[Samba] dynamic DNS Updates still failing, re-installed 9 more times, tried everything I could think of, now bald.

steve steve at steve-ss.com
Sun Jun 2 17:11:58 MDT 2013

On Mon, 2013-06-03 at 08:16 +1000, Andrew Bartlett wrote:
> On Mon, 2013-06-03 at 00:05 +0200, steve wrote:

> > Hi
> > openSUSE 12.3
> > This is the first time in many years where the SUSE/openSUSE bind has
> > _almost_ worked out of the box. They will not entertain non chrooted
> > installs.
> This is somehow totally disabled?

No. You can enable it, but the chroot is the default. You cannot install
bind without the bind-chroot environment package too.
> > I've tested it. It's OK without tkey-domain nor tkey-gssapi-credential
> Good.
> > I am trying to present as minimal a setup for the OP. I think in
> > situations such as these, it is important to get bind working choose
> > what. For that we must cut it down to an absolute minimal install with
> > security settings wide open. once it's working, then we can. . .
> > 
> > I think that DNS is still our weakest link and I'm really pleased to see
> > the devs looking through the end user list occasionally. Until the
> > internal DNS is ready, we're stuck with bind. Let's try and make it as
> > painless as possible for ourselves.
> The only way we can really improve it (as far as I'm currently aware) is
> to take the bind binary, and launch it with a custom config file inside
> 'samba' like we do smbd, pointing only at our DNS zone, and with chroot
> etc disabled. 
> That should, in theory, get us most of the control we get with the
> internal server.  Someone needs to write the patches however, and it
> would mean we gain yet another DNS mode (which may be more trouble than
> it's worth - I don't know). 
> Andrew Bartlett

End users need something simple to install. We also need something that
does dynamic dns reliably. The strong points of the internal dns are
it's simplicity of installation. Would it be possible to get it to do
dns updates from nsupdate? The only reason most of us have to go with
bind is because we need reliable dynamic dns updates. Not just sometimes
and then only with windows clients.  Many of the questions and confusion
on this list is to do with DNS. Get that sorted and you have a killer

As this is a very big stopper for many of us, would it be possible to
consider a change of developer emphasis for 4.1? Something like a 'DNS
or bust' approach? Many of the things you are doing are amazing but
without the basic DNS, they're lost on us end users. If you wanted any
DNS testers to get it to the rolling out stage, I'm sure many of us here
would be only too pleased to help you test whatever you could throw at

Thanks for reading. Please don't lose sight of those of us do not code.
We're still very much Samba and still very much here to help the devs
and so the project.

More information about the samba mailing list