Internal DNS

Developing and using the DNS server built into Samba. AD backend.

Status

As of early September 2012, the internal DNS server is fully functional, for both GSS-TSIG-signed and unsigned updates.

Configuration

There are three options that can be added to smb.conf to control the behavior of DNS at this point:

# Allow unsigned updates | don't allow any updates | only allow signed updates
allow dns updates = True | False | signed

# Query remote name servers on behalf of the clients
dns recursive queries = yes | no

# If recursive queries = yes is set, the following is also needed
dns forwarder = <ip addr of external dns server>

Known Issues

You will have to remove the fake dns user that provision creates so the BIND plugin will work. We'll fix this eventually, but at the moment you need to remove the dns-(machinename) account manually after provision. Assuming your machine is called "bob", the command would be (as root)

samba-tool user delete dns-bob

Also, the samba_dnsupdate command doesn't work yet for signed updates. We're currenly investigating. Client systems like samba3 or Win7 work fine.

Tests

Run during make test

TDB_NO_FSYNC=1 make test TESTS=samba.tests.dns

Run against external servers (Windows or BIND)

DC_SERVER_IP=<dns server ip> DC_SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns

BIND 9.8.0 DLZ plug-in

Dynamically loaded zones plug-in for BIND 9.8.0. AD backend.

Status

Module is built with Samba, handles RFC 1035 and RFC 2136

BIND & samba_dnsupdate

Non-AD backend, but works with older BINDs.

Status

samba_dnsupdate script shipped with Samba, lets BIND handle DNS and just dynamically modifies AD-related information.