deployed I really don't see the point, but my patch
> series tried to do that.  Many users have complained about the current
> situation for much the same reason you have, except that they see it on
> secondary DCs, not the primary one, as on the first DC our provision
> generated zone contains NS records.
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
>
>
>



-- 
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)

More information about the samba-technical mailing list