[Samba] FW: DNS record info (samba-tool)

Stuart Naylor stuartiannaylor at thursbygarden.org
Tue Apr 8 21:41:27 MDT 2014 

This is why I am against formalised wiki's.

Absolutely top great information is posted on this list and its just lost in chronological time.

Should be just categorised (chapters) newsfeed.

You would get twenty votes off me for this one Gunter, many thanks for the time and effort.

Documentation work already happens during discussion, you could quickly form a complete reference by doing what you already do.

Its the UnKE UnStructured Knowledge Exchange that I keep banging on about.

Formed by user request and if there was the mechanism user review.

Wow Gunter many thanks.

Stuart.

Just having a look at apols gunter but just so we all know.

samba-tool user add and samba-tool user create.

Is there a difference?



 
 
-----Original message-----
> From:Günter Kukkukk <linux at kukkukk.com>
> Sent: Wednesday 9th April 2014 3:01
> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; samba at lists.samba.org
> Subject: Re: [Samba] FW:  DNS record info (samba-tool)
> 
> Am 08.04.2014 22:18, schrieb Stuart Naylor:
> > Doh forgot to cc
> > 
> >  
> >  
> > -----Original message-----
> >> From:Stuart Naylor <stuartiannaylor at thursbygarden.org>
> >> Sent: Tuesday 8th April 2014 21:16
> >> To: Günter Kukkukk <linux at kukkukk.com>
> >> Subject: RE: [Samba] DNS record info (samba-tool)
> >>
> >> Brilliant, glad about that as zones pretty much done on set up and no worry about a restart.
> >>
> >> Great that adding records to a zone doesn't as restarting samba for that each time would be a bit strange in production.
> >>
> >> Gunter apols to ask you again but you do seem to be a wealth of infomation.
> >>
> >> With samba-tool and dns entries the only documented dns add is something like
> >>
> >>
> >> samba-tool dns add SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa 32 PTR SAMBA1.SAMBA4.LAN --username=administrator
> >>
> >> Am I confused as the cli presents this samba-tool dns add <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
> >>
> >> So the above is server=SAMBA1.SAMBA4.LAN zone=1.168.192.in-addr.arpa name=32 PTR data=SAMBA1.SAMBA4.LAN
> >>
> >> To be honest it was just 'name' that threw me.
> >>
> >> root at samba1:~# samba-tool dns delete
> >> Usage: samba-tool dns delete <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
> >>
> >> would be samba-tool dns delete SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa 32 PTR SAMBA1.SAMBA4.LAN --username=administrator
> >>
> >> which it was.
> 
> 
> Hi Stuart,
> 
> first of all let us have a look at "--username=administrator" aka "-Uadministrator"
> which is needed with many samba-tool commands.
> 
> To avoid entering it over and over again, one can use
>      kinit administrator at YOUR.REALM
> and then enter the password *once*.
> 
> From now on the administrator and its password can be omitted with samba-tool commands.
> AFAIR there is at least one exception from this rule when using
>     samba-tool domain demote
> Here the -Uadministrator had to be used, but i might be wrong here ....
> 
> >>
> >> So you can have duplicate 'names' as long as the data points to the correct entry?
> 
> Now it starts to get a bit problematically.  :-(
> 
> Sure, you can add many A or AAAA records pointing to the same host. (a host can have many of them)
> Same holds true for the reverse PTR records and others...
> 
> But - (atm) samba-tool also *allows* you to add records which are wrong, e.g. CNAME entries.
> When you have a look at (i assume the ISC bind tools are installed):
>    dig irc.freenode.org
> 
> ...
> ;; ANSWER SECTION:
> irc.freenode.org.       84      IN      CNAME   irc.freenode.net.
> irc.freenode.net.       41      IN      CNAME   chat.freenode.net.
> chat.freenode.net.      299     IN      A       193.219.128.49
> chat.freenode.net.      299     IN      A       185.30.166.35
> ... and so on
> A CNAME alias *must always* point to an already *existing* A/AAAA (or even CNAME) record!
> In the above example a CNAME points to another CNAME, which then points to many A records.
> Most docus note that this should be avoided due to performance - but it's valid.
> 
> Now back to samba-tool.
> Here i add 2 CNAME records which point to *not existing* hostname records:
>    samba-tool dns add li4771-131 addlz.kukkukk.com abcd.addlz.kukkukk.com CNAME notthere.addlz.kukkukk.com
>    samba-tool dns add li4771-131 addlz.kukkukk.com xyz1.addlz.kukkukk.com CNAME wrong.addlz.kukkukk.com
