On 05/03/16 22:55, Rowland penny wrote:> Don't use freebsd, but Samba 4, when run as an AD DC, uses nsupdate to > update a computers DNS records in AD.First off, thanks for answering. Alas, I don't really understand what you mean... Is it used to dynamically add A records for clients that connect to the AD?>> Is it intended to work with BIND (like the other two in that group)? > > Well it does work with Bind9, but it also works with the internal Samba > DNS server.Then why is it an option *in alternative* to BIND?>> Any reference to a tutorial or any other documentation on how to use it? > > Normally you do not run nsupdate directly, but you could try browsing > the Samba wiki: > > https://wiki.samba.org/index.php/Main_PageI did: I think I gave a quick read to almost the whole wiki, but didn't find anything pertinent. If I'm wrong or blind, then please forgive me and possibly point me to the right section. What I'm trying to understand is: _ we can have internal DNS *or* BIND+DLZ: is NSUPDATE a third independent alternative? _ if not, why is it an option with internal DNS? What happens without it? bye & Thanks av.
On 04/05/16 19:07, Andrea Venturoli wrote:> On 05/03/16 22:55, Rowland penny wrote: > >> Don't use freebsd, but Samba 4, when run as an AD DC, uses nsupdate to >> update a computers DNS records in AD. > > First off, thanks for answering. > > Alas, I don't really understand what you mean... > > Is it used to dynamically add A records for clients that connect to > the AD?basically, yes> > > > > >>> Is it intended to work with BIND (like the other two in that group)? >> >> Well it does work with Bind9, but it also works with the internal Samba >> DNS server. > > Then why is it an option *in alternative* to BIND?What do you mean '*in alternative*' ??> > > > > >>> Any reference to a tutorial or any other documentation on how to use >>> it? >> >> Normally you do not run nsupdate directly, but you could try browsing >> the Samba wiki: >> >> https://wiki.samba.org/index.php/Main_Page > > I did: I think I gave a quick read to almost the whole wiki, but > didn't find anything pertinent. > If I'm wrong or blind, then please forgive me and possibly point me to > the right section. > > > > > What I'm trying to understand is: > _ we can have internal DNS *or* BIND+DLZ: is NSUPDATE a third > independent alternative? > _ if not, why is it an option with internal DNS? What happens without it? > >No, nsupdate, isn't an independent alternative, it is used to update DNS records in AD and it isn't an option, it is a requirement, samba_dnsupdate will not work without it. Rowland
On 05/04/16 20:23, Rowland penny wrote: (I understand this might be specific to FreeBSD, but I asked on its mailing list and got no answer...)>> Then why is it an option *in alternative* to BIND? > > What do you mean '*in alternative*' ??I mean when I build Samba port, I can choose NSUPDATE *or* BIND99 *or* BIN910 (where "or" means "exclusive or", I can choose at most one). Those options are described as: BIND99 = Use bind99 as AD DC DNS server frontend BIND910 = Use bind910 as AD DC DNS server frontend NSUPDATE = Use samba NSUPDATE utility for AD DC Notice this options only serve the purpose of tracking dependencies between packages; they do not mess with the way Samba is compiled or configured. Choosing NSUPDATE brings in another port/package, named samba-nsupdate and described as "nsupdate utility with GSS-TSIG support", which installs "/usr/local/bin/samba-nsupdate". It's man pages starts with:> samba-nsupdate is used to submit Dynamic DNS Update requests as defined > in RFC 2136 to a name server. This allows resource records to be added > or removed from a zone without manually editing the zone file. A single > update request can contain requests to add or remove more than one > resource record.There's also another option, DNSUPDATE, which is independent of the above mentioned three. It's described as "Dynamic DNS update (require ADS)" and control whether --with-dnsupdate or --without-dnsupdate is used in the configuring phase. Perhaps you are talking about this one? bye & Thanks av.