[Samba] Keeping DNS out of Samba

Rowland Penny rpenny at samba.org
Thu Dec 19 15:51:54 UTC 2024


On Thu, 19 Dec 2024 14:52:24 +0000
Peter Mittermayer via samba <samba at lists.samba.org> wrote:

> 
> Hi Michael,
> 
> I'm aware of the dns_update_cache file, and I saw it being generated
> when starting samba service for the first time. However, I don't
> understand when it gets updated.

OK. every 10 minutes on a Samba AD DC a program called 'samba_dnsupdate'
is run, this uses the file 'dns_update_list', this checks if all the
required dns records for the DC exist and creates them if they do not.
It is 'samba_dnsupdate' that creates and maintains the cache.

It isn't correct that there isn't any code to delete DC dns records,
these are deleted when a samba DC is demoted. The exception to this is
the PDC_Emulator FSMO role dns record, unfortunately there is a problem
with this, there is no code in Samba to remove the old dns record,
there is a bug report about this.

Active directory is built around three things, LDAP, Kerberos and DNS,
if you get the DNS wrong, then everything else goes wrong.

Rowland



More information about the samba mailing list