[Samba] FW: DNS record info (samba-tool)

Stuart Naylor stuartiannaylor at thursbygarden.org
Wed Apr 9 11:05:29 MDT 2014 

Just a couple more noob thoughts, all with samba-tool.

Practically all the methods you can return, delete and update the objects. Why is samba-tool user different?

Another thought is how do you create OU's ?

Then going back to DNS and zone additions needed a restart does this mean that replication of these zones would also need a restart?

Stuart

 
 
-----Original message-----
> From:Günter Kukkukk <linux at kukkukk.com>
> Sent: Wednesday 9th April 2014 3:01
> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; samba at lists.samba.org
> Subject: Re: [Samba] FW:  DNS record info (samba-tool)
> 
> Am 08.04.2014 22:18, schrieb Stuart Naylor:
> > Doh forgot to cc
> > 
> >  
> >  
> > -----Original message-----
> >> From:Stuart Naylor <stuartiannaylor at thursbygarden.org>
> >> Sent: Tuesday 8th April 2014 21:16
> >> To: Günter Kukkukk <linux at kukkukk.com>
> >> Subject: RE: [Samba] DNS record info (samba-tool)
> >>
> >> Brilliant, glad about that as zones pretty much done on set up and no worry about a restart.
> >>
> >> Great that adding records to a zone doesn't as restarting samba for that each time would be a bit strange in production.
> >>
> >> Gunter apols to ask you again but you do seem to be a wealth of infomation.
> >>
> >> With samba-tool and dns entries the only documented dns add is something like
> >>
> >>
> >> samba-tool dns add SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa 32 PTR SAMBA1.SAMBA4.LAN --username=administrator
> >>
> >> Am I confused as the cli presents this samba-tool dns add <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
> >>
> >> So the above is server=SAMBA1.SAMBA4.LAN zone=1.168.192.in-addr.arpa name=32 PTR data=SAMBA1.SAMBA4.LAN
> >>
> >> To be honest it was just 'name' that threw me.
> >>
> >> root at samba1:~# samba-tool dns delete
> >> Usage: samba-tool dns delete <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
> >>
> >> would be samba-tool dns delete SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa 32 PTR SAMBA1.SAMBA4.LAN --username=administrator
> >>
> >> which it was.
> 
> 
> Hi Stuart,
> 
> first of all let us have a look at "--username=administrator" aka "-Uadministrator"
> which is needed with many samba-tool commands.
> 
> To avoid entering it over and over again, one can use
>      kinit administrator at YOUR.REALM
> and then enter the password *once*.
> 
> From now on the administrator and its password can be omitted with samba-tool commands.
> AFAIR there is at least one exception from this rule when using
>     samba-tool domain demote
> Here the -Uadministrator had to be used, but i might be wrong here ....
> 
> >>
> >> So you can have duplicate 'names' as long as the data points to the correct entry?
> 
> Now it starts to get a bit problematically.  :-(
> 
> Sure, you can add many A or AAAA records pointing to the same host. (a host can have many of them)
> Same holds true for the reverse PTR records and others...
> 
> But - (atm) samba-tool also *allows* you to add records which are wrong, e.g. CNAME entries.
> When you have a look at (i assume the ISC bind tools are installed):
>    dig irc.freenode.org
> 
> ...
> ;; ANSWER SECTION:
> irc.freenode.org.       84      IN      CNAME   irc.freenode.net.
> irc.freenode.net.       41      IN      CNAME   chat.freenode.net.
> chat.freenode.net.      299     IN      A       193.219.128.49
> chat.freenode.net.      299     IN      A       185.30.166.35
> ... and so on
> A CNAME alias *must always* point to an already *existing* A/AAAA (or even CNAME) record!
> In the above example a CNAME points to another CNAME, which then points to many A records.
> Most docus note that this should be avoided due to performance - but it's valid.
> 
> Now back to samba-tool.
> Here i add 2 CNAME records which point to *not existing* hostname records:
>    samba-tool dns add li4771-131 addlz.kukkukk.com abcd.addlz.kukkukk.com CNAME notthere.addlz.kukkukk.com
>    samba-tool dns add li4771-131 addlz.kukkukk.com xyz1.addlz.kukkukk.com CNAME wrong.addlz.kukkukk.com
> Both commands add the CNAMEs without problem - but they are wrong and cannot be resolved by dns queries!
> 
> I guess, when trying the same with dyn. DNS updates, those CNAMEs will fail... cause there the existence
