Am 08.04.2014 22:18, schrieb Stuart Naylor:> Doh forgot to cc
>
>
>
> -----Original message-----
>> From:Stuart Naylor <stuartiannaylor at thursbygarden.org>
>> Sent: Tuesday 8th April 2014 21:16
>> To: G?nter Kukkukk <linux at kukkukk.com>
>> Subject: RE: [Samba] DNS record info (samba-tool)
>>
>> Brilliant, glad about that as zones pretty much done on set up and no
worry about a restart.
>>
>> Great that adding records to a zone doesn't as restarting samba for
that each time would be a bit strange in production.
>>
>> Gunter apols to ask you again but you do seem to be a wealth of
infomation.
>>
>> With samba-tool and dns entries the only documented dns add is
something like
>>
>>
>> samba-tool dns add SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa 32 PTR
SAMBA1.SAMBA4.LAN --username=administrator
>>
>> Am I confused as the cli presents this samba-tool dns add
<server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT>
<data>
>>
>> So the above is server=SAMBA1.SAMBA4.LAN zone=1.168.192.in-addr.arpa
name=32 PTR data=SAMBA1.SAMBA4.LAN
>>
>> To be honest it was just 'name' that threw me.
>>
>> root at samba1:~# samba-tool dns delete
>> Usage: samba-tool dns delete <server> <zone> <name>
<A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
>>
>> would be samba-tool dns delete SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa
32 PTR SAMBA1.SAMBA4.LAN --username=administrator
>>
>> which it was.
Hi Stuart,
first of all let us have a look at "--username=administrator" aka
"-Uadministrator"
which is needed with many samba-tool commands.
To avoid entering it over and over again, one can use
kinit administrator at YOUR.REALM
and then enter the password *once*.
>From now on the administrator and its password can be omitted with
samba-tool commands.
AFAIR there is at least one exception from this rule when using
samba-tool domain demote
Here the -Uadministrator had to be used, but i might be wrong here ....
>>
>> So you can have duplicate 'names' as long as the data points to
the correct entry?
Now it starts to get a bit problematically. :-(
Sure, you can add many A or AAAA records pointing to the same host. (a host can
have many of them)
Same holds true for the reverse PTR records and others...
But - (atm) samba-tool also *allows* you to add records which are wrong, e.g.
CNAME entries.
When you have a look at (i assume the ISC bind tools are installed):
dig irc.freenode.org
...
;; ANSWER SECTION:
irc.freenode.org. 84 IN CNAME irc.freenode.net.
irc.freenode.net. 41 IN CNAME chat.freenode.net.
chat.freenode.net. 299 IN A 193.219.128.49
chat.freenode.net. 299 IN A 185.30.166.35
... and so on
A CNAME alias *must always* point to an already *existing* A/AAAA (or even
CNAME) record!
In the above example a CNAME points to another CNAME, which then points to many
A records.
Most docus note that this should be avoided due to performance - but it's
valid.
Now back to samba-tool.
Here i add 2 CNAME records which point to *not existing* hostname records:
samba-tool dns add li4771-131 addlz.kukkukk.com abcd.addlz.kukkukk.com CNAME
notthere.addlz.kukkukk.com
samba-tool dns add li4771-131 addlz.kukkukk.com xyz1.addlz.kukkukk.com CNAME
wrong.addlz.kukkukk.com
Both commands add the CNAMEs without problem - but they are wrong and cannot be
resolved by dns queries!
I guess, when trying the same with dyn. DNS updates, those CNAMEs will fail...
cause there the existence
of the resulting host will be usually checked as a "prerequisite" ...
A last hint:
The name "samba-tool" is nice - but a bit long.
So i added the following to ~/.bashrc
alias st=samba-tool
(then use "source ~/.bashrc" to get it
reloaded)>From now on one can use "st" instead of longer
"samba-tool". :-)
Note that the command "st" should not be in use already.
