Difference between revisions of "The Samba AD DNS Back Ends"

(Internal DNS: Update description)
(Internal DNS: Recursive queries option was removed, also some other little changes)
Line 13: Line 13:
 
  # Allow unsigned updates | don't allow any updates | only allow signed updates
 
  # Allow unsigned updates | don't allow any updates | only allow signed updates
 
  allow dns updates = True | False | signed
 
  allow dns updates = True | False | signed
 
# Query remote name servers on behalf of the clients
 
dns recursive queries = yes | no
 
 
   
 
   
 
  # If recursive queries = yes is set, the following is also needed
 
  # If recursive queries = yes is set, the following is also needed
Line 22: Line 19:
 
== Known Issues ==
 
== Known Issues ==
  
You will have to remove the fake dns user that provision creates so the BIND plugin will work. We'll fix this eventually, but at the moment you need to remove the dns-(machinename) account manually after provision. Assuming your machine is called "bob", the command would be (as root)
+
The samba_dnsupdate command sometimes doesn't work for signed updates. We're currenly investigating. Client systems like samba3 or Win7 work fine.
samba-tool user delete dns-bob
 
 
 
Also, the samba_dnsupdate command doesn't work yet for signed updates. We're currenly investigating. Client systems like samba3 or Win7 work fine.
 
  
 
==Tests==
 
==Tests==
Line 33: Line 27:
  
 
Run against external servers (Windows or BIND)
 
Run against external servers (Windows or BIND)
  DC_SERVER_IP=<dns server ip> DC_SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns
+
  SERVER_IP=<dns server ip> SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns
  
 
=BIND 9.8.0 DLZ plug-in=
 
=BIND 9.8.0 DLZ plug-in=

Revision as of 23:33, 15 September 2012

Internal DNS

Developing and using the DNS server built into Samba. AD backend.

Status

As of early September 2012, the internal DNS server is fully functional, for both GSS-TSIG-signed and unsigned updates.

Configuration

There are three options that can be added to smb.conf to control the behavior of DNS at this point:

# Allow unsigned updates | don't allow any updates | only allow signed updates
allow dns updates = True | False | signed

# If recursive queries = yes is set, the following is also needed
dns forwarder = <ip addr of external dns server>

Known Issues

The samba_dnsupdate command sometimes doesn't work for signed updates. We're currenly investigating. Client systems like samba3 or Win7 work fine.

Tests

Run during make test

TDB_NO_FSYNC=1 make test TESTS=samba.tests.dns

Run against external servers (Windows or BIND)

SERVER_IP=<dns server ip> SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns

BIND 9.8.0 DLZ plug-in

Dynamically loaded zones plug-in for BIND 9.8.0. AD backend.

Status

Module is built with Samba, handles RFC 1035 and RFC 2136

BIND & samba_dnsupdate

Non-AD backend, but works with older BINDs.

Status

samba_dnsupdate script shipped with Samba, lets BIND handle DNS and just dynamically modifies AD-related information.