[Samba] How to update the root hints for bind DLZ

Torsten Kurbad samba-technical at tk-webart.de
Thu Jun 8 13:15:46 UTC 2017


On Thu, 8 Jun 2017 10:45:49 +0100, Rowland Penny <rpenny at samba.org>
wrote:
>On Thu, 8 Jun 2017 19:35:19 +1000
>Amitay Isaacs <amitay at gmail.com> wrote:
>
>> >  
>> Samba (including internal dns server and bind-dlz module) has no use
>> for DC=RootDNSServers zone.
>> 
>> This zone is created and maintained primarily to interoperate with
>> windows AD servers running DNS service.
>> 
>> I don't see any reason why we need tools to manipulate the entries in
>> that zone.  If you are running windows AD server with DNS service,
>> you can update the root hints using windows tools.

Yes, I can for a 'real' Windows DNS service, but not for the Samba
internal DNS.

In any case, while bind was reporting the correct addresses for

  dig -t any '.'

they may have come from one of our forwarders, since my bind
configuration didn't include the '.' zone definition.

>Sorry, I have just tried this and I cannot update the records on
>windows. Whilst ADSI Edit shows 'DC=h.root-servers.net', it just shows
>'There are no items to show in this view'. The DNS Manager doesn't show
>the root records.

Yeah, that's basically what Amitay said: You can update the root hints,
if you are running a _Windows_ DNS service. For Samba, that's obviously
considered irrelevant.

However, aside from warnings in the named.log that for me most probably
were caused by the missing '.' zone configuration statements, it is very
confusing to have the Windows DNS management report other root servers
than those actually defined in the bind configuration.

Thus, I wouldn't call this a purely cosmetical issue, but an
inconsistency between databases that should be in sync...

Anyway, my initial problem is seemingly solved now.

Thank you and best regards,
Torsten



More information about the samba mailing list