From 616c7710738dcf4d3955bbbff71d33cdf507e6ed Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 10 Jul 2014 07:25:08 +0200 Subject: [PATCH 01/11] libcli/dns: add AAAA support to dns_hosts_file.c Signed-off-by: Stefan Metzmacher --- libcli/dns/dns_hosts_file.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/libcli/dns/dns_hosts_file.c b/libcli/dns/dns_hosts_file.c index 94d1d97..5be5fca 100644 --- a/libcli/dns/dns_hosts_file.c +++ b/libcli/dns/dns_hosts_file.c @@ -88,9 +88,14 @@ static bool getdns_hosts_fileent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, cha if (next_token_talloc(ctx, &ptr, &name_type, NULL)) ++count; + if (count == 0) { + continue; + } if (next_token_talloc(ctx, &ptr, &name, NULL)) ++count; - if (name_type && strcasecmp(name_type, "A") == 0) { + if ((strcasecmp(name_type, "A") == 0) || + (strcasecmp(name_type, "AAAA") == 0)) + { if (next_token_talloc(ctx, &ptr, &ip, NULL)) ++count; } else if (name_type && strcasecmp(name_type, "SRV") == 0) { @@ -105,9 +110,11 @@ static bool getdns_hosts_fileent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, cha if (count <= 0) continue; - if (strcasecmp(name_type, "A") == 0) { + if ((strcasecmp(name_type, "A") == 0) || + (strcasecmp(name_type, "AAAA") == 0)) + { if (count != 3) { - DEBUG(0,("getdns_hosts_fileent: Ill formed hosts A record [%s]\n", + DEBUG(0,("getdns_hosts_fileent: Ill formed hosts A[AAA] record [%s]\n", line)); continue; } @@ -215,7 +222,7 @@ static NTSTATUS resolve_dns_hosts_file_as_dns_rr_recurse(const char *dns_hosts_f DEBUG(3,("resolve_dns_hosts: (%d) " "Attempting %s dns_hosts lookup for name %s\n", - level, srv_lookup ? "SRV" : "A", name)); + level, srv_lookup ? "SRV" : "A[AAA]", name)); fp = startdns_hosts_file(dns_hosts_file); @@ -278,7 +285,9 @@ static NTSTATUS resolve_dns_hosts_file_as_dns_rr_recurse(const char *dns_hosts_f mem_ctx, return_rr, return_count); talloc_free(ip_list_ctx); return status; - } else if (strcasecmp(name_type, "A") == 0) { + } else if ((strcasecmp(name_type, "A") == 0) || + (strcasecmp(name_type, "AAAA") == 0)) + { if (*return_count == 0) { /* We are happy to keep looking for other possible A record matches */ rr = talloc_zero(ip_list_ctx, @@ -405,11 +414,11 @@ NTSTATUS resolve_dns_hosts_file_as_dns_rr(const char *dns_hosts_file, if (NT_STATUS_IS_OK(status)) { DEBUG(3,("resolve_dns_hosts (dns_rr): " "Found %d %s result records for for name %s\n", - *return_count, srv_lookup ? "SRV" : "A", name)); + *return_count, srv_lookup ? "SRV" : "A[AAA]", name)); } else { DEBUG(3,("resolve_dns_hosts (dns_rr): " "failed to obtain %s result records for for name %s: %s\n", - srv_lookup ? "SRV" : "A", name, nt_errstr(status))); + srv_lookup ? "SRV" : "A[AAA]", name, nt_errstr(status))); } return status; } -- 1.9.1 From 6d35496658c01129568cd9e3f2bbf8cc0ba4a0d2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 10 Jul 2014 07:25:08 +0200 Subject: [PATCH 02/11] libcli/dns: ignore NS entries in dns_hosts_file.c at a higher log level for now Signed-off-by: Stefan Metzmacher --- libcli/dns/dns_hosts_file.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/libcli/dns/dns_hosts_file.c b/libcli/dns/dns_hosts_file.c index 5be5fca..4b1bc53 100644 --- a/libcli/dns/dns_hosts_file.c +++ b/libcli/dns/dns_hosts_file.c @@ -106,6 +106,9 @@ static bool getdns_hosts_fileent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, cha } else if (name_type && strcasecmp(name_type, "CNAME") == 0) { if (next_token_talloc(ctx, &ptr, &next_name, NULL)) ++count; + } else if (name_type && strcasecmp(name_type, "NS") == 0) { + if (next_token_talloc(ctx, &ptr, &next_name, NULL)) + ++count; } if (count <= 0) continue; @@ -155,6 +158,15 @@ static bool getdns_hosts_fileent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, cha if (!