[Samba] FreeBSD: net/samba43's NSUPDATE

Rowland penny rpenny at samba.org
Wed May 4 19:28:01 UTC 2016 

On 04/05/16 20:06, Andrea Venturoli wrote:
> On 05/04/16 20:23, Rowland penny wrote:
>
> (I understand this might be specific to FreeBSD, but I asked on its 
> mailing list and got no answer...)
>
>
>
>
>
>>> Then why is it an option *in alternative* to BIND?
>>
>> What do you mean '*in alternative*' ??
>
> I mean when I build Samba port, I can choose NSUPDATE *or* BIND99 *or* 
> BIN910 (where "or" means "exclusive or", I can choose at most one).
>
> Those options are described as:
> BIND99 = Use bind99 as AD DC DNS server frontend
> BIND910 = Use bind910 as AD DC DNS server frontend

OK, these are just what version of bind to use.

> NSUPDATE = Use samba NSUPDATE utility for AD DC

I think this means use the internal SAMBA DNS server and install 
nsupdate (which on Devuan, means install dnsutils)

>
> Notice this options only serve the purpose of tracking dependencies 
> between packages; they do not mess with the way Samba is compiled or 
> configured.

Well it wouldn't, you don't choose the DNS server until you provision 
the domain.

>
>
>
>
> Choosing NSUPDATE brings in another port/package, named samba-nsupdate 
> and described as "nsupdate utility with GSS-TSIG support", which 
> installs "/usr/local/bin/samba-nsupdate".

Is this a BSD thing ? I have heard of the python script 'samba-dnsupdate'.

>
> It's man pages starts with:
>> samba-nsupdate is used to submit Dynamic DNS Update requests as defined
>>        in RFC 2136 to a name server. This allows resource records to 
>> be added
>>        or removed from a zone without manually editing the zone file. 
>> A single
>>        update request can contain requests to add or remove more than 
>> one
>>        resource record.
>
>
>
>
>
>
> There's also another option, DNSUPDATE, which is independent of the 
> above mentioned three.
> It's described as "Dynamic DNS update (require ADS)" and control 
> whether --with-dnsupdate or --without-dnsupdate is used in the 
> configuring phase.
>
> Perhaps you are talking about this one?

No, If you are running as an AD DC, you need this, hence 'yes' is the 
default setting for this configure option.

Rowland

More information about the samba mailing list