zones that are being created on a w2k8r2 server via samba-tool don't have any flags. In the following output you can see some zones on the server, the zones test.foo.lan and 3.2.1.in-addr.arpa have been created by "samba-tool dns zonecreate <server-ip> <zonename> -Uadministrator --client-version w2k" (--client-version w2k was required because the default made the server reply with WERR_INVALID_PARAM ...) samba-tool dns zonelist 10.105.20.100 -Uadministrator 5 zone(s) found pszZoneName : _msdcs.foo.lan Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_UNSECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.foo.lan pszZoneName : 3.2.1.in-addr.arpa Flags : DNS_RPC_ZONE_REVERSE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : NONE pszDpFqdn : None pszZoneName : 7.16.172.in-addr.arpa Flags : DNS_RPC_ZONE_REVERSE DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.foo.lan pszZoneName : foo.lan Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_UNSECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.foo.lan pszZoneName : created-on-win.foo.lan Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.foo.lan pszZoneName : test.foo.lan Flags : NONE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : NONE pszDpFqdn : None
dnsserver RPC issue.
Created attachment 8932 [details] Pass additional flags when creating new zone commit c22eb103d865ed50a6c3ca89750245b92e17b493
Created attachment 8933 [details] Set secure update flag on zone in separate operation commit 05578dcdbfa1734ae7bafb70859a76f4cd2a023d
The two patches fix the problem of correctly creating zone with all client versions.
Looks good to me. Karolin, please pick these up for 4.0.next
(In reply to comment #5) > Looks good to me. Karolin, please pick these up for 4.0.next Need a second review first...
it looks better now but I'm not sure it is entirely right now: a zone created via samba-tool: pszZoneName : foo.faa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_LEGACY DNS_DP_ENLISTED pszDpFqdn : MicrosoftDNS a zone created in the w2k8r2 by GUI: pszZoneName : windows.test Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.my-ad-domain.private 1) the window zone has not DNS_DP_LEGACY but it has "DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT" instead. Don't know if this is right or not 2) the samba-tool created zone has dwDpFlags "MicrosoftDNS" instead of the DomainDnsZones.fqdn-of-the-domain Amitay, Kai: this is intended?
updated patches with cherry-pick information
Created attachment 9197 [details] 0001-samba-tool-dns-Set-secure-zone-update-flag-after-cre.patch
Created attachment 9198 [details] 0002-samba-tool-dns-Pass-on-additional-flags-when-creatin.patch
Comment on attachment 9197 [details] 0001-samba-tool-dns-Set-secure-zone-update-flag-after-cre.patch added review+ on behalf of metze.
Karo please pick the two patches to 4.0. They are already in master and 4.1.
Pushed to autobuild-v4-0-test.
Pushed to v4-0-test. Closing out bug report. Thanks!