[Samba] How to update the root hints for bind DLZ

[Amitay Isaacs]

On Wed, Jun 7, 2017 at 5:24 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Wed, 7 Jun 2017 15:45:39 +1200
> Garming Sam <garming at catalyst.net.nz> wrote:
>
> > It looks like the original intention in our code was to be able to
> > add/modify records with the "." zone. Trying it, there seems to be
> > other issues with using it. I'm not entirely sure if this alias is
> > valid against Windows or for which calls.
>
> The zone is definitely called 'RootDNSServers' not '.'
>
> If something looks like a duck, walks like a duck and quacks like a
> duck, it is a duck.
>
> The object in AD for 'RootDNSServers' looks like a zone record, it is
> in 'CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com' and
> it has the 'objectClass' dnsZone, therefore it is a zone.
>
> Samba needs to see this zone before we can even think about
> updating/changing the root records.
>
> What is the difference between:
>
> DC=devstation,DC=samdom.example.com,CN=MicrosoftDNS,
> DC=DomainDnsZones,DC=samdom,DC=example,DC=com
>
> and
>
> DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=
> samdom,DC=example,DC=com
>
> The difference is that you can update the first record, but you cannot
> update the second, even though they are both valid DNS records in a
> zone. The only difference is that the 'samdom.example.com' zone is
> recognised by Samba and 'RootDNSServers' isn't
>
> Sorry, but I will not be testing your patches, they are the wrong fix,
> Samba needs to see the 'RootDNSServers' zone.
>
>
Samba (including internal dns server and bind-dlz module) has no use for
DC=RootDNSServers zone.

This zone is created and maintained primarily to interoperate with windows
AD servers running DNS service.

I don't see any reason why we need tools to manipulate the entries in that
zone.  If you are running windows AD server with DNS service, you can
update the root hints using windows tools.

Amitay.