[PATCH][WIP] Create DC DNS entires at domain join
Stefan Metzmacher
metze at samba.org
Fri Feb 24 07:59:39 UTC 2017
Hi Andrew,
> Just as with the domain member join, the DC join really should create
> the essential DNS entries at join time.
>
> This should make it easier for folks to get DNS working and fully
> replicated, by ensuring the entry isn't written to the local DC (that
> nobody else knows how to contact).
>
> The attached patch does exactly that, in this case using the dnsrpc
> protocol.
>
> I chose the dnsserver RPC protocol because:
> - I don't want to race with the replication of the machine account to
> the KDC (which might not be the server I'm joining). Instead we will
> change the owner over LDAP
> - Direct LDAP or DsAddEntry injection wouldn't update the sequence
> number
> - shelling to nsupdate isn't reliable
> - We still don't have great bindings for secure DNS updates in python
>
> I need to finish the owner change part, and write the dns_update_cache,
> but we do successfully create the DNS records and re-sync the database.
> This should make Samba DCs a little more reliable from the moment they
> start.
>
> Comment welcome.
I typically just use the following after "samba-tool domain join":
samba_dnsupdate --use-samba-tool --rpc-server-ip=<ip>
Can't we just call that at the end of the join?
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170224/148f272e/signature.sig>
More information about the samba-technical
mailing list