Merge Request - DNS updates allow/deny for SAMBA_INTERAL dns server. Help PLEASE!
matt at mattgrant.net.nz
Fri Jul 22 07:02:01 UTC 2022
Want comments on code changes, and what further tests are required for
Samba test suite. Its been some time since my first MR, and this one is a
for the required test complexity?
Uri, would you be able to help me out again please to help get this
Mechanism for DNS update host/rrnet allow/deny lists. Three functions
dns_update_check_access(), dns_update_get_caddr() (gets subject address
for check from A, AAAA, and PTR records), and
dns_update_ipaddr_check_access() are backended by allow_access_flag_lo()
from lib/util/access.c using the already existing host allow/deny access
The motivation for this is to control what DNS dynamic updates get added
to the SAMBA_INTERNAL DNS in SOHO setups. With out this IPv6 dynamic
addresses from your ISP IPv6 delegated prefix end up in the AD DNS,
even when you have specified an fd00::/16 ULA prefix or RFC 1918 IPv4....
The dns update rrnet allow/deny lists are used for this, in combination
with an interfaces = lo fd14:beee:baaa::DEAD::BEEF/64 statement. Forward
and reverse DNS zones are supported.
Support for clients NOT updating the DNS, but a router running a DHCP
server with a dynamic DNS update client was added via the
dns updates ip auth allow/deny and dns updates allow/deny parameters.
Thus this patch gives SAMBA_INTERNAL dns server the best of both the above
set ups, making it as flexible as using Samba with Bind9 DLZ.
How would I test access lists for update source, and
auth by IP number? Can't see how in test suite to bind update request
to a source IP address.
More information about the samba-technical