14986 – Please add support for bind 9.18

Bug 14986 - Please add support for bind 9.18

Summary: Please add support for bind 9.18

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	DNS plugin (BIND DLZ) (show other bugs)
Version:	4.15.5
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Jule Anger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-02-22 12:46 UTC by Andreas Hasenack
Modified:	2022-07-18 11:18 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
maybe sufficient patch (1.86 KB, patch) 2022-02-23 23:37 UTC, Douglas Bagnall	no flags	Details
More changes (1.76 KB, patch) 2022-03-07 20:02 UTC, Andreas Hasenack	no flags	Details
Patch from https://gitlab.com/samba-team/samba/-/merge_requests/2533 (3.95 KB, patch) 2022-05-20 12:28 UTC, Andreas Hasenack	no flags	Details
patch for 4.15 and 4.16 (4.20 KB, patch) 2022-06-14 23:41 UTC, Douglas Bagnall	abartlet: review+	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Hasenack 2022-02-22 12:46:46 UTC

Hi,

ISC has released bind 9.18.0, which starts their new "ESV" series. It would be nice if samba could build a dlz module for it, like it does for older stable releases of bind.

That being said, I just saw the "deprecated" remark for this module here in bugzilla, will it be removed, and if yes, when? Perhaps in samba 4.16?

Comment 1 Douglas Bagnall 2022-02-23 22:59:30 UTC

(In reply to Andreas Hasenack from comment #0)
> That being said, I just saw the "deprecated" remark for this module here in bugzilla, will it be removed, and if yes, when? Perhaps in samba 4.16?

No. The remark is there by mistake.

Normally adding a new version is quite straightforward, unless the version has DLZ changes. I see at

https://blog.desdelinux.net/en/The-new-stable-branch-of-dns-bind-9-18-has-already-been-released/

this:

> Removed support for previous DLZ (dynamically loadable zones) controllers and replaced with DLZ modules.

but I think maybe we already have a "module" and not a "controller", so it might be OK.

Comment 2 Douglas Bagnall 2022-02-23 23:37:20 UTC

Created attachment 17176 [details]
maybe sufficient patch

The attached patch might work.

It is possible we might need to bump the DNS_CLIENTINFO_VERSION to 3, and add something to some struct. I'm a little unsure how BIND does the versioning.


BIND 9.16 also has DNS_CLIENTINFO_VERSION = 3 where we have 2, and it seems to have coped.

Comment 3 Andreas Hasenack 2022-02-24 00:03:48 UTC

FWIW, I pretended I didn't know any of this and used the bind 9.16 dlz module with bind 9.18 and basic stuff just worked. I created a samba 4.15.5 DC, with bind9_dlz as the backend (using said 9.16 module), and joined computers got entries in dns.

I can definitely try the same with a build with your patch.

Comment 4 Andreas Hasenack 2022-03-07 20:02:10 UTC

Created attachment 17194 [details]
More changes

Assuming the first patch is ok, this extra bit is needed for the provision tool to finish the job.

Still testing it.

Comment 5 Andreas Hasenack 2022-03-07 20:53:35 UTC

I provisioned a domain like this:
samba-tool domain provision --domain=EXAMPLE --realm EXAMPLE.FAKE --adminpass='Passw0rd!' --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ


Output:
root@dc:~# samba-tool domain provision --domain=EXAMPLE --realm EXAMPLE.FAKE --adminpass='Passw0rd!' --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ
INFO 2022-03-07 19:58:25,417 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2105: Looking up IPv4 addresses
INFO 2022-03-07 19:58:25,418 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up IPv6 addresses
WARNING 2022-03-07 19:58:25,418 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2129: No IPv6 address will be assigned
INFO 2022-03-07 19:58:25,608 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2271: Setting up share.ldb
INFO 2022-03-07 19:58:25,724 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2275: Setting up secrets.ldb
INFO 2022-03-07 19:58:25,812 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2280: Setting up the registry
INFO 2022-03-07 19:58:26,143 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2283: Setting up the privileges database
INFO 2022-03-07 19:58:26,311 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2286: Setting up idmap db
INFO 2022-03-07 19:58:26,426 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2293: Setting up SAM db
INFO 2022-03-07 19:58:26,472 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #880: Setting up sam.ldb partitions and settings
INFO 2022-03-07 19:58:26,475 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #892: Setting up sam.ldb rootDSE
INFO 2022-03-07 19:58:26,496 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1305: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs

