samba - Aug 2015 - More on bind_dlz - documentation I have not found

In the shower this morning, I realized that samba's dlz is through its 
ldap interface, probably through dhcp.  :)

All of that work researching how to set up a dlz database for naught.  
This is NOT documented in either:

https://wiki.samba.org/index.php/DNS
or
https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD

I have not yet checked any ldap documentation on the wiki to see what it 
says, but I suspect a dhcp lease results in an ldap update. Would a 
lease expire remove that ldap info?

So no sql service needed on the DC.

Question though, on statically addressed file servers:  How to get them 
into the dlz zone.

My tld is:                        htt
My samba dns zone is:  home.htt

I will have a master zone for htt, easy enough to setup as a flat zone 
file.  Did it before.

The home.htt zone only seems to exist in ldap and bind_dlz provides 
lookup answers by querying ldap.  How is the AD DC handled, 
homebase.home.htt?  I do not see it in the /usr/share/samba/setup/named* 
files.  Is it already in the ldap repository?

How do I add my file server, nevia.home.htt?  I could always add it to 
the htt.zone file as:

nevia.home    IN    A    ......

Can I put cname entries into ldap:

repo.home.htt    IN    CNAME    nevia.home.htt.

Again, I COULD just put this into the htt.zone file.

Then there are MX records for home.htt  :)

On 28/08/15 13:15, Robert Moskowitz wrote:
> In the shower this morning, I realized that samba's dlz is through its 
> ldap interface, probably through dhcp.  :)
>
> All of that work researching how to set up a dlz database for naught.  
> This is NOT documented in either:
>
> https://wiki.samba.org/index.php/DNS
> or
> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD
I will discuss this with Marc and if he agrees, I will update the wiki 
somewhere, I don't want to start altering the wiki because Marc is 
already massively altering it.
>
> I have not yet checked any ldap documentation on the wiki to see what 
> it says, but I suspect a dhcp lease results in an ldap update. Would a 
> lease expire remove that ldap info?
>
> So no sql service needed on the DC.
>
> Question though, on statically addressed file servers:  How to get 
> them into the dlz zone.
>
> My tld is:                        htt
> My samba dns zone is:  home.htt
>
> I will have a master zone for htt, easy enough to setup as a flat zone 
> file.  Did it before.
>
> The home.htt zone only seems to exist in ldap and bind_dlz provides 
> lookup answers by querying ldap.  How is the AD DC handled, 
> homebase.home.htt?  I do not see it in the 
> /usr/share/samba/setup/named* files.  Is it already in the ldap 
> repository?
When you provision the domain zones are created for you in AD, have a 
look in /var/lib/private/sam.ldb.d
>
> How do I add my file server, nevia.home.htt?  I could always add it to 
> the htt.zone file as:
Samba has a swiss army type tool (i.e. it does a lot) 'samba-tool'
If you run 'samba-tool --help' you will see the base of what it can do.
if you run 'samba-tool dns --help' this will show what you can do with 
dns records, I hope you get the idea.
>
> nevia.home    IN    A    ......
>
> Can I put cname entries into ldap:
>
> repo.home.htt    IN    CNAME    nevia.home.htt.
>
> Again, I COULD just put this into the htt.zone file.
>
> Then there are MX records for home.htt  :)
>
>
You do not use bind flatfiles with dlz, have a look at the scripts I 
pointed you at for a sample bind file.


Rowland

On 08/28/2015 08:55 AM, Rowland Penny wrote:
> On 28/08/15 13:15, Robert Moskowitz wrote:
>> In the shower this morning, I realized that samba's dlz is through 
>> its ldap interface, probably through dhcp.  :)
>>
>> All of that work researching how to set up a dlz database for 
>> naught.  This is NOT documented in either:
>>
>> https://wiki.samba.org/index.php/DNS
>> or
>> https://wiki.samba.org/index.php/Configure_BIND_as_backend_for_Samba_AD
>
> I will discuss this with Marc and if he agrees, I will update the wiki 
> somewhere, I don't want to start altering the wiki because Marc is 
> already massively altering it.
I caught that Marc is updating the wiki.  Good time to catch this item.
>
>>
>> I have not yet checked any ldap documentation on the wiki to see what 
>> it says, but I suspect a dhcp lease results in an ldap update. Would 
>> a lease expire remove that ldap info?
>>
>> So no sql service needed on the DC.
>>
>> Question though, on statically addressed file servers:  How to get 
>> them into the dlz zone.
>>
>> My tld is:                        htt
>> My samba dns zone is:  home.htt
>>
>> I will have a master zone for htt, easy enough to setup as a flat 
>> zone file.  Did it before.
>>
>> The home.htt zone only seems to exist in ldap and bind_dlz provides 
>> lookup answers by querying ldap.  How is the AD DC handled, 
>> homebase.home.htt?  I do not see it in the 
>> /usr/share/samba/setup/named* files.  Is it already in the ldap 
>> repository?
>
> When you provision the domain zones are created for you in AD, have a 
> look in /var/lib/private/sam.ldb.d
Do you mean /var/lib/samba/private/sam.ldb.d?  That is where I am 
finding files of interest.  I do not have the directory you provided.

And what is the difference between:

/usr/share/samba/setup
and
/var/lib/private

I see named.conf in both.  And the setup has other named.* files.

But the zone htt. is NOT in there, nor would I expect it to be. normally 
MOST people use samba.mydomain.com and mydomain.com is found via the 
forwarding.  Of course there is no proper delegation of 
samba.mydomain.com so other systems cannot resolve that subdomain.  Here 
I am building my own TLD, and want proper access elsewhere in my 
internal network, thus the htt.zone file needed.

BTW, I do not see you using views in your named include files.  From 
what I got beaten up long ago on the DNS list (Mark Andrews and I go 
back a long way in the IETF, so it is 'all in fun') that you MUST use
views.
>>
>> How do I add my file server, nevia.home.htt?  I could always add it 
>> to the htt.zone file as:
>
> Samba has a swiss army type tool (i.e. it does a lot) 'samba-tool'
> If you run 'samba-tool --help' you will see the base of what it can
do.
> if you run 'samba-tool dns --help' this will show what you can do
with
> dns records, I hope you get the idea.
Will do.
>
>>
>> nevia.home    IN    A    ......
>>
>> Can I put cname entries into ldap:
>>
>> repo.home.htt    IN    CNAME    nevia.home.htt.
>>
>> Again, I COULD just put this into the htt.zone file.
>>
>> Then there are MX records for home.htt  :)
>>
>>
>
> You do not use bind flatfiles with dlz, have a look at the scripts I 
> pointed you at for a sample bind file.
Not for the samba zone, but yes for other zones.

thanks