[Samba] FW: DNS record info (samba-tool)

Günter Kukkukk linux at kukkukk.com
Tue Apr 8 21:55:05 MDT 2014 

Am 09.04.2014 05:41, schrieb Stuart Naylor:
> This is why I am against formalised wiki's.
> 
> Absolutely top great information is posted on this list and its just lost in chronological time.
> 
> Should be just categorised (chapters) newsfeed.
> 
> You would get twenty votes off me for this one Gunter, many thanks for the time and effort.
> 
> Documentation work already happens during discussion, you could quickly form a complete reference by doing what you already do.
> 
> Its the UnKE UnStructured Knowledge Exchange that I keep banging on about.
> 
> Formed by user request and if there was the mechanism user review.
> 
> Wow Gunter many thanks.
> 
> Stuart.
> 
> Just having a look at apols gunter but just so we all know.
> 
> samba-tool user add and samba-tool user create.
> 
> Is there a difference?

No, both do the same....
There was a discussion "which one to use" about that in the past - now we have both.

Cheers, Günter

> 
> 
> 
>  
>  
> -----Original message-----
>> From:Günter Kukkukk <linux at kukkukk.com>
>> Sent: Wednesday 9th April 2014 3:01
>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; samba at lists.samba.org
>> Subject: Re: [Samba] FW:  DNS record info (samba-tool)
>>
>> Am 08.04.2014 22:18, schrieb Stuart Naylor:
>>> Doh forgot to cc
>>>
>>>  
>>>  
>>> -----Original message-----
>>>> From:Stuart Naylor <stuartiannaylor at thursbygarden.org>
>>>> Sent: Tuesday 8th April 2014 21:16
>>>> To: Günter Kukkukk <linux at kukkukk.com>
>>>> Subject: RE: [Samba] DNS record info (samba-tool)
>>>>
>>>> Brilliant, glad about that as zones pretty much done on set up and no worry about a restart.
>>>>
>>>> Great that adding records to a zone doesn't as restarting samba for that each time would be a bit strange in production.
>>>>
>>>> Gunter apols to ask you again but you do seem to be a wealth of infomation.
>>>>
>>>> With samba-tool and dns entries the only documented dns add is something like
>>>>
>>>>
>>>> samba-tool dns add SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa 32 PTR SAMBA1.SAMBA4.LAN --username=administrator
>>>>
>>>> Am I confused as the cli presents this samba-tool dns add <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
>>>>
>>>> So the above is server=SAMBA1.SAMBA4.LAN zone=1.168.192.in-addr.arpa name=32 PTR data=SAMBA1.SAMBA4.LAN
>>>>
>>>> To be honest it was just 'name' that threw me.
>>>>
>>>> root at samba1:~# samba-tool dns delete
>>>> Usage: samba-tool dns delete <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
>>>>
>>>> would be samba-tool dns delete SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa 32 PTR SAMBA1.SAMBA4.LAN --username=administrator
>>>>
>>>> which it was.
>>
>>
>> Hi Stuart,
>>
>> first of all let us have a look at "--username=administrator" aka "-Uadministrator"
>> which is needed with many samba-tool commands.
>>
>> To avoid entering it over and over again, one can use
>>      kinit administrator at YOUR.REALM
>> and then enter the password *once*.
>>
>> From now on the administrator and its password can be omitted with samba-tool commands.
>> AFAIR there is at least one exception from this rule when using
>>     samba-tool domain demote
>> Here the -Uadministrator had to be used, but i might be wrong here ....
>>
>>>>
>>>> So you can have duplicate 'names' as long as the data points to the correct entry?
>>
>> Now it starts to get a bit problematically.  :-(
>>
>> Sure, you can add many A or AAAA records pointing to the same host. (a host can have many of them)
>> Same holds true for the reverse PTR records and others...
>>
>> But - (atm) samba-tool also *allows* you to add records which are wrong, e.g. CNAME entries.
>> When you have a look at (i assume the ISC bind tools are installed):
>>    dig irc.freenode.org
>>
>> ...
>> ;; ANSWER SECTION:
>> irc.freenode.org.       84      IN      CNAME   irc.freenode.net.
>> irc.freenode.net.       41      IN      CNAME   chat.freenode.net.
>> chat.freenode.net.      299     IN      A       193.219.128.49
>> chat.freenode.net.      299     IN      A       185.30.166.35
>> ... and so on
>> A CNAME alias *must always* point to an already *existing* A/AAAA (or even CNAME) record!
>> In the above example a CNAME points to another CNAME, which then points to many A records.
>> Most docus note that this should be avoided due to performance - but it's valid.
>>
>> Now back to samba-tool.
>> Here i add 2 CNAME records which point to *not existing* hostname records:
>>    samba-tool dns add li4771-131 addlz.kukkukk.com abcd.addlz.kukkukk.com CNAME notthere.addlz.kukkukk.com
