[PATCH] Create DC DNS entires at domain join

Andrew Bartlett abartlet at samba.org
Sat Jun 10 03:08:33 UTC 2017 

On Fri, 2017-06-09 at 20:03 +0200, Marc Muehlfeld wrote:
> Hi Andrew,
> 
> Am 09.06.2017 um 06:48 schrieb Andrew Bartlett via samba-technical:
> > > Attached is the patch to have Samba create DNS entries at domain
> > > join.
> 
> I tested the patch with samba-master. If I join a new Samba DC (also 
> samba-master + patch), the A and objectGUID records are now 
> automatically created. Good work.
> 
> 
> However, should this also work when a user joins a Windows DC? I joined 
> 2008 R2 (incl. all available updates), but neither the A nor the 
> objectGUID record was created.

That is interesting.  During development I did test it with Windows,
either 2008R2 or 2012R2 and it did create the records.  That is where I
noticed the different ACLs I mention in the commit.

DNS records are only created if the seperate DNS partition is observed.

> dcpromo checks if dynamic DNS updates are working, before joining the 
> domain. If not, then it displays a warning: 
> http://picpaste.de/pics/19775186510e9a5f65fb1b9211aee564.1497030527.png
> In this newly provisioned AD, dynamic DNS updates are working correctly 
> and the warning wasn't displayed. However, the records weren't created.
> 
> Additionally, I searched both AD DNS zones on the Samba DC and no DNS 
> records were created for the Windows DC. Not even the SRV records. Is 
> this related?

I'm not sure, except that this overall behaviour is part of why we now
diverge from Windows and create some entries at join time, because
otherwise it is easy to have an island DC that nobody else can
replicate to or from.

Thanks for the additional testing.  Can you get me some logs and
network traces for the case that fails, and let me know if the DNS
partitions exist?

I'll hold off pushing it until we get some clarity here, but I hope
there is a simple explanation and we can get this into master soon.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list