On Tue, 6 Jun 2017 16:12:11 +0200 Torsten Kurbad via samba <samba at lists.samba.org> wrote:> Am Tue, 6 Jun 2017 12:23:24 +0100 > schrieb Rowland Penny <rpenny at samba.org>: > > > On Tue, 6 Jun 2017 13:06:42 +0200 > > Marcel de Reuver via samba <samba at lists.samba.org> wrote: > > > > > A quick search on Google gives: http://www.unixfu > > > .ch/how-do-i-update-the-root-hints-data-file-for-bind-named-server/ > > Yes, that's what I did already. My db.root / db.hints file is up to > date. But that does not solve my problem. > > > The OP basically did that manually, but it didn't change the record > > in AD. > > The record is an 'A' record, but 'samba-tool dns update' will not > > change it, because it claims the zone does not exist. The record has > > this DN: > > > > DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > > > So the zone seems to be 'RootDNSServers' but this doesn't seem to > > exist :-( > > Exactly. > > Of course, I could try and change the data using ldbedit, but AD DNS > records are stored in a binary encoded data structure that not only > includes record type and value, but also a serial number, etc. > > Thus, such a manual change would be error prone, to say the least. > > Perhaps, samba-tool could be enhanced to make changing the root hints > possible? It can handle "normal" DNS records, so I wouldn't expect > non-trivial showstoppers... >This was my first thought, but after comparing the record in AD for 'RootDNSServers' with the forward zone, it is a zone, but 'samba-tool dns zonelist' doesn't show it. It looks like the 'C' code is where the problem lies. I am going to raise a bug report for this. Rowland
On Tue, 6 Jun 2017 15:26:33 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Tue, 6 Jun 2017 16:12:11 +0200 > Torsten Kurbad via samba <samba at lists.samba.org> wrote: > > > Am Tue, 6 Jun 2017 12:23:24 +0100 > > schrieb Rowland Penny <rpenny at samba.org>: > > > > > On Tue, 6 Jun 2017 13:06:42 +0200 > > > Marcel de Reuver via samba <samba at lists.samba.org> wrote: > > > > > > > A quick search on Google gives: http://www.unixfu > > > > .ch/how-do-i-update-the-root-hints-data-file-for-bind-named-server/ > > > > Yes, that's what I did already. My db.root / db.hints file is up to > > date. But that does not solve my problem. > > > > > The OP basically did that manually, but it didn't change the > > > record in AD. > > > The record is an 'A' record, but 'samba-tool dns update' will not > > > change it, because it claims the zone does not exist. The record > > > has this DN: > > > > > > DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > > > > > So the zone seems to be 'RootDNSServers' but this doesn't seem to > > > exist :-( > > > > Exactly. > > > > Of course, I could try and change the data using ldbedit, but AD DNS > > records are stored in a binary encoded data structure that not only > > includes record type and value, but also a serial number, etc. > > > > Thus, such a manual change would be error prone, to say the least. > > > > Perhaps, samba-tool could be enhanced to make changing the root > > hints possible? It can handle "normal" DNS records, so I wouldn't > > expect non-trivial showstoppers... > > > > This was my first thought, but after comparing the record in AD for > 'RootDNSServers' with the forward zone, it is a zone, but 'samba-tool > dns zonelist' doesn't show it. It looks like the 'C' code is where the > problem lies. > > I am going to raise a bug report for this. > > Rowland > > >see: https://bugzilla.samba.org/show_bug.cgi?id=12823 Rowland
It looks like the original intention in our code was to be able to
add/modify records with the "." zone. Trying it, there seems to be
other
issues with using it. I'm not entirely sure if this alias is valid
against Windows or for which calls.
