[PATCH] Create a 'binddns dir' for files used by the bind_dlz module and named

Andreas Schneider asn at samba.org
Tue Sep 12 12:48:23 UTC 2017 

On Wednesday, 6 September 2017 11:27:38 CEST Andreas Schneider via samba-
technical wrote:
> On Tuesday, 5 September 2017 12:31:20 CEST Andreas Schneider via samba-
> 
> technical wrote:
> > On Monday, 4 September 2017 21:22:39 CEST Andrew Bartlett wrote:
> > > Andreas,
> > 
> > Andrew,
> > 
> > > I know this won't make you very happy, but I think this is a 4.8 patch
> > > at this point.  You can of course patch Fedora packages, but I fear
> > > further dragons, given the fight it has given so far, and while parts
> > > of the DLZ mode are tested (thankfully!) the whole integration is not
> > > verified in make test.
> 
> Hi,
> 
> > would you accept it if Marc and I would do manual testing and fix
> > remaining
> > issues.
> > 
> > This means upgrading from 4.6 to 4.7 with my patchset and check if it
> > works
> > seemlessly.
> > Switching backends etc.
> > 
> > I do not feel very happy with the current code and giving named broad
> > access to keytab and AD partitions.
> > 
> > Also when switching from bind_dlz to the internal DNS we should remove
> > files which give the named group full access to AD.
> 
> Jeremy pushed the last patchset from this thread to master.
> 
> Yesterday I asked Marc for help. He tested the feature and we discussed
> several aspects, especially security concerns, like file and directory
> permission.
> We fixed some issues we found during extensive testing and we improved the
> messages samba-tool and samba_upgradedns print so that the user knows what
> he has to do.
> We also found some things we need to fix in the documentation in the wiki.
> 
> 
> The attached patchset addresses the remaining issues. Marc will answer and
> add the test plan we created and he followed.
> 
> I hope this gives you the confidence in the changes that we can include them
> in 4.7.
> 
> Please review carefully.


Ping!


> 
> Thanks,
> 
> 
> 
> 	Andreas
> 
> 
> P.S.: The internel DNS server doesn't work in 4.7 and master
>       https://bugzilla.samba.org/show_bug.cgi?id=13019


-- 
Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org
www.samba.org

More information about the samba-technical mailing list