The Samba AD DNS Back Ends

Revision as of 23:33, 15 September 2012 by Kai (talk | contribs) (Internal DNS: Recursive queries option was removed, also some other little changes)

Internal DNS

Developing and using the DNS server built into Samba. AD backend.

Status

As of early September 2012, the internal DNS server is fully functional, for both GSS-TSIG-signed and unsigned updates.

Configuration

There are three options that can be added to smb.conf to control the behavior of DNS at this point:

# Allow unsigned updates | don't allow any updates | only allow signed updates
allow dns updates = True | False | signed

# If recursive queries = yes is set, the following is also needed
dns forwarder = <ip addr of external dns server>

Known Issues

The samba_dnsupdate command sometimes doesn't work for signed updates. We're currenly investigating. Client systems like samba3 or Win7 work fine.

Tests

Run during make test

TDB_NO_FSYNC=1 make test TESTS=samba.tests.dns

Run against external servers (Windows or BIND)

SERVER_IP=<dns server ip> SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns

BIND 9.8.0 DLZ plug-in

Dynamically loaded zones plug-in for BIND 9.8.0. AD backend.

Status

Module is built with Samba, handles RFC 1035 and RFC 2136

BIND & samba_dnsupdate

Non-AD backend, but works with older BINDs.

Status

samba_dnsupdate script shipped with Samba, lets BIND handle DNS and just dynamically modifies AD-related information.