*pp_next_name) { return false; } + } else if (strcasecmp(name_type, "NS") == 0) { + if (count != 3) { + DEBUG(0,("getdns_hosts_fileent: Ill formed hosts NS record [%s]\n", + line)); + continue; + } + DEBUG(4, ("getdns_hosts_fileent: NS entry: %s %s %s\n", + name_type, name, next_name)); + continue; } else { DEBUG(0,("getdns_hosts_fileent: unknown type %s\n", name_type)); continue; -- 1.9.1 From fba27d3ab75d82019a9fb128dc685c3987ba2c0e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 19 Jun 2014 17:21:16 +0200 Subject: [PATCH 03/11] selftest: export _IPV6 environment variables Signed-off-by: Stefan Metzmacher --- selftest/README | 1 + selftest/selftest.pl | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/selftest/README b/selftest/README index c23d730..d9ad020 100644 --- a/selftest/README +++ b/selftest/README @@ -89,6 +89,7 @@ The environments are currently available include * REALM: Realm name * SERVER: DC host name * SERVER_IP: DC IPv4 address + * SERVER_IPV6: DC IPv6 address * NETBIOSNAME: DC NetBIOS name * NETIOSALIAS: DC NetBIOS alias diff --git a/selftest/selftest.pl b/selftest/selftest.pl index fde8451..8342bfe 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -707,35 +707,41 @@ my @exported_envvars = ( # domain controller stuff "DC_SERVER", "DC_SERVER_IP", + "DC_SERVER_IPV6", "DC_NETBIOSNAME", "DC_NETBIOSALIAS", # domain member "MEMBER_SERVER", "MEMBER_SERVER_IP", + "MEMBER_SERVER_IPV6", "MEMBER_NETBIOSNAME", "MEMBER_NETBIOSALIAS", # rpc proxy controller stuff "RPC_PROXY_SERVER", "RPC_PROXY_SERVER_IP", + "RPC_PROXY_SERVER_IPV6", "RPC_PROXY_NETBIOSNAME", "RPC_PROXY_NETBIOSALIAS", # domain controller stuff for Vampired DC "VAMPIRE_DC_SERVER", "VAMPIRE_DC_SERVER_IP", + "VAMPIRE_DC_SERVER_IPV6", "VAMPIRE_DC_NETBIOSNAME", "VAMPIRE_DC_NETBIOSALIAS", "PROMOTED_DC_SERVER", "PROMOTED_DC_SERVER_IP", + "PROMOTED_DC_SERVER_IPV6", "PROMOTED_DC_NETBIOSNAME", "PROMOTED_DC_NETBIOSALIAS", # server stuff "SERVER", "SERVER_IP", + "SERVER_IPV6", "NETBIOSNAME", "NETBIOSALIAS", -- 1.9.1 From 69fc0a93b6f3b898070dda98d12fe55ea3460920 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 19 Jun 2014 17:21:16 +0200 Subject: [PATCH 04/11] selftest/Samba4: also bind to ipv6 Signed-off-by: Stefan Metzmacher --- selftest/target/Samba4.pm | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 412fbff..f8ee7dd 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -536,7 +536,8 @@ sub provision_raw_prepare($$$$$$$$$$) $ctx->{tlsdir} = "$ctx->{privatedir}/tls"; $ctx->{ipv4} = "127.0.0.$swiface"; - $ctx->{interfaces} = "$ctx->{ipv4}/8"; + $ctx->{ipv6} = sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface); + $ctx->{interfaces} = "$ctx->{ipv4}/8 $ctx->{ipv6}/64"; push(@{$ctx->{directories}}, $ctx->{privatedir}); push(@{$ctx->{directories}}, $ctx->{etcdir}); @@ -702,8 +703,8 @@ $ctx->{unix_name}:x:$ctx->{unix_gid}: my $hostname = lc($ctx->{hostname}); open(HOSTS, ">>$ctx->{nsswrap_hosts}"); - print HOSTS "$ctx->{ipv4} ${hostname}.samba.example.com ${hostname} -"; + print HOSTS "$ctx->{ipv4} ${hostname}.samba.example.com ${hostname}\n"; + print HOSTS "$ctx->{ipv6} ${hostname}.samba.example.com ${hostname}\n"; close(HOSTS); my $configuration = "--configfile=$ctx->{smb_conf}"; @@ -725,6 +726,7 @@ $ctx->{unix_name}:x:$ctx->{unix_gid}: PIDDIR => $ctx->{piddir}, SERVER => $ctx->{hostname}, SERVER_IP => $ctx->{ipv4}, + SERVER_IPV6 => $ctx->{ipv6}, NETBIOSNAME => $ctx->{netbiosname}, DOMAIN => $ctx->{domain}, USERNAME => $ctx->{username}, @@ -964,12 +966,14 @@ rpc_server:tcpip = no $ret->{MEMBER_SERVER} = $ret->{SERVER}; $ret->{MEMBER_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{MEMBER_SERVER_IPV6} = $ret->{SERVER_IPV6}; $ret->{MEMBER_NETBIOSNAME} = $ret->{NETBIOSNAME}; $ret->{MEMBER_USERNAME} = $ret->{USERNAME}; $ret->{MEMBER_PASSWORD} = $ret->{PASSWORD}; $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; @@ -1058,12 +1062,14 @@ sub provision_rpc_proxy($$$) $ret->{RPC_PROXY_SERVER} = $ret->{SERVER}; $ret->{RPC_PROXY_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{RPC_PROXY_SERVER_IPV6} = $ret->{SERVER_IPV6}; $ret->{RPC_PROXY_NETBIOSNAME} = $ret->{NETBIOSNAME}; $ret->{RPC_PROXY_USERNAME} = $ret->{USERNAME}; $ret->{RPC_PROXY_PASSWORD} = $ret->{PASSWORD}; $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; @@ -1134,10 +1140,12 @@ sub provision_promoted_dc($$$) $ret->{PROMOTED_DC_SERVER} = $ret->{SERVER}; $ret->{PROMOTED_DC_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{PROMOTED_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; $ret->{PROMOTED_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; @@ -1195,10 +1203,12 @@ sub provision_vampire_dc($$$) $ret->{VAMPIRE_DC_SERVER} = $ret->{SERVER}; $ret->{VAMPIRE_DC_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{VAMPIRE_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; $ret->{VAMPIRE_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; @@ -1260,10 +1270,12 @@ sub provision_subdom_dc($$$) $ret->{SUBDOM_DC_SERVER} = $ret->{SERVER}; $ret->{SUBDOM_DC_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{SUBDOM_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; $ret->{SUBDOM_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; @@ -1295,6 +1307,7 @@ sub provision_dc($$) $ret->{NETBIOSALIAS} = "localdc1-a"; $ret->{DC_SERVER} = $ret->{SERVER}; $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; $ret->{DC_USERNAME} = $ret->{USERNAME}; $ret->{DC_PASSWORD} = $ret->{PASSWORD}; @@ -1345,6 +1358,7 @@ sub provision_fl2003dc($$) $ret->{DC_SERVER} = $ret->{SERVER}; $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; $ret->{DC_USERNAME} = $ret->{USERNAME}; $ret->{DC_PASSWORD} = $ret->{PASSWORD}; @@ -1467,10 +1481,12 @@ sub provision_rodc($$$) $ret->{RODC_DC_SERVER} = $ret->{SERVER}; $ret->{RODC_DC_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{RODC_DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; $ret->{RODC_DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; $ret->{DC_SERVER} = $dcvars->{DC_SERVER}; $ret->{DC_SERVER_IP} = $dcvars->{DC_SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{DC_SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $dcvars->{DC_NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{DC_USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{DC_PASSWORD}; @@ -1587,6 +1603,7 @@ sub provision_plugin_s4_dc($$) $ret->{DC_SERVER} = $ret->{SERVER}; $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; $ret->{DC_USERNAME} = $ret->{USERNAME}; $ret->{DC_PASSWORD} = $ret->{PASSWORD}; @@ -1629,6 +1646,7 @@ sub provision_chgdcpass($$) $ret->{DC_SERVER} = $ret->{SERVER}; $ret->{DC_SERVER_IP} = $ret->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $ret->{SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $ret->{NETBIOSNAME}; $ret->{DC_USERNAME} = $ret->{USERNAME}; $ret->{DC_PASSWORD} = $ret->{PASSWORD}; -- 1.9.1 From 3f8c14fe566cfffffcd7e518c137dde054ae5b37 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 19 Jun 2014 17:21:16 +0200 Subject: [PATCH 05/11] selftest/Samba3: also bind to ipv6 Signed-off-by: Stefan Metzmacher --- selftest/target/Samba3.pm | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index a6d85cc..324a957 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -229,6 +229,7 @@ sub setup_s3dc($$) $vars->{DC_SERVER} = $vars->{SERVER}; $vars->{DC_SERVER_IP} = $vars->{SERVER_IP}; + $vars->{DC_SERVER_IPV6} = $vars->{SERVER_IPV6}; $vars->{DC_NETBIOSNAME} = $vars->{NETBIOSNAME}; $vars->{DC_USERNAME} = $vars->{USERNAME}; $vars->{DC_PASSWORD} = $vars->{PASSWORD}; @@ -273,6 +274,7 @@ sub setup_member($$$) $ret->{DC_SERVER} = $s3dcvars->{SERVER}; $ret->{DC_SERVER_IP} = $s3dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $s3dcvars->{SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $s3dcvars->{NETBIOSNAME}; $ret->{DC_USERNAME} = $s3dcvars->{USERNAME}; $ret->{DC_PASSWORD} = $s3dcvars->{PASSWORD}; @@ -344,6 +346,7 @@ sub setup_admember($$$$) $ret->{DC_SERVER} = $dcvars->{SERVER}; $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; @@ -423,6 +426,7 @@ sub setup_admember_rfc2307($$$$) $ret->{DC_SERVER} = $dcvars->{SERVER}; $ret->{DC_SERVER_IP} = $dcvars->{SERVER_IP}; + $ret->{DC_SERVER_IPV6} = $dcvars->{SERVER_IPV6}; $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; @@ -814,6 +818,7 @@ sub provision($$$$$$) my $swiface = Samba::get_interface($server); my %ret = (); my $server_ip = "127.0.0.$swiface"; + my $server_ipv6 = sprintf("fd00:0000:0000:0000:0000:0000:5357:5f%02x", $swiface); my $domain = "SAMBA-TEST"; my $unix_name = ($ENV{USER} or $ENV{LOGNAME} or `PATH=/usr/ucb:$ENV{PATH} whoami`); @@ -918,7 +923,7 @@ sub provision($$$$$$) close(MSDFS_TARGET); chmod 0666, $msdfs_target; symlink "msdfs:$server_ip\\ro-tmp", "$msdfs_shrdir/msdfs-src1"; - symlink "msdfs:$server_ip\\ro-tmp", "$msdfs_shrdir/deeppath/msdfs-src2"; + symlink "msdfs:$server_ipv6\\ro-tmp", "$msdfs_shrdir/deeppath/msdfs-src2"; my $conffile="$libdir/server.conf"; @@ -973,7 +978,7 @@ sub provision($$$$$$) print CONF " [global] netbios name = $server - interfaces = $server_ip/8 + interfaces = $server_ip/8 $server_ipv6/64 bind interfaces only = yes panic action = cd $self->{srcdir} && $self->{srcdir}/selftest/gdb_backtrace %d %\$(MAKE_TEST_BINARY) smbd:suicide mode = yes @@ -1214,8 +1219,8 @@ domadmins:X:$gid_domadmins: warn("Unable to open $nss_wrapper_hosts"); return undef; } - print HOSTS "${server_ip} ${hostname}.samba.example.com ${hostname} -"; + print HOSTS "${server_ip} ${hostname}.samba.example.com ${hostname}\n"; + print HOSTS "${server_ipv6} ${hostname}.samba.example.com ${hostname}\n"; close(HOSTS); @@ -1242,7 +1247,8 @@ domadmins:X:$gid_domadmins: print "DONE\n"; open(DNS_UPDATE_LIST, ">$prefix/dns_update_list") or die("Unable to open $$prefix/dns_update_list"); - print DNS_UPDATE_LIST "A $server. $server_ip"; + print DNS_UPDATE_LIST "A $server. $server_ip\n"; + print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n"; close(DNS_UPDATE_LIST); if (system("$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$dns_host_file -s $conffile --update-list=$prefix/dns_update_list --no-substiutions --no-credentials") != 0) { @@ -1250,6 +1256,7 @@ domadmins:X:$gid_domadmins: } $ret{SERVER_IP} = $server_ip; + $ret{SERVER_IPV6} = $server_ipv6; $ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log"; $ret{NMBD_TEST_LOG_POS} = 0; $ret{WINBINDD_TEST_LOG} = "$prefix/winbindd_test.log"; -- 1.9.1 From 9dd5c81410195ec45a3b8f5bc9601a2538e36f5a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 28 Apr 2014 08:27:26 +0200 Subject: [PATCH 06/11] s4:samba_dnsupdate: fix dnsobj.__str__() We should not implicitly use the global variable 'd'. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher --- source4/scripting/bin/samba_dnsupdate | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index 68b0f72..86c0aa1 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -152,15 +152,15 @@ class dnsobj(object): raise Exception("Received unexpected DNS reply of type %s" % self.type) def __str__(self): - if d.type == "A": + if self.type == "A": return "%s %s %s" % (self.type, self.name, self.ip) - if d.type == "AAAA": + if self.type == "AAAA": return "%s %s %s" % (self.type, self.name, self.ip) - if d.type == "SRV": + if self.type == "SRV": return "%s %s %s %s" % (self.type, self.name, self.dest, self.port) - if d.type == "CNAME": + if self.type == "CNAME": return "%s %s %s" % (self.type, self.name, self.dest) - if d.type == "NS": + if self.type == "NS": return "%s %s %s" % (self.type, self.name, self.dest) -- 1.9.1 From 03d3011e2881a03d840bfdb0a7e15346bd37e329 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 28 Apr 2014 08:29:40 +0200 Subject: [PATCH 07/11] s4:samba_dnsupdate: cache the already registered records This way we can delete records which are not used anymore. E.g. if the ip address changed. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher --- selftest/target/Samba3.pm | 2 +- source4/dsdb/dns/dns_update.c | 13 ++++ source4/scripting/bin/samba_dnsupdate | 117 +++++++++++++++++++++++++++++----- 3 files changed, 115 insertions(+), 17 deletions(-) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 324a957..5aa2c00 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1251,7 +1251,7 @@ domadmins:X:$gid_domadmins: print DNS_UPDATE_LIST "AAAA $server. $server_ipv6\n"; close(DNS_UPDATE_LIST); - if (system("$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$dns_host_file -s $conffile --update-list=$prefix/dns_update_list --no-substiutions --no-credentials") != 0) { + if (system("$ENV{SRCDIR_ABS}/source4/scripting/bin/samba_dnsupdate --all-interfaces --use-file=$dns_host_file -s $conffile --update-list=$prefix/dns_update_list --update-cache=$prefix/dns_update_cache --no-substiutions --no-credentials") != 0) { die "Unable to update hostname into $dns_host_file"; } diff --git a/source4/dsdb/dns/dns_update.c b/source4/dsdb/dns/dns_update.c index 3e10447..aa617c6 100644 --- a/source4/dsdb/dns/dns_update.c +++ b/source4/dsdb/dns/dns_update.c @@ -397,6 +397,7 @@ struct dnsupdate_RODC_state { struct irpc_message *msg; struct dnsupdate_RODC *r; char *tmp_path; + char *tmp_path2; int fd; }; @@ -406,6 +407,9 @@ static int dnsupdate_RODC_destructor(struct dnsupdate_RODC_state *st) close(st->fd); } unlink(st->tmp_path); + if (st->tmp_path2 != NULL) { + unlink(st->tmp_path2); + } return 0; } @@ -483,6 +487,13 @@ static NTSTATUS dnsupdate_dnsupdate_RODC(struct irpc_message *msg, talloc_set_destructor(st, dnsupdate_RODC_destructor); + st->tmp_path2 = talloc_asprintf(st, "%s.cache", st->tmp_path); + if (!st->tmp_path2) { + talloc_free(st); + r->out.result = NT_STATUS_NO_MEMORY; + return NT_STATUS_OK; + } + sid_dn = ldb_dn_new_fmt(st, s->samdb, "", dom_sid_string(st, r->in.dom_sid)); if (!sid_dn) { talloc_free(st); @@ -575,6 +586,8 @@ static NTSTATUS dnsupdate_dnsupdate_RODC(struct irpc_message *msg, dns_update_command, "--update-list", st->tmp_path, + "--update-cache", + st->tmp_path2, NULL); NT_STATUS_HAVE_NO_MEMORY(req); diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index 86c0aa1..f00123b 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -63,6 +63,7 @@ parser.add_option("--all-names", action="store_true") parser.add_option("--all-interfaces", action="store_true") parser.add_option("--use-file", type="string", help="Use a file, rather than real DNS calls") parser.add_option("--update-list", type="string", help="Add DNS names from the given file") +parser.add_option("--update-cache", type="string", help="Cache database of already registered records") parser.add_option("--fail-immediately", action='store_true', help="Exit on first failure") parser.add_option("--no-credentials", dest='nocreds', action='store_true', help="don't try and get credentials") parser.add_option("--no-substiutions", dest='nosubs', action='store_true', help="don't try and expands variables in file specified by --update-list") @@ -278,12 +279,14 @@ def get_subst_vars(samdb): return vars -def call_nsupdate(d): +def call_nsupdate(d, op="add"): """call nsupdate for an entry.""" global ccachename, nsupdate_cmd, krb5conf + assert(op in ["add", "delete"]) + if opts.verbose: - print "Calling nsupdate for %s" % d + print "Calling nsupdate for %s (%s)" % (d, op) if opts.use_file is not None: try: @@ -299,8 +302,13 @@ def call_nsupdate(d): wfile = os.fdopen(tmp_fd, 'a') rfile.seek(0) for line in rfile: + if op == "delete": + l = parse_dns_line(line, {}) + if str(l).lower() == str(d).lower(): + continue wfile.write(line) - wfile.write(str(d)+"\n") + if op == "add": + wfile.write(str(d)+"\n") os.rename(tmpfile, opts.use_file) fcntl.lockf(rfile, fcntl.LOCK_UN) return @@ -312,18 +320,18 @@ def call_nsupdate(d): if getattr(d, 'nameservers', None): f.write('server %s\n' % d.nameservers[0]) if d.type == "A": - f.write("update add %s %u A %s\n" % (normalised_name, default_ttl, d.ip)) + f.write("update %s %s %u A %s\n" % (normalised_name, op, default_ttl, d.ip)) if d.type == "AAAA": - f.write("update add %s %u AAAA %s\n" % (normalised_name, default_ttl, d.ip)) + f.write("update %s %s %u AAAA %s\n" % (normalised_name, op, default_ttl, d.ip)) if d.type == "SRV": - if d.existing_port is not None: + if op == "add" and d.existing_port is not None: f.write("update delete %s SRV 0 %s %s %s\n" % (normalised_name, d.existing_weight, d.existing_port, d.dest)) - f.write("update add %s %u SRV 0 100 %s %s\n" % (normalised_name, default_ttl, d.port, d.dest)) + f.write("update %s %s %u SRV 0 100 %s %s\n" % (normalised_name, op, default_ttl, d.port, d.dest)) if d.type == "CNAME": - f.write("update add %s %u CNAME %s\n" % (normalised_name, default_ttl, d.dest)) + f.write("update %s %s %u CNAME %s\n" % (normalised_name, op, default_ttl, d.dest)) if d.type == "NS": - f.write("update add %s %u NS %s\n" % (normalised_name, default_ttl, d.dest)) + f.write("update %s %s %u NS %s\n" % (normalised_name, op, default_ttl, d.dest)) if opts.verbose: f.write("show\n") f.write("send\n") @@ -359,10 +367,12 @@ def call_nsupdate(d): -def rodc_dns_update(d, t): +def rodc_dns_update(d, t, op): '''a single DNS update via the RODC netlogon call''' global sub_vars + assert(op in ["add", "delete"]) + if opts.verbose: print "Calling netlogon RODC update for %s" % d @@ -386,7 +396,10 @@ def rodc_dns_update(d, t): name.weight = 0 if d.port is not None: name.port = int(d.port) - name.dns_register = True + if op == "add": + name.dns_register = True + else: + name.dns_register = False dns_names.names = [ name ] site_name = sub_vars['SITE'].decode('utf-8') @@ -405,10 +418,12 @@ def rodc_dns_update(d, t): sys.exit(1) -def call_rodc_update(d): +def call_rodc_update(d, op="add"): '''RODCs need to use the netlogon API for nsupdate''' global lp, sub_vars + assert(op in ["add", "delete"]) + # we expect failure for 3268 if we aren't a GC if d.port is not None and int(d.port) == 3268: return @@ -428,7 +443,7 @@ def call_rodc_update(d): subname = samba.substitute_var(map[t], sub_vars) if subname.lower() == d.name.lower(): # found