[PATCH] Use samba-tool to add DNS entries with samba_dnsupdate
Andrew Bartlett
abartlet at samba.org
Fri Oct 16 04:44:57 UTC 2015
On Tue, 2015-09-08 at 08:59 +0200, Andreas Schneider wrote:
> On Tuesday, September 08, 2015 09:36:57 AM Andrew Bartlett wrote:
> >
> > Andreas,
> >
> > Thanks for looking into that. But backing up a little, what of the
> > above does 'dns faking' turn on and off?
>
> resolv_wrapper can either direct queries specifying a nameserver in
> our own
> resolv.conf file or fake it (with a dns_hosts_file). This is only for
> code
> with uses res_(n)search or res_(n)query e.g. libkrb5 or samba code
> doing SRV
> record lookups.
>
> All other name resolution is going trough nss_wrapper which wraps
> getaddrinfo(), gethosbyname*() etc.
>
> If you want to support only one resource you should implement support
> to load
> NSS host modules in nss_wrapper. Then implement a NSS host dns module
> using
> libresolv or directly dlopen() libresolv_wrapper.so.
>
> This way you only have one source for DNS ...
>
>
> I'm happy to discuss details and review patches you send for
> nss_wrapper
> upstream.
Andreas,
I didn't reply earlier because I had hoped that I would have some time
to attend to this as part of my demote-dc work, but there I've taken a
different approach, skipped emulated DNS and am editing the database
directly.
However, that means that we are all rather stuck here: For Samba's use
we need that single source of truth, and then probably also per-zone
DNS forwarding. I realise however that we are along way from that, and
so this effort will likely remain stalled.
Also stalled are my proposed fixes to samba_dnsupdate, that triggered
this thread. These are useful changes that users have long requested,
but we have no good way to test them.
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list