Hi, ISC has released bind 9.18.0, which starts their new "ESV" series. It would be nice if samba could build a dlz module for it, like it does for older stable releases of bind. That being said, I just saw the "deprecated" remark for this module here in bugzilla, will it be removed, and if yes, when? Perhaps in samba 4.16?
(In reply to Andreas Hasenack from comment #0) > That being said, I just saw the "deprecated" remark for this module here in bugzilla, will it be removed, and if yes, when? Perhaps in samba 4.16? No. The remark is there by mistake. Normally adding a new version is quite straightforward, unless the version has DLZ changes. I see at https://blog.desdelinux.net/en/The-new-stable-branch-of-dns-bind-9-18-has-already-been-released/ this: > Removed support for previous DLZ (dynamically loadable zones) controllers and replaced with DLZ modules. but I think maybe we already have a "module" and not a "controller", so it might be OK.
Created attachment 17176 [details] maybe sufficient patch The attached patch might work. It is possible we might need to bump the DNS_CLIENTINFO_VERSION to 3, and add something to some struct. I'm a little unsure how BIND does the versioning. BIND 9.16 also has DNS_CLIENTINFO_VERSION = 3 where we have 2, and it seems to have coped.
FWIW, I pretended I didn't know any of this and used the bind 9.16 dlz module with bind 9.18 and basic stuff just worked. I created a samba 4.15.5 DC, with bind9_dlz as the backend (using said 9.16 module), and joined computers got entries in dns. I can definitely try the same with a build with your patch.
Created attachment 17194 [details] More changes Assuming the first patch is ok, this extra bit is needed for the provision tool to finish the job. Still testing it.
I provisioned a domain like this: samba-tool domain provision --domain=EXAMPLE --realm EXAMPLE.FAKE --adminpass='Passw0rd!' --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ Output: root@dc:~# samba-tool domain provision --domain=EXAMPLE --realm EXAMPLE.FAKE --adminpass='Passw0rd!' --server-role=dc --use-rfc2307 --dns-backend=BIND9_DLZ INFO 2022-03-07 19:58:25,417 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2105: Looking up IPv4 addresses INFO 2022-03-07 19:58:25,418 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up IPv6 addresses WARNING 2022-03-07 19:58:25,418 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2129: No IPv6 address will be assigned INFO 2022-03-07 19:58:25,608 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2271: Setting up share.ldb INFO 2022-03-07 19:58:25,724 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2275: Setting up secrets.ldb INFO 2022-03-07 19:58:25,812 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2280: Setting up the registry INFO 2022-03-07 19:58:26,143 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2283: Setting up the privileges database INFO 2022-03-07 19:58:26,311 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2286: Setting up idmap db INFO 2022-03-07 19:58:26,426 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2293: Setting up SAM db INFO 2022-03-07 19:58:26,472 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #880: Setting up sam.ldb partitions and settings INFO 2022-03-07 19:58:26,475 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #892: Setting up sam.ldb rootDSE INFO 2022-03-07 19:58:26,496 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1305: Pre-loading the Samba 4 and AD schema Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs INFO 2022-03-07 19:58:26,585 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1383: Adding DomainDN: DC=example,DC=fake INFO 2022-03-07 19:58:26,628 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1415: Adding configuration container INFO 2022-03-07 19:58:26,681 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1430: Setting up sam.ldb schema INFO 2022-03-07 19:58:29,077 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1448: Setting up sam.ldb configuration data INFO 2022-03-07 19:58:29,187 