[PATCH] DNS scavenging in the AD DC

Stefan Metzmacher metze at samba.org
Tue Jul 10 15:37:18 UTC 2018 

Am 10.07.2018 um 11:35 schrieb Andrew Bartlett via samba-technical:
> On Tue, 2018-07-10 at 09:22 +0200, Stefan Metzmacher wrote:
>> Am 10.07.2018 um 07:21 schrieb Andrew Bartlett via samba-technical:
>>> Attached here is the latest iteration of Aaron's DNS scavenging patch
>>> series, as cleaned up by Gary and myself.
>>>
>>> While there is much more I would like to see done (dbcheck rules to
>>> handle the existing records, command-line tools to change the
>>> settings), at this time this is a useful improvement and finally
>>> creates static and dynamic records correctly.
>>
>> Do you have a strategy how to detect broken records, older versions
>> have added?
> 
> I don't have a good plan on that yet.
> 
>> Can we do some magic using 110 as magic?
>>
>> git grep 110 source4/dns_server/
>> source4/dns_server/dns_utils.c: uint32_t dwSerial = 110;
>> source4/dns_server/pydns.c:     static const int serial = 110;
>> source4/dns_server/pydns.c:     static const int serial = 110;
> 
> I'm still trying to track down what BIND9_DLZ is using.  
> 
>> And change that value in the fixing patchset?
> 
> Sure, I can at least do that. 
> 
>> I'd really like to avoid to force a manual cleanup of this
>> to administrators.
> 
> Understood. 
> 
>> And we also have to make sure that we don't delete records
>> in existing setups, which where supposed to be static!
> 
> Sure, but this is off by default anyway.  
> 
> Should we just disable it at the smb.conf level as well until we sort
> out a more complete plan?

Yes, please.

>>> Aside from the WHATSNEW it is reviewed by Gary and myself, and the
>>> tests have been run against Windows and the windows static record
>>> behaviour has been clarified by Microsoft. 
>>>
>>> https://gitlab.com/samba-team/samba/merge_requests/26
>>>
>>> CI: https://gitlab.com/catalyst-samba/samba/pipelines/25444977
> 
> Hmm, CI was unhappy.  I'll investigate. 
> 
>>> Please review and push!
>>
>> Can you please add bug references to
>> https://bugzilla.samba.org/show_bug.cgi?id=10812
>> and
>> https://bugzilla.samba.org/show_bug.cgi?id=12451
> 
> I did add both, I guess you want them on more patches?  (Easily done,
> tomorrow). 

I didn't noticed the related url on the commits which fix the specific
bug.

metze


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20180710/cef431d2/signature.sig>

More information about the samba-technical mailing list