a match - do the update - rodc_dns_update(d, t) + rodc_dns_update(d, t, op) return if opts.verbose: print("Unable to map to netlogon DNS update: %s" % d) @@ -440,6 +455,11 @@ if opts.update_list: else: dns_update_list = lp.private_path('dns_update_list') +if opts.update_cache: + dns_update_cache = opts.update_cache +else: + dns_update_cache = lp.private_path('dns_update_cache') + # use our private krb5.conf to avoid problems with the wrong domain # bind9 nsupdate wants the default domain set krb5conf = lp.private_path('krb5.conf') @@ -458,8 +478,31 @@ else: # build up a list of update commands to pass to nsupdate update_list = [] dns_list = [] +cache_list = [] +delete_list = [] dup_set = set() +cache_set = set() + +rebuild_cache = False +try: + cfile = open(dns_update_cache, 'r+') +except IOError: + # Perhaps create it + cfile = open(dns_update_cache, 'w+') + # Open it for reading again, in case someone else got to it first + cfile = open(dns_update_cache, 'r+') +fcntl.lockf(cfile, fcntl.LOCK_EX) +for line in cfile: + line = line.strip() + if line == '' or line[0] == "#": + continue + c = parse_dns_line(line, {}) + if c is None: + continue + if str(c) not in cache_set: + cache_list.append(c) + cache_set.add(str(c)) # read each line, and check that the DNS name exists for line in file: @@ -497,17 +540,50 @@ for d in dns_list: # now check if the entries already exist on the DNS server for d in dns_list: + found = False + for c in cache_list: + if str(c).lower() == str(d).lower(): + found = True + break + if not found: + rebuild_cache = True if opts.all_names or not check_dns_name(d): update_list.append(d) -if len(update_list) == 0: +for c in cache_list: + found = False + for d in dns_list: + if str(c).lower() == str(d).lower(): + found = True + break + if found: + continue + rebuild_cache = True + if not opts.all_names and not check_dns_name(c): + continue + delete_list.append(c) + +if len(delete_list) == 0 and len(update_list) == 0 and not rebuild_cache: if opts.verbose: print "No DNS updates needed" sys.exit(0) # get our krb5 creds -if not opts.nocreds: - get_credentials(lp) +if len(delete_list) != 0 or len(update_list) != 0: + if not opts.nocreds: + get_credentials(lp) + +# ask nsupdate to delete entries as needed +for d in delete_list: + if am_rodc: + if d.name.lower() == domain.lower(): + continue + if not d.type in [ 'A', 'AAAA' ]: + call_rodc_update(d, op="delete") + else: + call_nsupdate(d, op="delete") + else: + call_nsupdate(d, op="delete") # ask nsupdate to add entries as needed for d in update_list: @@ -521,6 +597,15 @@ for d in update_list: else: call_nsupdate(d) +if rebuild_cache: + (file_dir, file_name) = os.path.split(dns_update_cache) + (tmp_fd, tmpfile) = tempfile.mkstemp(dir=file_dir, prefix=file_name, suffix="XXXXXX") + wfile = os.fdopen(tmp_fd, 'a') + for d in dns_list: + wfile.write(str(d)+"\n") + os.rename(tmpfile, dns_update_cache) +fcntl.lockf(cfile, fcntl.LOCK_UN) + # delete the ccache if we created it if ccachename is not None: os.unlink(ccachename) -- 1.9.1 From d0c36aa7aec650844803ee76d169a2092b99dded Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 28 Apr 2014 17:26:51 +0200 Subject: [PATCH 08/11] s4:samba_dnsupdate: don't lower case the registered names This matches Windows... Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher --- source4/scripting/bin/samba_dnsupdate | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index f00123b..1718b99 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -137,20 +137,20 @@ class dnsobj(object): self.existing_port = None self.existing_weight = None self.type = list[0] - self.name = list[1].lower() + self.name = list[1] if self.type == 'SRV': if len(list) < 4: raise Exception("Invalid DNS entry %r" % string_form) - self.dest = list[2].lower() + self.dest = list[2] self.port = list[3] elif self.type in ['A', 'AAAA']: self.ip = list[2] # usually $IP, which gets replaced elif self.type == 'CNAME': - self.dest = list[2].lower() + self.dest = list[2] elif self.type == 'NS': - self.dest = list[2].lower() + self.dest = list[2] else: - raise Exception("Received unexpected DNS reply of type %s" % self.type) + raise Exception("Received unexpected DNS reply of type %s: %s" % (self.type, string_form)) def __str__(self): if self.type == "A": -- 1.9.1 From 6f8822a8ece6490b5ff12c67e50cd9467e80d763 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 8 Jul 2014 00:05:03 +0200 Subject: [PATCH 09/11] s4:samba_dnsupdate: don't try to be smart when verifying NS records We can't rely on the DNS delegation to be correct in the parent domain. What we really want is to check if we already have registered ourself as a NS record in our own domain. