Difference between revisions of "The Samba AD DNS Back Ends"

(Status: Internal server can do updates for quite a while now.)
(Internal DNS: Also mention config options.)
Line 6: Line 6:
  
 
Currently, the Samba DNS server implements RFC 1035 and RFC 2136. Work is currently under way to also support TSIG style signatures (RFC 2845) and GSS-TSIG for updates (RFC 3645).
 
Currently, the Samba DNS server implements RFC 1035 and RFC 2136. Work is currently under way to also support TSIG style signatures (RFC 2845) and GSS-TSIG for updates (RFC 3645).
 +
 +
== Configuration ==
 +
 +
There are three options that can be added to smb.conf to control the behavior of DNS at this point:
 +
 +
# Allow unsigned updates | don't allow any updates | only allow signed updates
 +
allow dns updates = True | False | Signed
 +
 +
# Query remote name servers on behalf of the clients
 +
dns recursive queries = yes | no
 +
 +
# If recursive queries = yes is set, the following is also needed
 +
dns forwarder = <ip addr of external dns server>
  
 
==Tests==
 
==Tests==

Revision as of 00:02, 31 March 2012

Internal DNS

Developing and using the DNS server built into Samba. AD backend.

Status

Currently, the Samba DNS server implements RFC 1035 and RFC 2136. Work is currently under way to also support TSIG style signatures (RFC 2845) and GSS-TSIG for updates (RFC 3645).

Configuration

There are three options that can be added to smb.conf to control the behavior of DNS at this point:

# Allow unsigned updates | don't allow any updates | only allow signed updates
allow dns updates = True | False | Signed

# Query remote name servers on behalf of the clients
dns recursive queries = yes | no

# If recursive queries = yes is set, the following is also needed
dns forwarder = <ip addr of external dns server>

Tests

Run during make test

TDB_NO_FSYNC=1 make test TESTS=samba.tests.dns

Run against external servers (Windows or BIND)

DC_SERVER_IP=<dns server ip> DC_SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns

BIND 9.8.0 DLZ plug-in

Dynamically loaded zones plug-in for BIND 9.8.0. AD backend.

Status

Module is built with Samba, handles RFC 1035 and RFC 2136

BIND & samba_dnsupdate

Non-AD backend, but works with older BINDs.

Status

samba_dnsupdate script shipped with Samba, lets BIND handle DNS and just dynamically modifies AD-related information.