> of the resulting host will be usually checked as a "prerequisite" ...
> 
> A last hint:
> The name "samba-tool" is nice - but a bit long.
> So i added the following to ~/.bashrc
>    alias st=samba-tool
> (then use "source ~/.bashrc" to get it reloaded)
> From now on one can use "st" instead of longer "samba-tool".  :-)
> Note that the command "st" should not be in use already.
> 
> Cheers,  Günter
> 
> >>
> >> Stuart
> >>
> >>  
> >>  
> >>  
> >> -----Original message-----
> >>> From:Günter Kukkukk <linux at kukkukk.com>
> >>> Sent: Tuesday 8th April 2014 20:26
> >>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>
> >>> Cc: samba at lists.samba.org
> >>> Subject: Re: [Samba] DNS record info (samba-tool)
> >>>
> >>> Am 08.04.2014 20:31, schrieb Stuart Naylor:
> >>>> Thanks Gunter,
> >>>>
> >>>> I am keeping to the internal, I am not a fan of bind in this scenario.
> >>>>
> >>>> Gunter so even though it lists that is just an RPC call but actually the working record needs a restart?
> >>>>
> >>>> I am trying to do a webmin module for Samba4 rather than use any RSAT tools.
> >>>>
> >>>> The DNS part is a little confusing :)
> >>>>
> >>>> Stuart 
> >>>
> >>> there are (at least) 2 ways to manipulate samba (windows) dns entries:
> >>>   - using dce/rpc calls to modify the AD directory directly
> >>>     (e.g. used by samba-tool, MS DNS Manager GUI, ...)
> >>>   - using dynamic DNS
> >>>     (e.g. ISC nsupdate, MS ipconfig /registerdns, ...)
> >>>
> >>> When samba starts, the internal dns server reads all currently defined
> >>> zones (from ADS) - and the containing dns records - into its _own_ data structures.
> >>>
> >>> When a new zone is added, the dce/rpc tools will show it,
> >>> but the internal dns must be restarted.
> >>>
> >>> When you then add new records to any now existing zone, the dns server
> >>> will also track them. So no samba restart is needed.
> >>>
> >>> Cheers, Günter
> >>>
> >>>>
> >>>>  
> >>>>  
> >>>> -----Original message-----
> >>>>> From:Günter Kukkukk <linux at kukkukk.com>
> >>>>> Sent: Tuesday 8th April 2014 19:15
> >>>>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; Marc Muehlfeld <samba at marc-muehlfeld.de>; samba at lists.samba.org
> >>>>> Subject: Re: [Samba] DNS record info (samba-tool)
> >>>>>
> >>>>> Am 08.04.2014 19:08, schrieb Stuart Naylor:
> >>>>>> root at samba1:~# samba-tool dns query SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa @ ALL --username=administrator       Password for [SAMBA4\administrator]:
> >>>>>>   Name=, Records=2, Children=0
> >>>>>>     SOA: serial=2, refresh=900, retry=600, expire=86400, minttl=3600, ns=samba1.samba4.lan., email=hostmaster.samba4.lan. (flags=600000f0, serial=2, ttl=3600)
> >>>>>>     NS: samba1.samba4.lan. (flags=600000f0, serial=1, ttl=3600)
> >>>>>>   Name=32, Records=1, Children=0
> >>>>>>     PTR: SAMBA1.SAMBA4.LAN (flags=f0, serial=2, ttl=900)
> >>>>>>
> >>>>>>
> >>>>>> @ ALL seems to do it.
> >>>>>> trying to use samba-tool and not the RSAT tools.
> >>>>>>
> >>>>>> any more info anyone?
> >>>>>>
> >>>>>> Thanks
> >>>>>>
> >>>>>> Stuart
> >>>>>>
> >>>>>>
> >>>>>>  
> >>>>>>  
> >>>>>> -----Original message-----
> >>>>>>> From:Marc Muehlfeld <samba at marc-muehlfeld.de>
> >>>>>>> Sent: Tuesday 8th April 2014 17:55
> >>>>>>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; samba at lists.samba.org
> >>>>>>> Subject: Re: [Samba] DNS record info (samba-tool)
> >>>>>>>
> >>>>>>> Hello Stuart,
> >>>>>>>
> >>>>>>> Am 08.04.2014 18:08, schrieb Stuart Naylor:
> >>>>>>>> But if I wanted to browse and delete a record how do I do it?
> >>>>>>>
> >>>>>>>
> >>>>>>> Have you seen
> >>>>>>> https://wiki.samba.org/index.php/DNS_Administration
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> Regards,
> >>>>>>> Marc
> >>>>>>>
> >>>>>
> >>>>> Are you using the internal samba dns server?
> >>>>> If so, you need to restart samba after adding a dns zone. The zone was
> >>>>> added with rpc calls to the directory, but the dns server doesn't
> >>>>> notice this atm .
> >>>>> Note - also with the bind dlz module, sometimes wrong results have been seen
> >>>>> after adding a zone. So one might also here need to restart bind/samba.
> >>>>>
> >>>>> Cheers, Günter
> >>>>>
> >>>>> -- 
> >>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>> -- 
> >>>
> >>>
> 
> 
> -- 
> 
>

More information about the samba mailing list