INFO 2022-03-07 19:58:26,585 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1383: Adding DomainDN: DC=example,DC=fake
INFO 2022-03-07 19:58:26,628 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1415: Adding configuration container
INFO 2022-03-07 19:58:26,681 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1430: Setting up sam.ldb schema
INFO 2022-03-07 19:58:29,077 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1448: Setting up sam.ldb configuration data
INFO 2022-03-07 19:58:29,187 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1489: Setting up display specifiers
INFO 2022-03-07 19:58:30,708 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1497: Modifying display specifiers and extended rights
INFO 2022-03-07 19:58:30,747 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1504: Adding users container
INFO 2022-03-07 19:58:30,749 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1510: Modifying users container
INFO 2022-03-07 19:58:30,750 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1513: Adding computers container
INFO 2022-03-07 19:58:30,753 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1519: Modifying computers container
INFO 2022-03-07 19:58:30,754 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1523: Setting up sam.ldb data
INFO 2022-03-07 19:58:30,858 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1553: Setting up well known security principals
INFO 2022-03-07 19:58:30,907 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1567: Setting up sam.ldb users and groups
INFO 2022-03-07 19:58:30,995 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1575: Setting up self join
check_spn_alias_collision: trying to add SPN 'DNS/dc.example.fake' on 'CN=dns-dc,CN=Users,DC=example,DC=fake' when 'host/dc.example.fake' is on 'CN=DC,OU=Domain Controllers,DC=example,DC=fake
'
Repacking database from v1 to v2 format (first record CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=example,DC=fake)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record CN=411,CN=DisplaySpecifiers,CN=Configuration,DC=example,DC=fake)
Repacking database from v1 to v2 format (first record CN=Distributed COM Users,CN=Builtin,DC=example,DC=fake)
INFO 2022-03-07 19:58:32,169 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1200: Adding DNS accounts
INFO 2022-03-07 19:58:32,224 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1234: Creating CN=MicrosoftDNS,CN=System,DC=example,DC=fake
INFO 2022-03-07 19:58:32,246 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1247: Creating DomainDnsZones and ForestDnsZones partitions
INFO 2022-03-07 19:58:32,348 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1252: Populating DomainDnsZones and ForestDnsZones partitions
Repacking database from v1 to v2 format (first record DC=ForestDnsZones,DC=example.fake,CN=MicrosoftDNS,DC=DomainDnsZones,DC=example,DC=fake)
Repacking database from v1 to v2 format (first record DC=_ldap._tcp.pdc,DC=_msdcs.example.fake,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=fake)
INFO 2022-03-07 19:58:32,762 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1334: See /var/lib/samba/bind-dns/named.conf for an example configuration include file for B
IND
INFO 2022-03-07 19:58:32,762 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1336: and /var/lib/samba/bind-dns/named.txt for further documentation required for secure DN
S updates
INFO 2022-03-07 19:58:32,823 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2009: Setting up sam.ldb rootDSE marking as synchronized
INFO 2022-03-07 19:58:32,834 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2014: Fixing provision GUIDs
INFO 2022-03-07 19:58:33,601 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2345: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/pr
ivate/krb5.conf
INFO 2022-03-07 19:58:33,603 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2347: Merge the contents of this file with your system krb5.conf or replace it with this one
. Do not create a symlink!
INFO 2022-03-07 19:58:33,708 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2079: Setting up fake yp server settings
INFO 2022-03-07 19:58:33,838 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #487: Once the above files are installed, your Samba AD server will be ready to use
INFO 2022-03-07 19:58:33,839 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #492: Server Role:           active directory domain controller
INFO 2022-03-07 19:58:33,839 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #493: Hostname:              dc
INFO 2022-03-07 19:58:33,840 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #494: NetBIOS Domain:        EXAMPLE
INFO 2022-03-07 19:58:33,840 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #495: DNS Domain:            example.fake
INFO 2022-03-07 19:58:33,840 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #496: DOMAIN SID:            S-1-5-21-752986753-809568876-3657250493


