Internal DNS

Developing and using the DNS server built into Samba. AD backend.

Status

As of early September 2012, the internal DNS server is fully functional, for both GSS-TSIG-signed and unsigned updates.

Configuration

There are three options that can be added to smb.conf to control the behavior of DNS at this point:

# Allow unsigned updates | don't allow any updates | only allow signed updates
allow dns updates = True | False | signed

# If recursive queries = yes is set, the following is also needed
dns forwarder = <ip addr of external dns server>

Known Issues

The samba_dnsupdate command produces warnings when used with signed updates. We're currenly investigating a fix for the warnings, but the updates actually succeed. Client systems like samba3 or Win7 work fine

Tests

Run during make test

TDB_NO_FSYNC=1 make test TESTS=samba.tests.dns

Run against external servers (Windows or BIND)

SERVER_IP=<dns server ip> SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns

BIND 9.8.0 DLZ plug-in

Dynamically loaded zones plug-in for BIND 9.8.0. AD backend.

Status

Module is built with Samba, handles RFC 1035 and RFC 2136

BIND & samba_dnsupdate

Non-AD backend, but works with older BINDs.

Status

samba_dnsupdate script shipped with Samba, lets BIND handle DNS and just dynamically modifies AD-related information.