samba - Aug 2013 - Samba 4 internal DNS - how to modify SOA record

Hello,

I have the very same problem, does anybody know a way?
I am thinking of converting to BIND, modifying and then converting it back
to Internal DNS implementation.

>>>>
Hello.
How could one modify a SOA record in rc3? For example, NS part (not NS
record) of SOA record points to an absent Windows server. This
effectively breaks DNS updates, since there is no such server and if
corresponding A record is added, update requests from clients will
come unsigned.
Editing it directly via LDAP breaks Samba (some sort of
checksum/hash?) MMC snap-in says "Zone not loaded by DNS server", so
it is not possible to use it either. samba-tool dns add|delete|update
can't operate on SOA record.
Maybe someone could give a link to some document describing dnsRecord,
so one could forge a valid record and just change dnsRecord in DC=@
using some LDAP tool?

Thanks in advance.
-- 
Best regards,
Dmitry Khromov

>> How could one modify a SOA record in rc3? For example, NS part (not NS
record) of SOA record points to an absent Windows server. This effectively
breaks DNS updates, since there is no such server and if corresponding A record
is added, update requests from clients will come unsigned.
>> Editing it directly via LDAP breaks Samba (some sort of checksum/hash?)
MMC snap-in says "Zone not loaded by DNS server", so it is not
possible to use it either. samba-tool dns add|delete|update can't operate on
SOA record.
>> Maybe someone could give a link to some document describing dnsRecord,
so one could forge a valid record and just change dnsRecord in DC=@ using some
LDAP tool?
>
> I have the very same problem, does anybody know a way?
> I am thinking of converting to BIND, modifying and then converting it
> back to Internal DNS implementation.
I doubt that will do the job. As I recall, I forged the dnsRecord
manually (record's structure description could be found on the MSDN) and
ldbmodify'ed the corresponding ldb on every DC (Samba should not be
run). Alternatively, you may just capture the conversation between Samba
and MMC snap-in - the value you need is being sent in clear text.

Regards,
- Dmitry

On 08/06/2013 02:34 PM, Rustam K. wrote:
> Hello,
>
> I have the very same problem, does anybody know a way?
> I am thinking of converting to BIND, modifying and then converting it back
> to Internal DNS implementation.
Did you had a look at samba-tool dns update to do this ?
Kai has a good experience in DNS related things in Samba I just put him 
in this thread just in case he has some insights.

Matthieu.
>
>
> Hello.
> How could one modify a SOA record in rc3? For example, NS part (not NS
> record) of SOA record points to an absent Windows server. This
> effectively breaks DNS updates, since there is no such server and if
> corresponding A record is added, update requests from clients will
> come unsigned.
> Editing it directly via LDAP breaks Samba (some sort of
> checksum/hash?) MMC snap-in says "Zone not loaded by DNS server",
so
> it is not possible to use it either. samba-tool dns add|delete|update
> can't operate on SOA record.
> Maybe someone could give a link to some document describing dnsRecord,
> so one could forge a valid record and just change dnsRecord in DC=@
> using some LDAP tool?
>
> Thanks in advance.

-- 
Matthieu Patou
Samba Team
http://samba.org