>>    samba-tool dns add li4771-131 addlz.kukkukk.com xyz1.addlz.kukkukk.com CNAME wrong.addlz.kukkukk.com
>> Both commands add the CNAMEs without problem - but they are wrong and cannot be resolved by dns queries!
>>
>> I guess, when trying the same with dyn. DNS updates, those CNAMEs will fail... cause there the existence
>> of the resulting host will be usually checked as a "prerequisite" ...
>>
>> A last hint:
>> The name "samba-tool" is nice - but a bit long.
>> So i added the following to ~/.bashrc
>>    alias st=samba-tool
>> (then use "source ~/.bashrc" to get it reloaded)
>> From now on one can use "st" instead of longer "samba-tool".  :-)
>> Note that the command "st" should not be in use already.
>>
>> Cheers,  Günter
>>
>>>>
>>>> Stuart
>>>>
>>>>  
>>>>  
>>>>  
>>>> -----Original message-----
>>>>> From:Günter Kukkukk <linux at kukkukk.com>
>>>>> Sent: Tuesday 8th April 2014 20:26
>>>>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>
>>>>> Cc: samba at lists.samba.org
>>>>> Subject: Re: [Samba] DNS record info (samba-tool)
>>>>>
>>>>> Am 08.04.2014 20:31, schrieb Stuart Naylor:
>>>>>> Thanks Gunter,
>>>>>>
>>>>>> I am keeping to the internal, I am not a fan of bind in this scenario.
>>>>>>
>>>>>> Gunter so even though it lists that is just an RPC call but actually the working record needs a restart?
>>>>>>
>>>>>> I am trying to do a webmin module for Samba4 rather than use any RSAT tools.
>>>>>>
>>>>>> The DNS part is a little confusing :)
>>>>>>
>>>>>> Stuart 
>>>>>
>>>>> there are (at least) 2 ways to manipulate samba (windows) dns entries:
>>>>>   - using dce/rpc calls to modify the AD directory directly
>>>>>     (e.g. used by samba-tool, MS DNS Manager GUI, ...)
>>>>>   - using dynamic DNS
>>>>>     (e.g. ISC nsupdate, MS ipconfig /registerdns, ...)
>>>>>
>>>>> When samba starts, the internal dns server reads all currently defined
>>>>> zones (from ADS) - and the containing dns records - into its _own_ data structures.
>>>>>
>>>>> When a new zone is added, the dce/rpc tools will show it,
>>>>> but the internal dns must be restarted.
>>>>>
>>>>> When you then add new records to any now existing zone, the dns server
>>>>> will also track them. So no samba restart is needed.
>>>>>
>>>>> Cheers, Günter
>>>>>
>>>>>>
>>>>>>  
>>>>>>  
>>>>>> -----Original message-----
>>>>>>> From:Günter Kukkukk <linux at kukkukk.com>
>>>>>>> Sent: Tuesday 8th April 2014 19:15
>>>>>>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; Marc Muehlfeld <samba at marc-muehlfeld.de>; samba at lists.samba.org
>>>>>>> Subject: Re: [Samba] DNS record info (samba-tool)
>>>>>>>
>>>>>>> Am 08.04.2014 19:08, schrieb Stuart Naylor:
>>>>>>>> root at samba1:~# samba-tool dns query SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa @ ALL --username=administrator       Password for [SAMBA4\administrator]:
>>>>>>>>   Name=, Records=2, Children=0
>>>>>>>>     SOA: serial=2, refresh=900, retry=600, expire=86400, minttl=3600, ns=samba1.samba4.lan., email=hostmaster.samba4.lan. (flags=600000f0, serial=2, ttl=3600)
>>>>>>>>     NS: samba1.samba4.lan. (flags=600000f0, serial=1, ttl=3600)
>>>>>>>>   Name=32, Records=1, Children=0
>>>>>>>>     PTR: SAMBA1.SAMBA4.LAN (flags=f0, serial=2, ttl=900)
>>>>>>>>
>>>>>>>>
>>>>>>>> @ ALL seems to do it.
>>>>>>>> trying to use samba-tool and not the RSAT tools.
>>>>>>>>
>>>>>>>> any more info anyone?
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> Stuart
>>>>>>>>
>>>>>>>>
>>>>>>>>  
>>>>>>>>  
>>>>>>>> -----Original message-----
>>>>>>>>> From:Marc Muehlfeld <samba at marc-muehlfeld.de>
>>>>>>>>> Sent: Tuesday 8th April 2014 17:55
>>>>>>>>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; samba at lists.samba.org
>>>>>>>>> Subject: Re: [Samba] DNS record info (samba-tool)
>>>>>>>>>
>>>>>>>>> Hello Stuart,
>>>>>>>>>
>>>>>>>>> Am 08.04.2014 18:08, schrieb Stuart Naylor:
>>>>>>>>>> But if I wanted to browse and delete a record how do I do it?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Have you seen
>>>>>>>>> https://wiki.samba.org/index.php/DNS_Administration
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Marc
>>>>>>>>>
>>>>>>>
>>>>>>> Are you using the internal samba dns server?
>>>>>>> If so, you need to restart samba after adding a dns zone. The zone was
>>>>>>> added with rpc calls to the directory, but the dns server doesn't
>>>>>>> notice this atm .
>>>>>>> Note - also with the bind dlz module, sometimes wrong results have been seen
>>>>>>> after adding a zone. So one might also here need to restart bind/samba.
>>>>>>>
>>>>>>> Cheers, Günter
>>>>>>>
>>>>>>> -- 
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> -- 
>>>>>
>>>>>
>>
>>
>> -- 
>>
>>
> 


--

More information about the samba mailing list