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1489: Setting up display specifiers INFO 2022-03-07 19:58:30,708 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1497: Modifying display specifiers and extended rights INFO 2022-03-07 19:58:30,747 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1504: Adding users container INFO 2022-03-07 19:58:30,749 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1510: Modifying users container INFO 2022-03-07 19:58:30,750 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1513: Adding computers container INFO 2022-03-07 19:58:30,753 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1519: Modifying computers container INFO 2022-03-07 19:58:30,754 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1523: Setting up sam.ldb data INFO 2022-03-07 19:58:30,858 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1553: Setting up well known security principals INFO 2022-03-07 19:58:30,907 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1567: Setting up sam.ldb users and groups INFO 2022-03-07 19:58:30,995 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1575: Setting up self join check_spn_alias_collision: trying to add SPN 'DNS/dc.example.fake' on 'CN=dns-dc,CN=Users,DC=example,DC=fake' when 'host/dc.example.fake' is on 'CN=DC,OU=Domain Controllers,DC=example,DC=fake ' Repacking database from v1 to v2 format (first record CN=ms-SPP-Activation-Objects-Container,CN=Schema,CN=Configuration,DC=example,DC=fake) Repack: re-packed 10000 records so far Repacking database from v1 to v2 format (first record CN=411,CN=DisplaySpecifiers,CN=Configuration,DC=example,DC=fake) Repacking database from v1 to v2 format (first record CN=Distributed COM Users,CN=Builtin,DC=example,DC=fake) INFO 2022-03-07 19:58:32,169 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1200: Adding DNS accounts INFO 2022-03-07 19:58:32,224 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1234: Creating CN=MicrosoftDNS,CN=System,DC=example,DC=fake INFO 2022-03-07 19:58:32,246 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1247: Creating DomainDnsZones and ForestDnsZones partitions INFO 2022-03-07 19:58:32,348 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1252: Populating DomainDnsZones and ForestDnsZones partitions Repacking database from v1 to v2 format (first record DC=ForestDnsZones,DC=example.fake,CN=MicrosoftDNS,DC=DomainDnsZones,DC=example,DC=fake) Repacking database from v1 to v2 format (first record DC=_ldap._tcp.pdc,DC=_msdcs.example.fake,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=fake) INFO 2022-03-07 19:58:32,762 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1334: See /var/lib/samba/bind-dns/named.conf for an example configuration include file for B IND INFO 2022-03-07 19:58:32,762 pid:12798 /usr/lib/python3/dist-packages/samba/provision/sambadns.py #1336: and /var/lib/samba/bind-dns/named.txt for further documentation required for secure DN S updates INFO 2022-03-07 19:58:32,823 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2009: Setting up sam.ldb rootDSE marking as synchronized INFO 2022-03-07 19:58:32,834 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2014: Fixing provision GUIDs INFO 2022-03-07 19:58:33,601 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2345: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/pr ivate/krb5.conf INFO 2022-03-07 19:58:33,603 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2347: Merge the contents of this file with your system krb5.conf or replace it with this one . Do not create a symlink! INFO 2022-03-07 19:58:33,708 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2079: Setting up fake yp server settings INFO 2022-03-07 19:58:33,838 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #487: Once the above files are installed, your Samba AD server will be ready to use INFO 2022-03-07 19:58:33,839 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #492: Server Role: active directory domain controller INFO 2022-03-07 19:58:33,839 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #493: Hostname: dc INFO 2022-03-07 19:58:33,840 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #494: NetBIOS Domain: EXAMPLE INFO 2022-03-07 19:58:33,840 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #495: DNS Domain: example.fake INFO 2022-03-07 19:58:33,840 pid:12798 /usr/lib/python3/dist-packages/samba/provision/__init__.py #496: DOMAIN SID: S-1-5-21-752986753-809568876-3657250493 And here are named logs from when I joined another samba machine to it with realmd join (using sssd): Mar 7 20:50:35 dc named[16553]: samba_dlz: starting transaction on zone example.fake Mar 7 20:50:35 dc named[16553]: samba_dlz: allowing update of signer=MEMBER2\$\@EXAMPLE.FAKE name=member2.example.fake tcpaddr=192.168.122.211 type=A key=4273146927.sig-dc.example.fake/160/0 Mar 7 20:50:35 dc named[16553]: samba_dlz: allowing update of signer=MEMBER2\$\@EXAMPLE.FAKE name=member2.example.fake tcpaddr=192.168.122.211 type=A key=4273146927.sig-dc.example.fake/160/0 Mar 7 20:50:35 dc named[16553]: client @0x7fcf190a4af0 192.168.122.211#45327/key MEMBER2\$\@EXAMPLE.FAKE: updating zone 'example.fake/NONE': deleting rrset at 'member2.example.fake' A Mar 7 20:50:35 dc named[16553]: client @0x7fcf190a4af0 192.168.122.211#45327/key MEMBER2\$\@EXAMPLE.FAKE: updating zone 'example.fake/NONE': adding an RR at 'member2.example.fake' A 192.168.122.211 Mar 7 20:50:35 dc named[16553]: samba_dlz: added rdataset member2.example.fake 'member2.example.fake.#0113600#011IN#011A#011192.168.122.211' Mar 7 20:50:35 dc named[16553]: samba_dlz: subtracted rdataset example.fake 'example.fake.#0113600#011IN#011SOA#011dc.example.fake. hostmaster.example.fake. 19 900 600 86400 3600' Mar 7 20:50:35 dc named[16553]: samba_dlz: added rdataset example.fake 'example.fake.#0113600#011IN#011SOA#011dc.example.fake. hostmaster.example.fake. 20 900 600 86400 3600' Mar 7 20:50:35 dc named[16553]: samba_dlz: committed transaction on zone example.fake Mar 7 20:50:35 dc named[16553]: samba_dlz: starting transaction on zone example.fake Mar 7 20:50:35 dc named[16553]: samba_dlz: allowing update of signer=MEMBER2\$\@EXAMPLE.FAKE name=member2.example.fake tcpaddr=192.168.122.211 type=AAAA key=1263863902.sig-dc.example.fake/160/0 Mar 7 20:50:35 dc named[16553]: client @0x7fcf190a4af0 192.168.122.211#37121/key MEMBER2\$\@EXAMPLE.FAKE: updating zone 'example.fake/NONE': deleting rrset at 'member2.example.fake' AAAA Mar 7 20:50:35 dc named[16553]: samba_dlz: committed transaction on zone example.fake And member2 is in dns: $ host member2.example.fake dc.example.fake Using domain server: Name: dc.example.fake Address: 192.168.122.199#53 Aliases: member2.example.fake has address 192.168.122.211 Can't say that all the possible features are working, but it's looking good.
Andreas, I have squashed the fixes together in https://gitlab.com/samba-team/samba/-/merge_requests/2533 Are you OK with that? Do you want to add a signed-off-by? Also, there's a copyright related task as described at: https://www.samba.org/samba/devel/copyright-policy.html which boils down to you either claim the work as your own rather than a company's, or you send in a message as described there.
I sent the email to contributing@samba.org
Created attachment 17294 [details] Patch from https://gitlab.com/samba-team/samba/-/merge_requests/2533 This is the same as https://gitlab.com/samba-team/samba/-/merge_requests/2533 but with my Signed-off-by line.
This bug was referenced in samba master: 03036442deac25f58be4119e6c9ce2586e0abf51
Created attachment 17351 [details] patch for 4.15 and 4.16
Please apply for 4.15.next and 4.16.next
Pushed to autobuild-v4-{16,15}-test.
This bug was referenced in samba v4-15-test: b7c4480448e16be71d1858932d1ef9a11ff8a50f
This bug was referenced in samba v4-16-test: 1137957a13b733babd988831ce3e7cf67ac77526
Closing out bug report. Thanks!
This bug was referenced in samba v4-15-stable (Release samba-4.15.8): b7c4480448e16be71d1858932d1ef9a11ff8a50f
This bug was referenced in samba v4-16-stable (Release samba-4.16.3): 1137957a13b733babd988831ce3e7cf67ac77526