I don't really know, but in my opinion the actual DNS setup procedure for SAMBA 4 is a bit tricky. It would be a bit easier, if SAMBA also generates an appropopriate include file for the Bind DNS server configuration. For example: zone "<dnsname>" { type master; file <zonefile>; allow-update { any; }; }; The include and zone file should be put in a common directory with write allow for the Bind server to create and maintain the file for dynamic host updates. So the user has only to worry about the include directive in the main configuration file. In a later stage then it should be possible to configure DNS with Microsoft's DNS MMC tool. But I think, then there is a need for an embedded customized builtin DNS service in SAMBA, that can read the informations saved in AD.
I want to avoid having our own DNS server for as long as possible. We do however need to figure out what would be required to get the correct behaviour out of BIND.
But for now I would propose the design with the include for the main configuration file (see above), so the setting up is much more uncomplicated (only to add the include line in the main configuration file). In a later stage there is then also the possibility to manage multiple domains without great modifications.
Since it's not really a bug, I'll mark it as a feature request.
I've added the generation of a named.conf snippet, which we can expand to include GSS-TSIG configuration in future.
Ok! I've seen you've taken my approach on this now. But how would you like to handle the dynamic DNS updates? This with that GSS-TSIG?
Simo has promised to show me how to do that. I hope it's just a matter of extending the generated configuration, and exporting a keytab. I don't know how the ACLs will work...
Andrew, any progress here? Has Simo helped you?
The current generated configuration is as far as I'm going so far.
Matthias: GSS-TSIG updates are now working in Git, and detailed configuration documentation is generated in ${prefix}/private/named.conf Please review these changes to determine if they resolve this bug.
Yeah, as "include file" I thought a completely finished "named.conf" snippet that I can integrate through the include directive in the main "named.conf" of the server. The instructions should be moved in a separate file (for example bind.txt or named.txt). Another idea: would it be possible to move the "named.conf" snippet, keytab and zone file to the bind zone directory. Is this too much efford to do? Naturally, It would be much more comfortable, If we could use a configuration API of bind. But I don't know if there exists something similar. Please tell me about your opinions!
Created attachment 3384 [details] Patch for named.conf I changed the "named.conf" in the sense that it can be directly included in the main BIND configuration file. This needs also a change in the provision script (for the path).
Created attachment 3385 [details] A corrected version of the provision.py Needed for "named.conf" change.
Created attachment 3386 [details] A new named.txt A new named.txt file which contains the other informations.
This looks very interesting. Any chance you can put them into a GIT repo I can pull, or as GIT formatted patches? Otherwise, I'll manually commit them tomorrow (I hope)
Please check in manually! I find this patch very neat, because it simplifies the provision a lot.
I didn't notice your changes for awhile ;-) . Okay, the matter is resolved.