[Samba] Bind flat file support

[Robert Moskowitz]

I thought about this overnight...

On 09/07/2015 07:41 PM, John Gardeniers wrote:
> Hi Robert,
>
> It doesn't break compatibility with MS, unless you're talking about 
> the RSAT DNS tool, which is a lot more cumbersome than a text editor 
> anyway and it's pretty much assumed that if you're using Samba you're 
> a Linux sysadmin, so not being able to use the RSAT DNS tool should 
> not be a problem.

If you mix MS servers and backup ADs with Samba, seems you will have one 
bunch doing dynamic updates to their local DNS and others not. That is 
what I meant.  But...

It seems the challenge is to define all your clients in your forwards 
and reverse zone.  If you know all their MAC addrs, you can set DHCP to 
give them the same IP addr all the time, then flat file your DNS 
accordingly. One challenge will be the IPv6 entries (one thing I don't 
think Rowland's script handles yet).

However about MAC address.  Note I am active in IEEE 802 and IETF. There 
we are discussing the privacy leakage problem of MAC addresses and 
working out how to use randomized MAC local scope addresses. This is 
changes minimally to DHCP but things cascade from there. One thing we 
are working with is the DHCP hostname, which can be separate from the 
actual host name.  ISC is patching DHCP so that when the name comes in 
with a different MAC address the old lease can be released and a new one 
issued (or the old one reused, but that would be a privacy breakage).  
Plus the IPv6 address, based on the MAC address would be different 
anyway.  So if you care about your user's privacy and what the standards 
people are doing to increase privacy, the above static MAC/IP DHCP setup 
will break at some future point.

Again, it SEEMS I have DLZ working.  And I am a newbie here.  But there 
may be somethings I have missed still.  Like the contents of:

/var/lib/samba/private/named.conf.update

Which I did not see in the wiki where to include.  See separate question 
on that forthcoming....



>
> I haven't read Mark Andrew's comment, not being on the Bind list, but 
> I can't see how a problem with flat file is not also a problem with 
> DLZ. After all, that's only the storage method, not the system.
>
> regards,
> John
>
>
> On 08/09/15 09:14, Robert Moskowitz wrote:
>>
>>
>> On 09/07/2015 06:02 PM, John Gardeniers wrote:
>>> Is there any chance that support for Bind flat files will return? I 
>>> understand the various (extremely weak) arguments against it but DLZ 
>>> not only sucks big time, it limits proper functionality and 
>>> inter-operability, necessitating significant design changes for 
>>> anything but the simplest of networks. Additionally, it doesn't work 
>>> with the existing scripts many people use. I know that samba-tool 
>>> can be used in scripts but due to its inadequate error checking it's 
>>> incredibly easy to break the DNS.
>>>
>>> There are very good reasons why nearly every admin I know prefers 
>>> flat file. Ultimately, there is nothing easier than editing in text 
>>> mode and on the extremely rare occasion that an error does creep in 
>>> it's ultra easy to remedy.
>>
>> YOu break interoperablity with MS.  Of course, see the bind list 
>> about Mark Andrew's comment about MS and EDNS.
>>
>> It is taking me a bit to get this figured out.  I am a bit 
>> determined, and Rowland has been a great help.
>>
>> Next I need to see how to change the SOA TTL for my zones (with 
>> samba-tool) to turn down the time to get a reasonable zone transfer 
>> setting.
>>
>> And many big DNS users have left flat files for DLZ in one form or 
>> another.  It is the only way they can keep up with their customers.
>>
>>
>>
>
>