Cheers, G?nter
>>
>> Stuart
>>
>>
>>
>>
>> -----Original message-----
>>> From:G?nter Kukkukk <linux at kukkukk.com>
>>> Sent: Tuesday 8th April 2014 20:26
>>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>
>>> Cc: samba at lists.samba.org
>>> Subject: Re: [Samba] DNS record info (samba-tool)
>>>
>>> Am 08.04.2014 20:31, schrieb Stuart Naylor:
>>>> Thanks Gunter,
>>>>
>>>> I am keeping to the internal, I am not a fan of bind in this
scenario.
>>>>
>>>> Gunter so even though it lists that is just an RPC call but
actually the working record needs a restart?
>>>>
>>>> I am trying to do a webmin module for Samba4 rather than use
any RSAT tools.
>>>>
>>>> The DNS part is a little confusing :)
>>>>
>>>> Stuart
>>>
>>> there are (at least) 2 ways to manipulate samba (windows) dns
entries:
>>> - using dce/rpc calls to modify the AD directory directly
>>> (e.g. used by samba-tool, MS DNS Manager GUI, ...)
>>> - using dynamic DNS
>>> (e.g. ISC nsupdate, MS ipconfig /registerdns, ...)
>>>
>>> When samba starts, the internal dns server reads all currently
defined
>>> zones (from ADS) - and the containing dns records - into its _own_
data structures.
>>>
>>> When a new zone is added, the dce/rpc tools will show it,
>>> but the internal dns must be restarted.
>>>
>>> When you then add new records to any now existing zone, the dns
server
>>> will also track them. So no samba restart is needed.
>>>
>>> Cheers, G?nter
>>>
>>>>
>>>>
>>>>
>>>> -----Original message-----
>>>>> From:G?nter Kukkukk <linux at kukkukk.com>
>>>>> Sent: Tuesday 8th April 2014 19:15
>>>>> To: Stuart Naylor <stuartiannaylor at
thursbygarden.org>; Marc Muehlfeld <samba at marc-muehlfeld.de>; samba
at lists.samba.org
>>>>> Subject: Re: [Samba] DNS record info (samba-tool)
>>>>>
>>>>> Am 08.04.2014 19:08, schrieb Stuart Naylor:
>>>>>> root at samba1:~# samba-tool dns query
SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa @ ALL --username=administrator
Password for [SAMBA4\administrator]:
>>>>>> Name=, Records=2, Children=0
>>>>>> SOA: serial=2, refresh=900, retry=600,
expire=86400, minttl=3600, ns=samba1.samba4.lan., email=hostmaster.samba4.lan.
(flags=600000f0, serial=2, ttl=3600)
>>>>>> NS: samba1.samba4.lan. (flags=600000f0, serial=1,
ttl=3600)
>>>>>> Name=32, Records=1, Children=0
>>>>>> PTR: SAMBA1.SAMBA4.LAN (flags=f0, serial=2,
ttl=900)
>>>>>>
>>>>>>
>>>>>> @ ALL seems to do it.
>>>>>> trying to use samba-tool and not the RSAT tools.
>>>>>>
>>>>>> any more info anyone?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Stuart
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> -----Original message-----
>>>>>>> From:Marc Muehlfeld <samba at
marc-muehlfeld.de>
>>>>>>> Sent: Tuesday 8th April 2014 17:55
>>>>>>> To: Stuart Naylor <stuartiannaylor at
thursbygarden.org>; samba at lists.samba.org
>>>>>>> Subject: Re: [Samba] DNS record info (samba-tool)
>>>>>>>
>>>>>>> Hello Stuart,
>>>>>>>
>>>>>>> Am 08.04.2014 18:08, schrieb Stuart Naylor:
>>>>>>>> But if I wanted to browse and delete a record
how do I do it?
>>>>>>>
>>>>>>>
>>>>>>> Have you seen
>>>>>>> https://wiki.samba.org/index.php/DNS_Administration
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Marc
>>>>>>>
>>>>>
>>>>> Are you using the internal samba dns server?
>>>>> If so, you need to restart samba after adding a dns zone.
The zone was
>>>>> added with rpc calls to the directory, but the dns server
doesn't
>>>>> notice this atm .
>>>>> Note - also with the bind dlz module, sometimes wrong
results have been seen
>>>>> after adding a zone. So one might also here need to restart
bind/samba.
>>>>>
>>>>> Cheers, G?nter
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>>
>>>
--