[Samba] Antw: Re: bind9 dlopen/dlz problems [update]

[Matthieu Patou]

Hi Marcel,

> Hi Andrew,
>
> thanks for giving an update on this issue.
>
> I know it may be a little early (and insecure) to use this setup - but
> I like the way it works anyway :-)
>
> Just in case someone wanted to modify the provision tool, to create
> the DNS entries in samba ldb database directly instead of creating
> a named.conf - could you give some directions where to start?
>
> (And yes, I know that Active Directory DNS data types are ugly binary
> blobs, but I'll take that as a challenge :-)
I guess the easiest way is to:

0) rebuild with the patch attached to unable python bindings for DNS records
1) create a AD with an AD and let Windows manage the DNS record
2) vampire this domain with samba so that you have in the blobs in your 
s4 DC
3) use ldbsearch to get this entries in base64
4) use a python script to get this blobs in binary
5) use ndrdump dns  in decode_dns_name_packet file_with_1_blob to print 
the blob
6) play with the bindings to see if you manage to manipulate the dns 
records (an example of how we manipulate with bindings others blobs is 
source4/scripting/bin/upgradeprovision around line 837, there is also an 
example attached to this email)
7) manage to generate all the needed record in a dedicated OU of your s4 
provision
8) see how we can add 1 more namingcontext at provision
9) alter provision.py to add the namingcontext for DNS record + the 
record itself !


You might need to come back on IRC at #samba-technical for more questions !

Matthieu

PS: Good luck !

-- 
Matthieu Patou
Samba Team        http://samba.org
Private repo      http://git.samba.org/?p=mat/samba.git;a=summary