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher --- source4/scripting/bin/samba_dnsupdate | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index 1718b99..67dbd40 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -203,25 +203,6 @@ def check_dns_name(d): return False resolver = dns.resolver.Resolver() - if d.type == "NS": - # we need to lookup the nameserver for the parent domain, - # and use that to check the NS record - parent_domain = '.'.join(normalised_name.split('.')[1:]) - try: - ans = resolver.query(parent_domain, 'NS') - except dns.exception.DNSException: - if opts.verbose: - print "Failed to find parent NS for %s" % d - return False - nameservers = set() - for i in range(len(ans)): - try: - ns = resolver.query(str(ans[i]), 'A') - except dns.exception.DNSException: - continue - for j in range(len(ns)): - nameservers.add(str(ns[j])) - d.nameservers = list(nameservers) try: if getattr(d, 'nameservers', None): -- 1.9.1 From 867fae15434733a1962cee9a39c2124c844d9dae Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 28 Apr 2014 17:33:50 +0200 Subject: [PATCH 10/11] s4:samba_dnsupdate: provide more substitution variables e.g. IF_RODC This will make the dns_update_list more flexiable. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher --- source4/scripting/bin/samba_dnsupdate | 57 +++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index 67dbd40..f1ace29 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -42,6 +42,7 @@ import samba import optparse from samba import getopt as options from ldb import SCOPE_BASE +from samba import dsdb from samba.auth import system_session from samba.samdb import SamDB from samba.dcerpc import netlogon, winbind @@ -168,10 +169,13 @@ class dnsobj(object): def parse_dns_line(line, sub_vars): """parse a DNS line from.""" if line.startswith("SRV _ldap._tcp.pdc._msdcs.") and not samdb.am_pdc(): + # We keep this as compat to the dns_update_list of 4.0/4.1 if opts.verbose: print "Skipping PDC entry (%s) as we are not a PDC" % line return None subline = samba.substitute_var(line, sub_vars) + if subline == '' or subline[0] == "#": + return None return dnsobj(subline) @@ -255,7 +259,60 @@ def get_subst_vars(samdb): res = samdb.search(base=samdb.get_default_basedn(), scope=SCOPE_BASE, attrs=["objectGUID"]) guid = samdb.schema_format_value("objectGUID", res[0]['objectGUID'][0]) vars['DOMAINGUID'] = guid + + vars['IF_DC'] = "" + vars['IF_RWDC'] = "# " + vars['IF_RODC'] = "# " + vars['IF_PDC'] = "# " + vars['IF_GC'] = "# " + vars['IF_RWGC'] = "# " + vars['IF_ROGC'] = "# " + vars['IF_DNS_DOMAIN'] = "# " + vars['IF_RWDNS_DOMAIN'] = "# " + vars['IF_RODNS_DOMAIN'] = "# " + vars['IF_DNS_FOREST'] = "# " + vars['IF_RWDNS_FOREST'] = "# " + vars['IF_R0DNS_FOREST'] = "# " + am_rodc = samdb.am_rodc() + if am_rodc: + vars['IF_RODC'] = "" + else: + vars['IF_RWDC'] = "" + + if samdb.am_pdc(): + vars['IF_PDC'] = "" + + # check if we "are DNS server" + res = samdb.search(base=samdb.get_config_basedn(), + expression='(objectguid=%s)' % vars['NTDSGUID'], + attrs=["options", "msDS-hasMasterNCs"]) + + if len(res) == 1: + if "options" in res[0]: + options = int(res[0]["options"][0]) + if (options & dsdb.DS_NTDSDSA_OPT_IS_GC) != 0: + vars['IF_GC'] = "" + if am_rodc: + vars['IF_ROGC'] = "" + else: + vars['IF_RWGC'] = "" + + basedn = str(samdb.get_default_basedn()) + if "msDS-hasMasterNCs" in res[0]: + for e in res[0]["msDS-hasMasterNCs"]: + if str(e) == "DC=DomainDnsZones,%s" % basedn: + vars['IF_DNS_DOMAIN'] = "" + if am_rodc: + vars['IF_RODNS_DOMAIN'] = "" + else: + vars['IF_RWDNS_DOMAIN'] = "" + if str(e) == "DC=ForestDnsZones,%s" % basedn: + vars['IF_DNS_FOREST'] = "" + if am_rodc: + vars['IF_RODNS_FOREST'] = "" + else: + vars['IF_RWDNS_FOREST'] = "" return vars -- 1.9.1 From bec2f63a413f3b4665bf5c31cf5d03cd36c7205a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 28 Apr 2014 18:54:13 +0200 Subject: [PATCH 11/11] s4:setup/dns_update_list: make use of the new substitution variables This let us register the same names as Windows Servers. