bind 9.11.3 BIND9_FLATFILE update-policy
Sergey Urushkin
urushkin at telros.ru
Thu Sep 20 14:46:34 UTC 2018
Hello.
Bind 9.11.3 (shipped with ubuntu 18.04) has modifications that prevents
bind to start with samba's update-policy config file included
(BIND9_FLATFILE backend):
https://gitlab.isc.org/isc-projects/bind9/commit/b329876bf1973bbf2ea922aca0ba6eacf8ca9275
Error text:
named.conf.update:3: name field not set to placeholder value '.'
This already was in the mail list:
https://lists.samba.org/archive/samba/2018-March/214738.html
This could be fixed by making a fixed copy of the config and including
it to BIND instead of the original:
sed 's/ms-self \* /ms-self . /' named.conf.update >
named.conf.update.static
The next patch fixes config generation for 9.11.3 and above:
--- a/source4/dsdb/dns/dns_update.c 2018-07-12 11:23:36.000000000 +0300
+++ b/source4/dsdb/dns/dns_update.c 2018-09-20 16:16:32.330242337 +0300
@@ -242,7 +242,7 @@
dprintf(fd, "%s\n",static_policies);
dprintf(fd, "/* End of static entries */\n");
}
- dprintf(fd, "\tgrant %s ms-self * A AAAA;\n", realm);
+ dprintf(fd, "\tgrant %s ms-self . A AAAA;\n", realm);
dprintf(fd, "\tgrant Administrator@%s wildcard * A AAAA SRV CNAME;\n",
realm);
for (i=0; i<dc_count; i++) {
But this may not work with the older versions (not tested!). If so, we
should check the installed bind version on the samba start while
generating the config (named -V) or get the right value (* or .) from
some another place (config file).
Another approach: since the config is pretty much static (at least with
the current single-realm samba and it also doesn't honor real
'Administrator' account name and even more widely - every
dns-administrator name), generate it on the provision
(python/samba/provision/sambadns.py) like we do for named.conf.dlz and
just leave it as is with comments about BIND versions.
--
Best regards,
Sergey Urushkin
More information about the samba-technical
mailing list