[PATCH] DNS scavenging in the AD DC

Andrew Bartlett abartlet at samba.org
Tue Jul 10 09:35:11 UTC 2018 

On Tue, 2018-07-10 at 09:22 +0200, Stefan Metzmacher wrote:
> Am 10.07.2018 um 07:21 schrieb Andrew Bartlett via samba-technical:
> > Attached here is the latest iteration of Aaron's DNS scavenging patch
> > series, as cleaned up by Gary and myself.
> > 
> > While there is much more I would like to see done (dbcheck rules to
> > handle the existing records, command-line tools to change the
> > settings), at this time this is a useful improvement and finally
> > creates static and dynamic records correctly.
> 
> Do you have a strategy how to detect broken records, older versions
> have added?

I don't have a good plan on that yet.

> Can we do some magic using 110 as magic?
> 
> git grep 110 source4/dns_server/
> source4/dns_server/dns_utils.c: uint32_t dwSerial = 110;
> source4/dns_server/pydns.c:     static const int serial = 110;
> source4/dns_server/pydns.c:     static const int serial = 110;

I'm still trying to track down what BIND9_DLZ is using.  

> And change that value in the fixing patchset?

Sure, I can at least do that. 

> I'd really like to avoid to force a manual cleanup of this
> to administrators.

Understood. 

> And we also have to make sure that we don't delete records
> in existing setups, which where supposed to be static!

Sure, but this is off by default anyway.  

Should we just disable it at the smb.conf level as well until we sort
out a more complete plan?

> > Aside from the WHATSNEW it is reviewed by Gary and myself, and the
> > tests have been run against Windows and the windows static record
> > behaviour has been clarified by Microsoft. 
> > 
> > https://gitlab.com/samba-team/samba/merge_requests/26
> > 
> > CI: https://gitlab.com/catalyst-samba/samba/pipelines/25444977

Hmm, CI was unhappy.  I'll investigate. 

> > Please review and push!
> 
> Can you please add bug references to
> https://bugzilla.samba.org/show_bug.cgi?id=10812
> and
> https://bugzilla.samba.org/show_bug.cgi?id=12451

I did add both, I guess you want them on more patches?  (Easily done,
tomorrow). 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list