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9831 Signed-off-by: Stefan Metzmacher --- source4/setup/dns_update_list | 84 ++++++++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 36 deletions(-) diff --git a/source4/setup/dns_update_list b/source4/setup/dns_update_list index 4da0398..bbc387a 100644 --- a/source4/setup/dns_update_list +++ b/source4/setup/dns_update_list @@ -1,39 +1,51 @@ # this is a list of DNS entries which will be put into DNS using # dynamic DNS update. It is processed by the samba_dnsupdate script -A ${DNSDOMAIN} $IP -A ${HOSTNAME} $IP -AAAA ${DNSDOMAIN} $IP -AAAA ${HOSTNAME} $IP +A ${HOSTNAME} $IP +AAAA ${HOSTNAME} $IP + +# RW domain controller +${IF_RWDC}A ${DNSDOMAIN} $IP +${IF_RWDC}AAAA ${DNSDOMAIN} $IP +${IF_RWDC}SRV _ldap._tcp.${DNSDOMAIN} ${HOSTNAME} 389 +${IF_RWDC}SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 +${IF_RWDC}SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} ${HOSTNAME} 389 +${IF_RWDC}SRV _kerberos._tcp.${DNSDOMAIN} ${HOSTNAME} 88 +${IF_RWDC}SRV _kerberos._udp.${DNSDOMAIN} ${HOSTNAME} 88 +${IF_RWDC}SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88 +${IF_RWDC}SRV _kpasswd._tcp.${DNSDOMAIN} ${HOSTNAME} 464 +${IF_RWDC}SRV _kpasswd._udp.${DNSDOMAIN} ${HOSTNAME} 464 +# RW and RO domain controller +${IF_DC}CNAME ${NTDSGUID}._msdcs.${DNSFOREST} ${HOSTNAME} +${IF_DC}SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 389 +${IF_DC}SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 +${IF_DC}SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 88 +${IF_DC}SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88 + +# The PDC emulator +${IF_PDC}SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 + +# RW GC servers +${IF_RWGC}A gc._msdcs.${DNSFOREST} $IP +${IF_RWGC}AAAA gc._msdcs.${DNSFOREST} $IP +${IF_RWGC}SRV _gc._tcp.${DNSFOREST} ${HOSTNAME} 3268 +${IF_RWGC}SRV _ldap._tcp.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268 +# RW and RO GC servers +${IF_GC}SRV _gc._tcp.${SITE}._sites.${DNSFOREST} ${HOSTNAME} 3268 +${IF_GC}SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268 + +# RW DNS servers +${IF_RWDNS_DOMAIN}NS ${DNSDOMAIN} ${HOSTNAME} +${IF_RWDNS_DOMAIN}A DomainDnsZones.${DNSDOMAIN} $IP +${IF_RWDNS_DOMAIN}AAAA DomainDnsZones.${DNSDOMAIN} $IP +${IF_RWDNS_DOMAIN}SRV _ldap._tcp.DomainDnsZones.${DNSDOMAIN} ${HOSTNAME} 389 +# RW and RO DNS servers +${IF_DNS_DOMAIN}SRV _ldap._tcp.${SITE}._sites.DomainDnsZones.${DNSDOMAIN} ${HOSTNAME} 389 + +# RW DNS servers +${IF_RWDNS_FOREST}NS ${DNSFOREST} ${HOSTNAME} +${IF_RWDNS_FOREST}A ForestDnsZones.${DNSFOREST} $IP +${IF_RWDNS_FOREST}AAAA ForestDnsZones.${DNSFOREST} $IP +${IF_RWDNS_FOREST}SRV _ldap._tcp.ForestDnsZones.${DNSFOREST} ${HOSTNAME} 389 +# RW and RO DNS servers +${IF_DNS_FOREST}SRV _ldap._tcp.${SITE}._sites.ForestDnsZones.${DNSFOREST} ${HOSTNAME} 389 -A gc._msdcs.${DNSFOREST} $IP -AAAA gc._msdcs.${DNSFOREST} $IP - -CNAME ${NTDSGUID}._msdcs.${DNSFOREST} ${HOSTNAME} - -SRV _kpasswd._tcp.${DNSDOMAIN} ${HOSTNAME} 464 -SRV _kpasswd._udp.${DNSDOMAIN} ${HOSTNAME} 464 - -SRV _kerberos._tcp.${DNSDOMAIN} ${HOSTNAME} 88 -SRV _kerberos._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88 -SRV _kerberos._tcp.dc._msdcs.${DNSFOREST} ${HOSTNAME} 88 -SRV _kerberos._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 88 -SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 88 -SRV _kerberos._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 88 - -SRV _kerberos._udp.${DNSDOMAIN} ${HOSTNAME} 88 - -SRV _ldap._tcp.${DNSDOMAIN} ${HOSTNAME} 389 -SRV _ldap._tcp.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 -SRV _ldap._tcp.dc._msdcs.${DNSFOREST} ${HOSTNAME} 389 -SRV _ldap._tcp.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268 -SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 -SRV _ldap._tcp.pdc._msdcs.${DNSFOREST} ${HOSTNAME} 389 -SRV _ldap._tcp.${SITE}._sites.${DNSDOMAIN} ${HOSTNAME} 389 -SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSDOMAIN} ${HOSTNAME} 389 -SRV _ldap._tcp.${SITE}._sites.dc._msdcs.${DNSFOREST} ${HOSTNAME} 389 -SRV _ldap._tcp.${SITE}._sites.gc._msdcs.${DNSFOREST} ${HOSTNAME} 3268 -SRV _ldap._tcp.${DOMAINGUID}.domains._msdcs.${DNSFOREST} ${HOSTNAME} 389 - - -SRV _gc._tcp.${DNSFOREST} ${HOSTNAME} 3268 -SRV _gc._tcp.${SITE}._sites.${DNSFOREST} ${HOSTNAME} 3268 -- 1.9.1