diff options
| author | Volker Lendecke <vl@samba.org> | 2019-01-03 16:44:45 +0100 |
|---|---|---|
| committer | Volker Lendecke <vl@samba.org> | 2019-01-15 07:53:22 +0100 |
| commit | 9563fcf6ffae4a6d3595a1207513bbf0742203f4 (patch) | |
| tree | 9c389dc13d2d9bf28fac8d39cedb731716f9163f | |
| parent | 99b775336b72c6a7d0ce121b2eeb027901482a6d (diff) | |
| download | samba-9563fcf6ffae4a6d3595a1207513bbf0742203f4.tar.gz | |
samba_dnsupdate: With dns_hub, we don't need resolv_wrap
Best viewed with git show -b
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
| -rwxr-xr-x | source4/scripting/bin/samba_dnsupdate | 37 |
1 files changed, 12 insertions, 25 deletions
diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index b22dde8360b..74f10427b4e 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -476,32 +476,19 @@ def call_nsupdate(d, op="add"): (tmp_fd, tmpfile) = tempfile.mkstemp() f = os.fdopen(tmp_fd, 'w') - # Getting this line right is really important. When we are under - # resolv_wrapper, then we want to use RESOLV_CONF and the - # nameserver therein. The issue is that this parameter forces us - # to only ever use that server, and not some other server that the - # NS record may point to, even as we get a ticket to that other - # server. - # - # Therefore we must not set this in production, instead we want - # to find the name of a SOA for the zone and use that server. + resolver = get_resolver(d) - if os.getenv('RESOLV_CONF') and d.nameservers != []: - f.write('server %s\n' % d.nameservers[0]) - else: - resolver = get_resolver(d) - - # Local the zone for this name - zone = dns.resolver.zone_for_name(normalised_name, - resolver=resolver) - - # Now find the SOA, or if we can't get a ticket to the SOA, - # any server with an NS record we can get a ticket for. - # - # Thanks to the Kerberos Credentials cache this is not - # expensive inside the loop - server = get_krb5_rw_dns_server(creds, zone) - f.write('server %s\n' % server) + # Local the zone for this name + zone = dns.resolver.zone_for_name(normalised_name, + resolver=resolver) + + # Now find the SOA, or if we can't get a ticket to the SOA, + # any server with an NS record we can get a ticket for. + # + # Thanks to the Kerberos Credentials cache this is not + # expensive inside the loop + server = get_krb5_rw_dns_server(creds, zone) + f.write('server %s\n' % server) if d.type == "A": f.write("update %s %s %u A %s\n" % (op, normalised_name, default_ttl, d.ip)) |