[PATCH][WIP] Create DC DNS entires at domain join

Stefan Metzmacher metze at samba.org
Mon May 29 07:51:52 UTC 2017


Am 29.05.2017 um 07:05 schrieb Andrew Bartlett:
> G'Day metze,
> 
> Attached is my current revision of the DNS at Domain Join patch-set. 
> I've addressed some of your comments, but haven't made any major
> changes, so a number of your desires (for example re-using
> samba_dnsupdate) have not been taken forward.
> 
> I have however made samba_dnsupdate much more robust, because it now
> operates in environments where the /etc/resolv.conf does not point at
> the SOA directly.  
> 
> Additionally, we now fix the DNS server to overstamp the SOA with the
> current server name.  
> 
> These two elements actually address the biggest issues here, because
> the way samba_dnsupate was previously written it would only talk to the
> /etc/resolv.conf server, but insist on getting a ticket named with the
> SOA's name.  This really didn't work well.
> 
> I hope we can agree that this, by ensuring the minimum entries for
> replication are present after the join, is an improvement over the
> current state.
> 
> I realise this is not exactly what you were looking for, but I still
> hope to get this into master soon, as I both need to wrap this area of
> work up and don't want this lost for 4.7.  
> 
> I plan to add in a couple of tests for the join.py changes and propose
> it for review tomorrow, so if you do see something you are still really
> unhappy about, please let me know.

Can't we do the dns rpc calls with the machine account and avoid
resetting the security descriptors manually?

metze


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20170529/276e32be/signature.sig>


More information about the samba-technical mailing list