> Both commands add the CNAMEs without problem - but they are wrong and cannot be resolved by dns queries!
> 
> I guess, when trying the same with dyn. DNS updates, those CNAMEs will fail... cause there the existence
> of the resulting host will be usually checked as a "prerequisite" ...
> 
> A last hint:
> The name "samba-tool" is nice - but a bit long.
> So i added the following to ~/.bashrc
>    alias st=samba-tool
> (then use "source ~/.bashrc" to get it reloaded)
> From now on one can use "st" instead of longer "samba-tool".  :-)
> Note that the command "st" should not be in use already.
> 
> Cheers,  Günter
> 
> >>
> >> Stuart
> >>
> >>  
> >>  
> >>  
> >> -----Original message-----
> >>> From:Günter Kukkukk <linux at kukkukk.com>
> >>> Sent: Tuesday 8th April 2014 20:26
> >>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>
> >>> Cc: samba at lists.samba.org
> >>> Subject: Re: [Samba] DNS record info (samba-tool)
> >>>
> >>> Am 08.04.2014 20:31, schrieb Stuart Naylor:
> >>>> Thanks Gunter,
> >>>>
> >>>> I am keeping to the internal, I am not a fan of bind in this scenario.
> >>>>
> >>>> Gunter so even though it lists that is just an RPC call but actually the working record needs a restart?
> >>>>
> >>>> I am trying to do a webmin module for Samba4 rather than use any RSAT tools.
> >>>>
> >>>> The DNS part is a little confusing :)
> >>>>
> >>>> Stuart 
> >>>
> >>> there are (at least) 2 ways to manipulate samba (windows) dns entries:
> >>>   - using dce/rpc calls to modify the AD directory directly
> >>>     (e.g. used by samba-tool, MS DNS Manager GUI, ...)
> >>>   - using dynamic DNS
> >>>     (e.g. ISC nsupdate, MS ipconfig /registerdns, ...)
> >>>
> >>> When samba starts, the internal dns server reads all currently defined
> >>> zones (from ADS) - and the containing dns records - into its _own_ data structures.
> >>>
> >>> When a new zone is added, the dce/rpc tools will show it,
> >>> but the internal dns must be restarted.
> >>>
> >>> When you then add new records to any now existing zone, the dns server
> >>> will also track them. So no samba restart is needed.
> >>>
> >>> Cheers, Günter
> >>>
> >>>>
> >>>>  
> >>>>  
> >>>> -----Original message-----
> >>>>> From:Günter Kukkukk <linux at kukkukk.com>
> >>>>> Sent: Tuesday 8th April 2014 19:15
> >>>>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; Marc Muehlfeld <samba at marc-muehlfeld.de>; samba at lists.samba.org
> >>>>> Subject: Re: [Samba] DNS record info (samba-tool)
> >>>>>
> >>>>> Am 08.04.2014 19:08, schrieb Stuart Naylor:
> >>>>>> root at samba1:~# samba-tool dns query SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa @ ALL --username=administrator       Password for [SAMBA4\administrator]:
> >>>>>>   Name=, Records=2, Children=0
> >>>>>>     SOA: serial=2, refresh=900, retry=600, expire=86400, minttl=3600, ns=samba1.samba4.lan., email=hostmaster.samba4.lan. (flags=600000f0, serial=2, ttl=3600)
> >>>>>>     NS: samba1.samba4.lan. (flags=600000f0, serial=1, ttl=3600)
> >>>>>>   Name=32, Records=1, Children=0
> >>>>>>     PTR: SAMBA1.SAMBA4.LAN (flags=f0, serial=2, ttl=900)
> >>>>>>
> >>>>>>
> >>>>>> @ ALL seems to do it.
> >>>>>> trying to use samba-tool and not the RSAT tools.
> >>>>>>
> >>>>>> any more info anyone?
> >>>>>>
> >>>>>> Thanks
> >>>>>>
> >>>>>> Stuart
> >>>>>>
> >>>>>>
> >>>>>>  
> >>>>>>  
> >>>>>> -----Original message-----
> >>>>>>> From:Marc Muehlfeld <samba at marc-muehlfeld.de>
> >>>>>>> Sent: Tuesday 8th April 2014 17:55
> >>>>>>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; samba at lists.samba.org
> >>>>>>> Subject: Re: [Samba] DNS record info (samba-tool)
> >>>>>>>
> >>>>>>> Hello Stuart,
> >>>>>>>
> >>>>>>> Am 08.04.2014 18:08, schrieb Stuart Naylor:
> >>>>>>>> But if I wanted to browse and delete a record how do I do it?
> >>>>>>>
> >>>>>>>
> >>>>>>> Have you seen
> >>>>>>> https://wiki.samba.org/index.php/DNS_Administration
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> Regards,
> >>>>>>> Marc
> >>>>>>>
> >>>>>
> >>>>> Are you using the internal samba dns server?
> >>>>> If so, you need to restart samba after adding a dns zone. The zone was
> >>>>> added with rpc calls to the directory, but the dns server doesn't
> >>>>> notice this atm .
> >>>>> Note - also with the bind dlz module, sometimes wrong results have been seen
> >>>>> after adding a zone. So one might also here need to restart bind/samba.
> >>>>>
> >>>>> Cheers, Günter
> >>>>>
> >>>>> -- 
> >>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>> -- 
> >>>
> >>>
> 
> 
> -- 
> 
>

More information about the samba mailing list