On Tue, 6 Jun 2017 13:06:42 +0200 Marcel de Reuver via samba <samba at lists.samba.org> wrote:> A quick search on Google gives: http://www.unixfu > .ch/how-do-i-update-the-root-hints-data-file-for-bind-named-server/ >The OP basically did that manually, but it didn't change the record in AD. The record is an 'A' record, but 'samba-tool dns update' will not change it, because it claims the zone does not exist. The record has this DN: DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com So the zone seems to be 'RootDNSServers' but this doesn't seem to exist :-( Rowland
Am Tue, 6 Jun 2017 12:23:24 +0100 schrieb Rowland Penny <rpenny at samba.org>:> On Tue, 6 Jun 2017 13:06:42 +0200 > Marcel de Reuver via samba <samba at lists.samba.org> wrote: > > > A quick search on Google gives: http://www.unixfu > > .ch/how-do-i-update-the-root-hints-data-file-for-bind-named-server/Yes, that's what I did already. My db.root / db.hints file is up to date. But that does not solve my problem.> The OP basically did that manually, but it didn't change the record in > AD. > The record is an 'A' record, but 'samba-tool dns update' will not > change it, because it claims the zone does not exist. The record has > this DN: > > DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > So the zone seems to be 'RootDNSServers' but this doesn't seem to > exist :-(Exactly. Of course, I could try and change the data using ldbedit, but AD DNS records are stored in a binary encoded data structure that not only includes record type and value, but also a serial number, etc. Thus, such a manual change would be error prone, to say the least. Perhaps, samba-tool could be enhanced to make changing the root hints possible? It can handle "normal" DNS records, so I wouldn't expect non-trivial showstoppers... Best, Torsten -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: Digitale Signatur von OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20170606/3366c49b/attachment.sig>
On Tue, 6 Jun 2017 16:12:11 +0200 Torsten Kurbad via samba <samba at lists.samba.org> wrote:> Am Tue, 6 Jun 2017 12:23:24 +0100 > schrieb Rowland Penny <rpenny at samba.org>: > > > On Tue, 6 Jun 2017 13:06:42 +0200 > > Marcel de Reuver via samba <samba at lists.samba.org> wrote: > > > > > A quick search on Google gives: http://www.unixfu > > > .ch/how-do-i-update-the-root-hints-data-file-for-bind-named-server/ > > Yes, that's what I did already. My db.root / db.hints file is up to > date. But that does not solve my problem. > > > The OP basically did that manually, but it didn't change the record > > in AD. > > The record is an 'A' record, but 'samba-tool dns update' will not > > change it, because it claims the zone does not exist. The record has > > this DN: > > > > DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > > > So the zone seems to be 'RootDNSServers' but this doesn't seem to > > exist :-( > > Exactly. > > Of course, I could try and change the data using ldbedit, but AD DNS > records are stored in a binary encoded data structure that not only > includes record type and value, but also a serial number, etc. > > Thus, such a manual change would be error prone, to say the least. > > Perhaps, samba-tool could be enhanced to make changing the root hints > possible? It can handle "normal" DNS records, so I wouldn't expect > non-trivial showstoppers... >This was my first thought, but after comparing the record in AD for 'RootDNSServers' with the forward zone, it is a zone, but 'samba-tool dns zonelist' doesn't show it. It looks like the 'C' code is where the problem lies. I am going to raise a bug report for this. Rowland