[Samba] Bind flat file support

John Gardeniers jgardeniers at objectmastery.com
Tue Sep 8 22:04:05 UTC 2015

Hi Robert,

On 08/09/15 23:04, Robert Moskowitz wrote:
> I thought about this overnight...
> On 09/07/2015 07:41 PM, John Gardeniers wrote:
>> Hi Robert,
>> It doesn't break compatibility with MS, unless you're talking about 
>> the RSAT DNS tool, which is a lot more cumbersome than a text editor 
>> anyway and it's pretty much assumed that if you're using Samba you're 
>> a Linux sysadmin, so not being able to use the RSAT DNS tool should 
>> not be a problem.
> If you mix MS servers and backup ADs with Samba, seems you will have 
> one bunch doing dynamic updates to their local DNS and others not. 
> That is what I meant.  But...

Not really an issue. Those with mixed environments use whatever storage 
method works for them. However, it's no excuse for restricting all 
others to a difficult to use system when Bind's native format works so 
very well. Note that I'm not asking for flat file to become the only 
storage method but merely that it be supported. Being restricted to DLZ 
adds nothing of worth but removes a lot. As a side note, having looked 
at the DLZ documentation (there really isn't any worth the name) and the 
Samba DLZ source code with a view to possibly creating the missing tools 
I have respect for the person or persons in the Samba team who were able 
to make use of it at all.

> It seems the challenge is to define all your clients in your forwards 
> and reverse zone.  If you know all their MAC addrs, you can set DHCP 
> to give them the same IP addr all the time, then flat file your DNS 
> accordingly. One challenge will be the IPv6 entries (one thing I don't 
> think Rowland's script handles yet).
> However about MAC address.  Note I am active in IEEE 802 and IETF. 
> There we are discussing the privacy leakage problem of MAC addresses 
> and working out how to use randomized MAC local scope addresses. This 
> is changes minimally to DHCP but things cascade from there. One thing 
> we are working with is the DHCP hostname, which can be separate from 
> the actual host name.  ISC is patching DHCP so that when the name 
> comes in with a different MAC address the old lease can be released 
> and a new one issued (or the old one reused, but that would be a 
> privacy breakage).  Plus the IPv6 address, based on the MAC address 
> would be different anyway.  So if you care about your user's privacy 
> and what the standards people are doing to increase privacy, the above 
> static MAC/IP DHCP setup will break at some future point.

Ok, but none of that has even the remotest connection with choosing how 
to store the DNS zones.

> Again, it SEEMS I have DLZ working.  And I am a newbie here.  But 
> there may be somethings I have missed still.  Like the contents of:
> /var/lib/samba/private/named.conf.update
> Which I did not see in the wiki where to include.  See separate 
> question on that forthcoming....

Yep, the documentation has a lot of gaps. Maybe that will be addresses 
over time but right now it leaves most newcomers to Samba 4 scratching 
their heads. I'm sure some have been scared off because without asking 
questions on this list, having contact with someone who's been through 
it or a fair amount of trial and error, they're sure to run into road 
blocks. I haven't asked many questions but I have read quite a few 
answers to questions I would otherwise have had to ask.


More information about the samba mailing list