[PATCH] Use samba-tool to add DNS entries with samba_dnsupdate

[Stefan (metze) Metzmacher]

Hi Andrew,

> I've been asked by a client to help them rename a DC (in a reproducible,
> scripted way to assist in creating a test clone of their production
> network), and it turned out to be much more work than I ever imagined. 
> 
> I ended up rewriting samba_dnsupdate to use samba-tool when kinit fails.
> This is important, because if you change (say with the renamedc script)
> the host name, and the IP (because if you are moving to the test bench),
> then Kerberos is the *last* thing that will work.
> 
> This uses NTLMSSP to one of the interface IP addresses.
> 
> Please review/comment/push!

I may push some of them.

> Metze,
> 
> Why did you not add NS records to the dns_update_list?  Are we unable to
> add those with dynamic DNS updates for some reason?  (If so, I'll make a
> special case to force these to samba-tool). 

Yes, this is not allowed via dns updates against Windows.

I'd propose the following syntax:

RPC ${ZONE} ${TYPE} ${NAME} ${TARGET}

SERVER = NS server von ZONE
=> samba-tool dns add ${SERVER} ${ZONE} ${NAME}. ${TYPE} ${TARGET}

${IF_RWDNS_DOMAIN}RPC ${DNSDOMAIN} NS ${DNSDOMAIN} ${HOSTNAME}
=> samba-tool dns add ${SERVER} ${DNSDOMAIN} ${DNSDOMAIN}. NS ${HOSTNAME}
${IF_RWDNS_FOREST}RPC _msdcs.${DNSFOREST} NS _msdcs.${DNSFOREST} ${HOSTNAME}
=> samba-tool dns add ${SERVER} _msdcs.${DNSFOREST} _msdcs.${DNSFOREST}.
NS ${HOSTNAME}
${IF_RWDNS_FOREST}RPC ${DNSFOREST} NS _msdcs.${DNSFOREST} ${HOSTNAME}
=> samba-tool dns add ${SERVER} ${DNSFOREST} _msdcs.${DNSFOREST}. NS
${HOSTNAME}

See
https://git.samba.org/?p=metze/samba/wip.git;a=commitdiff;h=c57c578539e65ce4fa9c4bc2c61b08ad9900a40a

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150304/471e92e2/attachment.pgp>