I thought about this overnight...
On 09/07/2015 07:41 PM, John Gardeniers wrote:> Hi Robert,
>
> It doesn't break compatibility with MS, unless you're talking about
> the RSAT DNS tool, which is a lot more cumbersome than a text editor
> anyway and it's pretty much assumed that if you're using Samba
you're
> a Linux sysadmin, so not being able to use the RSAT DNS tool should
> not be a problem.
If you mix MS servers and backup ADs with Samba, seems you will have one
bunch doing dynamic updates to their local DNS and others not. That is
what I meant. But...
It seems the challenge is to define all your clients in your forwards
and reverse zone. If you know all their MAC addrs, you can set DHCP to
give them the same IP addr all the time, then flat file your DNS
accordingly. One challenge will be the IPv6 entries (one thing I don't
think Rowland's script handles yet).
However about MAC address. Note I am active in IEEE 802 and IETF. There
we are discussing the privacy leakage problem of MAC addresses and
working out how to use randomized MAC local scope addresses. This is
changes minimally to DHCP but things cascade from there. One thing we
are working with is the DHCP hostname, which can be separate from the
actual host name. ISC is patching DHCP so that when the name comes in
with a different MAC address the old lease can be released and a new one
issued (or the old one reused, but that would be a privacy breakage).
Plus the IPv6 address, based on the MAC address would be different
anyway. So if you care about your user's privacy and what the standards
people are doing to increase privacy, the above static MAC/IP DHCP setup
will break at some future point.
Again, it SEEMS I have DLZ working. And I am a newbie here. But there
may be somethings I have missed still. Like the contents of:
/var/lib/samba/private/named.conf.update
Which I did not see in the wiki where to include. See separate question
on that forthcoming....
>
> I haven't read Mark Andrew's comment, not being on the Bind list,
but
> I can't see how a problem with flat file is not also a problem with
> DLZ. After all, that's only the storage method, not the system.
>
> regards,
> John
>
>
> On 08/09/15 09:14, Robert Moskowitz wrote:
>>
>>
>> On 09/07/2015 06:02 PM, John Gardeniers wrote:
>>> Is there any chance that support for Bind flat files will return? I
>>> understand the various (extremely weak) arguments against it but
DLZ
>>> not only sucks big time, it limits proper functionality and
>>> inter-operability, necessitating significant design changes for
>>> anything but the simplest of networks. Additionally, it doesn't
work
>>> with the existing scripts many people use. I know that samba-tool
>>> can be used in scripts but due to its inadequate error checking
it's
>>> incredibly easy to break the DNS.
>>>
>>> There are very good reasons why nearly every admin I know prefers
>>> flat file. Ultimately, there is nothing easier than editing in text
>>> mode and on the extremely rare occasion that an error does creep in
>>> it's ultra easy to remedy.
>>
>> YOu break interoperablity with MS. Of course, see the bind list
>> about Mark Andrew's comment about MS and EDNS.
>>
>> It is taking me a bit to get this figured out. I am a bit
>> determined, and Rowland has been a great help.
>>
>> Next I need to see how to change the SOA TTL for my zones (with
>> samba-tool) to turn down the time to get a reasonable zone transfer
>> setting.
>>
>> And many big DNS users have left flat files for DLZ in one form or
>> another. It is the only way they can keep up with their customers.
>>
>>
>>
>
>