I just hacked a patch (see attached) to see if I could add or modify
another name server.
samba-tool dns add $DC_SERVER . @ NS testing
samba-tool dns add $DC_SERVER . testing A 1.1.1.1
samba-tool dns roothints
Name=, Records=14, Children=0
NS: h.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: f.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: b.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: m.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: l.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: i.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: e.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: d.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: k.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: a.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: g.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: c.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: j.root-servers.net. (flags=40000008, serial=0, ttl=0)
NS: testing. (flags=40000008, serial=10965, ttl=900)
Name=h.root-servers.net., Records=1, Children=0
A: 128.63.2.53 (flags=8, serial=0, ttl=0)
Name=f.root-servers.net., Records=1, Children=0
A: 192.5.5.241 (flags=8, serial=0, ttl=0)
Name=b.root-servers.net., Records=1, Children=0
A: 192.228.79.201 (flags=8, serial=0, ttl=0)
Name=m.root-servers.net., Records=1, Children=0
A: 202.12.27.33 (flags=8, serial=0, ttl=0)
Name=l.root-servers.net., Records=1, Children=0
A: 199.7.83.42 (flags=8, serial=0, ttl=0)
Name=i.root-servers.net., Records=1, Children=0
A: 192.36.148.17 (flags=8, serial=0, ttl=0)
Name=e.root-servers.net., Records=1, Children=0
A: 192.203.230.10 (flags=8, serial=0, ttl=0)
Name=d.root-servers.net., Records=1, Children=0
A: 128.8.10.90 (flags=8, serial=0, ttl=0)
Name=k.root-servers.net., Records=1, Children=0
A: 193.0.14.129 (flags=8, serial=0, ttl=0)
Name=a.root-servers.net., Records=1, Children=0
A: 198.41.0.4 (flags=8, serial=0, ttl=0)
Name=g.root-servers.net., Records=1, Children=0
A: 192.112.36.4 (flags=8, serial=0, ttl=0)
Name=c.root-servers.net., Records=1, Children=0
A: 192.33.4.12 (flags=8, serial=0, ttl=0)
Name=j.root-servers.net., Records=1, Children=0
A: 192.58.128.30 (flags=8, serial=0, ttl=0)
Name=testing., Records=1, Children=0
A: 1.1.1.1 (flags=8, serial=10965, ttl=900)
Maybe the Windows DNS management console might work now. Any tests of
RootHints in python/samba/tests/samba_tool/dnscmd.py would be
appreciated. Seeing which aliases work against Windows would be a good
idea ('.' is what Samba supports for modification but is supplying
'..RootHints' as the zone also supposed to work?). I'm also not sure
if
users of the correct permission will be able (or unable) to modify this
zone.
Cheers,
Garming
On 07/06/17 02:34, Rowland Penny via samba wrote:> On Tue, 6 Jun 2017 15:26:33 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
>
>>> Exactly.
>>>
>>> Of course, I could try and change the data using ldbedit, but AD
DNS
>>> records are stored in a binary encoded data structure that not only
>>> includes record type and value, but also a serial number, etc.
>>>
>>> Thus, such a manual change would be error prone, to say the least.
>>>
>>> Perhaps, samba-tool could be enhanced to make changing the root
>>> hints possible? It can handle "normal" DNS records, so I
wouldn't
>>> expect non-trivial showstoppers...
>>>
>> This was my first thought, but after comparing the record in AD for
>> 'RootDNSServers' with the forward zone, it is a zone, but
'samba-tool
>> dns zonelist' doesn't show it. It looks like the 'C'
code is where the
>> problem lies.
>>
>> I am going to raise a bug report for this.
>>
>> Rowland
>>
>>
>>
> see: https://bugzilla.samba.org/show_bug.cgi?id=12823
>
> Rowland
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-dnsdb-Allow-modification-of-root-hints.patch
Type: text/x-patch
Size: 2603 bytes
Desc: not available
URL:
<http://lists.samba.org/pipermail/samba/attachments/20170607/c19b9cff/0001-dnsdb-Allow-modification-of-root-hints.bin>
Am Tue, 6 Jun 2017 15:34:08 +0100 schrieb Rowland Penny <rpenny at samba.org>:> > > Perhaps, samba-tool could be enhanced to make changing the root > > > hints possible? It can handle "normal" DNS records, so I wouldn't > > > expect non-trivial showstoppers... > > > > > > > This was my first thought, but after comparing the record in AD for > > 'RootDNSServers' with the forward zone, it is a zone, but > > 'samba-tool dns zonelist' doesn't show it. It looks like the 'C' > > code is where the problem lies. > > > > I am going to raise a bug report for this. > > see: https://bugzilla.samba.org/show_bug.cgi?id=12823Thank you, Rowland. Best, Torsten -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: Digitale Signatur von OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20170607/5a375a50/attachment.sig>