[Samba] Feedback: DNS workaround Samba 4 vs own zone files

Maik Holtkamp s-y-l at gmx.net
Fri Aug 22 07:52:18 MDT 2014 

Hi,

just a few words on my s4 experiences, hoping they will be of
assistance for someone - or bashed by anyone to make me reconsider
my workaround ;).

Because of ubuntu 14.04 I had a closer look into samba 4 last
weeks/days.

I am administrating some private home LANs mostly driven by one low
cost/consuming servers ubuntu/debian (DHCP, DNS, LAMP and samba) for
some of my friends.

I prefer a setup incl.: 

- isc-dhcp with fixed MAC->IP for hardware fix belonging to the
  HOMELAN and a small (10 IPs) dyn. range for visitors

- bind9 with manually maintained db. zone files - nothing fancy 
  authorative for local net, caching or forwarding to ISP otherwise
  ... just some CNAME records to enable that the browser can sparate
  credentials for different services running on same hosts.

I am neither an expert in DNS/DHCP nor do I know anything about
kerberos or ldap :( - just the ordinary lazy "never change" guy ;).

I started playing using BIN9_DLZ dns backend. After having
everything in place I recognized that the module does not update the
records in existing zones as expected. Instead it took the control
of the complete zone itself and allows no other GODs (my db.* files
for that zone):

---cut---
named[3013]: samba_dlz: started for DN DC=mydns,DC=domain
named[3013]: samba_dlz: starting configure
named[3013]: samba_dlz: Failed to configure zone 'mydns.domain'
named[3013]: samba_dlz: shutting down
named[3013]: loading configuration: already exists
---cut---

As I won't sacrifice the DNS db.* files grown within the last 10
years I found following workaround:

Choose BIND9_FLATFILE as backend

Added this on top of my zone file:

$INCLUDE /var/lib/samba/private/dns/mydns.domain.zone

(commented the original SOA record) followed by my existing
A/AAAA/CNAME/MX records and didn't touch the file containing the
matching PTR records at all.

As the samba zonefile has hostnames containig underscores, I had to
add:

check-names master ignore;

to named.conf.local.

>From the present point of view it seems to work for the setups I am
maintaining. I can join the new Samba Domain, create users/machines
using MS tools etc.

However, if someone can seen major problems arising from such
workaround in future, I would be pleased for comments.

-- 
THX Maik

More information about the samba mailing list