When dealing with AD integrated zone there is a property on each zone that define which kind of update are allowed iE. dn: DC=w2k3.home.matws.net,CN=MicrosoftDNS,CN=System,DC=w2k3,DC=home,DC=matws,DC=net dNSProperty: NDR: struct dnsp_DnsProperty wDataLength : 0x00000000 (0) namelength : 0x00005038 (20536) flag : 0x00000000 (0) version : 0x00000001 (1) id : DSPROPERTY_ZONE_NS_SERVERS_DA (146) data : union dnsPropertyData(case 0) name : 0x00000040 (64) dNSProperty: NDR: struct dnsp_DnsProperty wDataLength : 0x00000000 (0) namelength : 0x00005048 (20552) flag : 0x00000000 (0) version : 0x00000001 (1) id : DSPROPERTY_ZONE_SCAVENGING_SERVERS (17) data : union dnsPropertyData(case 0) name : 0x00000000 (0) dNSProperty: NDR: struct dnsp_DnsProperty wDataLength : 0x00000004 (4) namelength : 0x00000000 (0) flag : 0x00000000 (0) version : 0x00000001 (1) id : DSPROPERTY_ZONE_AGING_ENABLED_TIME (18) data : union dnsPropertyData(case 18) next_scavenging_cycle_hours: 0x00000000 (0) name : 0x00000000 (0) dNSProperty: NDR: struct dnsp_DnsProperty wDataLength : 0x00000004 (4) namelength : 0x00000000 (0) flag : 0x00000000 (0) version : 0x00000001 (1) id : DSPROPERTY_ZONE_AGING_STATE (64) data : union dnsPropertyData(case 64) aging_enabled : 0x00000000 (0) name : 0x00bde158 (12443992) dNSProperty: NDR: struct dnsp_DnsProperty wDataLength : 0x00000000 (0) namelength : 0x773ecdd3 (2000604627) flag : 0x00000000 (0) version : 0x00000001 (1) id : DSPROPERTY_ZONE_AUTO_NS_SERVERS (130) data : union dnsPropertyData(case 0) name : 0x00bde578 (12445048) dNSProperty: NDR: struct dnsp_DnsProperty wDataLength : 0x00000001 (1) namelength : 0x00000000 (0) flag : 0x00000000 (0) version : 0x00000001 (1) id : DSPROPERTY_ZONE_ALLOW_UPDATE (2) data : union dnsPropertyData(case 2) allow_update_flag : DNS_ZONE_UPDATE_SECURE (2) name : 0x0000bde0 (48608)
Damn, I was told this wasn't the case when I set up the initial smb.conf options for this. I wonder if we can fix this for 4.1, and how to migrate this.
I think we should just remove the smb.conf option, and use this in-directory data. Given the default is for secure updates only, this shouldn't expose anyone, and we just mention it in WHATSNEW. If we must keep the smb.conf option while deprecating it over a release, we change the default to 'directory', so folks who have not changed the option just work.
Sounds good to me. :)