[Samba] dynamic DNS Updates still failing, re-installed 9 more times, tried everything I could think of, now bald.

Andrew Bartlett abartlet at samba.org
Sun Jun 2 17:36:59 MDT 2013


On Mon, 2013-06-03 at 01:11 +0200, steve wrote:
> On Mon, 2013-06-03 at 08:16 +1000, Andrew Bartlett wrote:
> > On Mon, 2013-06-03 at 00:05 +0200, steve wrote:
> 
> > > Hi
> > > openSUSE 12.3
> > > This is the first time in many years where the SUSE/openSUSE bind has
> > > _almost_ worked out of the box. They will not entertain non chrooted
> > > installs.
> > 
> > This is somehow totally disabled?
> 
> No. You can enable it, but the chroot is the default. You cannot install
> bind without the bind-chroot environment package too.
> > 
> > > I've tested it. It's OK without tkey-domain nor tkey-gssapi-credential
> > 
> > Good.
> > 
> > > I am trying to present as minimal a setup for the OP. I think in
> > > situations such as these, it is important to get bind working choose
> > > what. For that we must cut it down to an absolute minimal install with
> > > security settings wide open. once it's working, then we can. . .
> > > 
> > > I think that DNS is still our weakest link and I'm really pleased to see
> > > the devs looking through the end user list occasionally. Until the
> > > internal DNS is ready, we're stuck with bind. Let's try and make it as
> > > painless as possible for ourselves.
> > 
> > The only way we can really improve it (as far as I'm currently aware) is
> > to take the bind binary, and launch it with a custom config file inside
> > 'samba' like we do smbd, pointing only at our DNS zone, and with chroot
> > etc disabled. 
> > 
> > That should, in theory, get us most of the control we get with the
> > internal server.  Someone needs to write the patches however, and it
> > would mean we gain yet another DNS mode (which may be more trouble than
> > it's worth - I don't know). 
> > 
> > Andrew Bartlett
> 
> End users need something simple to install. We also need something that
> does dynamic dns reliably. The strong points of the internal dns are
> it's simplicity of installation. Would it be possible to get it to do
> dns updates from nsupdate?

It does do dns updates from nsupdate.  There is a client-side error
shown *after* the successful update, but the developer who developed the
patch for this hasn't been able to write the tests to allow his changes
to make it into master.  

>  The only reason most of us have to go with
> bind is because we need reliable dynamic dns updates. Not just sometimes
> and then only with windows clients.  Many of the questions and confusion
> on this list is to do with DNS. Get that sorted and you have a killer
> app. 

We are not aware that this is anything more than a cosmetic issue.  We
know it looks really bad, but we need someone to pick up that patch, and
find a way to test.

> As this is a very big stopper for many of us, would it be possible to
> consider a change of developer emphasis for 4.1? Something like a 'DNS
> or bust' approach? Many of the things you are doing are amazing but
> without the basic DNS, they're lost on us end users. If you wanted any
> DNS testers to get it to the rolling out stage, I'm sure many of us here
> would be only too pleased to help you test whatever you could throw at
> us.

Sadly that just isn't how the Samba Team works, sorry.  

> Thanks for reading. Please don't lose sight of those of us do not code.
> We're still very much Samba and still very much here to help the devs
> and so the project.

We do very much appreciate your interest.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org




More information about the samba mailing list