samba - Oct 2024 - AD/DNS: Cannot Create a CNAME record with a blank name...

On Mon, 14 Oct 2024 10:09:14 -0400
"John R. Graham via samba" <samba at lists.samba.org> wrote:
> It turns that the scheme that I asked about above *doesn't* do what I 
> hoped it might. Creating an "example.com" zone and then a CNAME
> record that maps between the external name and the internal one for
> my server does indeed work, but the existence of the
"example.com"
> zone also blocks resolution of the names of all the externally hosted
> machines that have URLs that end in "example.com". (Just as one
> example, my mail server is externally hosted.) This is probably just
> Samba behaving as designed, namely that it's designed to be
> authoritative for the zones that it manages.
> 
> So this leads me to *another* question. If my surmise is correct,
> would it be considered a worthwhile feature to add an attribute to a
> zone record so that a zone could be declared--I'm not exactly sure
> what the term should be--selectively authoritative? The behavior
> being, if a DNS records exists in the zone, then use it; otherwise,
> forward the request to upstream DNS and then use that result?
The problem with that idea is that Microsoft would also have to accept
it and they probably wouldn't.
> 
> The reason I think this might be a reasonable and worthwhile feature
> is because the wiki describes a "trick" that has apparently
already
> ceased to function *once*. It's good for me that an alternative
> embodiment of the trick is still available, but it also might one day
> cease to work. Relying on documented features and behavior is always
> preferred.
Well a trick is just that, a trick (aka workaround), now we know it
doesn't work, I will remove it from the wiki.

Rowland
> 
>

On 10/14/24 10:22, Rowland Penny via samba wrote:
> The problem with that idea is that Microsoft would also have to accept
> it and they probably wouldn't.
Oh. Ah. So supersets to the AD behavior are strictly
verboten?
> Well a trick is just that, a trick (aka workaround), now we know it
> doesn't work, I will remove it from the wiki.
>
> Rowland
>
Actually, there's a new version of the trick that *does* work. I got a 
Wiki account so that I could document that, so, allow me. :)

- John