And here are named logs from when I joined another samba machine to it with realmd join (using sssd):
Mar  7 20:50:35 dc named[16553]: samba_dlz: starting transaction on zone example.fake
Mar  7 20:50:35 dc named[16553]: samba_dlz: allowing update of signer=MEMBER2\$\@EXAMPLE.FAKE name=member2.example.fake tcpaddr=192.168.122.211 type=A key=4273146927.sig-dc.example.fake/160/0
Mar  7 20:50:35 dc named[16553]: samba_dlz: allowing update of signer=MEMBER2\$\@EXAMPLE.FAKE name=member2.example.fake tcpaddr=192.168.122.211 type=A key=4273146927.sig-dc.example.fake/160/0
Mar  7 20:50:35 dc named[16553]: client @0x7fcf190a4af0 192.168.122.211#45327/key MEMBER2\$\@EXAMPLE.FAKE: updating zone 'example.fake/NONE': deleting rrset at 'member2.example.fake' A
Mar  7 20:50:35 dc named[16553]: client @0x7fcf190a4af0 192.168.122.211#45327/key MEMBER2\$\@EXAMPLE.FAKE: updating zone 'example.fake/NONE': adding an RR at 'member2.example.fake' A 192.168.122.211
Mar  7 20:50:35 dc named[16553]: samba_dlz: added rdataset member2.example.fake 'member2.example.fake.#0113600#011IN#011A#011192.168.122.211'
Mar  7 20:50:35 dc named[16553]: samba_dlz: subtracted rdataset example.fake 'example.fake.#0113600#011IN#011SOA#011dc.example.fake. hostmaster.example.fake. 19 900 600 86400 3600'
Mar  7 20:50:35 dc named[16553]: samba_dlz: added rdataset example.fake 'example.fake.#0113600#011IN#011SOA#011dc.example.fake. hostmaster.example.fake. 20 900 600 86400 3600'
Mar  7 20:50:35 dc named[16553]: samba_dlz: committed transaction on zone example.fake
Mar  7 20:50:35 dc named[16553]: samba_dlz: starting transaction on zone example.fake
Mar  7 20:50:35 dc named[16553]: samba_dlz: allowing update of signer=MEMBER2\$\@EXAMPLE.FAKE name=member2.example.fake tcpaddr=192.168.122.211 type=AAAA key=1263863902.sig-dc.example.fake/160/0
Mar  7 20:50:35 dc named[16553]: client @0x7fcf190a4af0 192.168.122.211#37121/key MEMBER2\$\@EXAMPLE.FAKE: updating zone 'example.fake/NONE': deleting rrset at 'member2.example.fake' AAAA
Mar  7 20:50:35 dc named[16553]: samba_dlz: committed transaction on zone example.fake


And member2 is in dns:
$ host member2.example.fake dc.example.fake                                                                                                                                         
Using domain server:                                                                                                                                                                           
Name: dc.example.fake                                                                                                                                                                          
Address: 192.168.122.199#53                                                                                                                                                                    
Aliases:                                                                                                                                                                                       
                                               
member2.example.fake has address 192.168.122.211

Can't say that all the possible features are working, but it's looking good.

Comment 6 Douglas Bagnall 2022-05-19 04:55:07 UTC

Andreas, I have squashed the fixes together in

https://gitlab.com/samba-team/samba/-/merge_requests/2533

Are you OK with that? Do you want to add a signed-off-by?

Also, there's a copyright related task as described at:

https://www.samba.org/samba/devel/copyright-policy.html

which boils down to you either claim the work as your own rather than a company's, or you send in a message as described there.

Comment 7 Andreas Hasenack 2022-05-19 13:27:19 UTC

I sent the email to contributing@samba.org

Comment 8 Andreas Hasenack 2022-05-20 12:28:34 UTC

Created attachment 17294 [details]
Patch from https://gitlab.com/samba-team/samba/-/merge_requests/2533

This is the same as https://gitlab.com/samba-team/samba/-/merge_requests/2533 but with my Signed-off-by line.

Comment 9 Samba QA Contact 2022-05-23 00:54:12 UTC

This bug was referenced in samba master:

03036442deac25f58be4119e6c9ce2586e0abf51

Comment 10 Douglas Bagnall 2022-06-14 23:41:07 UTC

Created attachment 17351 [details]
patch for 4.15 and 4.16

Comment 11 Andrew Bartlett 2022-06-17 02:14:29 UTC


Please apply for 4.15.next and 4.16.next

Comment 12 Jule Anger 2022-06-18 08:39:37 UTC

Pushed to autobuild-v4-{16,15}-test.

Comment 13 Samba QA Contact 2022-06-18 09:47:03 UTC

This bug was referenced in samba v4-15-test:

b7c4480448e16be71d1858932d1ef9a11ff8a50f

Comment 14 Samba QA Contact 2022-06-18 09:56:03 UTC

This bug was referenced in samba v4-16-test:

1137957a13b733babd988831ce3e7cf67ac77526

Comment 15 Jule Anger 2022-06-18 10:00:03 UTC

Closing out bug report.

Thanks!

Comment 16 Samba QA Contact 2022-06-28 06:50:08 UTC

This bug was referenced in samba v4-15-stable (Release samba-4.15.8):

b7c4480448e16be71d1858932d1ef9a11ff8a50f

Comment 17 Samba QA Contact 2022-07-18 11:18:08 UTC

This bug was referenced in samba v4-16-stable (Release samba-4.16.3):

1137957a13b733babd988831ce3e7cf67ac77526