[Dnsmasq-discuss] Hooking up dnsmasq with the Samba 4 AD

Simon Kelley simon at thekelleys.org.uk
Tue Jan 12 09:23:03 GMT 2010 

Kai Blin wrote:
> On Tuesday 12 January 2010 08:45:15 richardvoigt at gmail.com wrote:
> 
>> I'm sure Simon will reply very soon, but maybe if you could provide
>> the following information at a very high level it would help find the
>> most user-friendly and maintainable method for supporting samba:
> 
> Sure, I can try, but I'm at a very early stage of research into this issue. :)
> 
>> What new features are required?
>> - Support for new record types? (list types)
> 
> Looking at what Win2k8R2 returns, I need support for A/AAAA, PTR, NS, SOA, MX, 
> CNAME, SRV and TXT records. I haven't wrapped my head around the dnsmasq code 
> enough to see which of these are already supported.

We supportall except NS and SOA currently.

> 
>> - Support for local lookups of record types currently only forwarded?
>> (list types)
> 
> I'd like to do a "local" lookup for all of the records mentioned above, on top 
> of either an ldap or ldb (the samba 4 AD backend library, which is similar to 
> ldap) backend.
> 
>> - Support for programmatic add/update of local records? (is DBus
>> sufficient?) - Support for true dynamic (per request in real-time)
>> responses?
> 
> For being feature complete, I'd have to cope with clients sending 
> kerberos-signed updates of their records if their address information 
> changes. That's not my immediate scope though.
> 
>> How do you propose implementing these?
>> - Add to dnsmasq daemon code?  new config-file entries?  new DBus commands?
> 
> My plan was to either add an ldap or ldb backend to dnsmasq. I'm not too 
> exited about DBus, as it would require to add yet another RPC protocol to 
> Samba. At the moment, an ldap backend that supports the dnsZone schema seems 
> to be the best fit.


Turning that around, I'd be wary of adding another RPC protocol to 
dnsmasq, which probably has tighter size contraints than Samba.

A thought: what domains are involved? If the records are for a defined 
set of domains, then you could simply configure dnsmasq with something like

server=/domain.supplied.by.samba/127.0.0.1#500

and add some code to samba which accepts DNS queries on port 500 (or 
whatever) and answers then. Essentially using the DNS protocol as an RPC 
method.

DNS queries for *.domain.supplied.by.samba would be routed to samba, 
everything else would be resolved as normal.

If "domain.supplied.by.samba" is a dynamic thing, this can already be 
configured on-the-fly by DBus.

Cheers,

Simon.

> 
> Cheers,
> Kai
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list