Univention Bugzilla – Bug 34693
Migrate DNS data to DC=DomainDnsZones
Last modified: 2017-03-01 18:32:51 CET
Currently the DNS data is stored in Samba4 in the position CN=MicrosoftDNS,CN=System,$samba4_ldap_base where samba-tool cannot find it. In the reverse direction our Bind9 does not by default look at the DNS zones stored below DC=DomainDnsZones,$samba4_ldap_base The second point is an issue e.g. for AD Takeover (Bug 34184). Moreover all tools doing DNS operations via RPC following the [MS-DNSP] protocol don't see this DNS data. Example: =========================================================================== root@master40:~# host -t srv _kerberos._tcp _kerberos._tcp.ar320i1.qa has SRV record 0 100 88 master40.ar320i1.qa. _kerberos._tcp.ar320i1.qa has SRV record 0 100 88 backup41.ar320i1.qa. =========================================================================== vs. =========================================================================== root@master40:~# samba-tool dns query localhost ar320i1.qa _kerberos._tcp SRV \ -UAdministrator%univention Name=, Records=1, Children=0 SRV: master40.ar320i1.qa. (88, 0, 100) (flags=f0, serial=1, ttl=900) =========================================================================== See also: samba-tool dns serverinfo localhost -UAdministrator%univention I did not find the point in the MS protocol specs where a relation between DC=DomainDnsZones and the domain function level is defnied, but we should check the arguments for a migration of the DNS data to the DomainDnsZones partition. As a bonus this would offer the possibility of transparent administration of DNS records directly in the Samba4 backend via samba-tool. Currently we can only do it indirectly via UDM and the S4 Connector.
*** Bug 30704 has been marked as a duplicate of this bug. ***
*** This bug has been marked as a duplicate of bug 43291 ***
*** This bug has been marked as a duplicate of bug 43692 ***