From 9563fcf6ffae4a6d3595a1207513bbf0742203f4 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Thu, 3 Jan 2019 16:44:45 +0100
Subject: samba_dnsupdate: With dns_hub, we don't need resolv_wrap

Best viewed with git show -b

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 source4/scripting/bin/samba_dnsupdate | 37 ++++++++++++-----------------------
 1 file changed, 12 insertions(+), 25 deletions(-)

diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
index b22dde8360b..74f10427b4e 100755
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -476,32 +476,19 @@ def call_nsupdate(d, op="add"):
     (tmp_fd, tmpfile) = tempfile.mkstemp()
     f = os.fdopen(tmp_fd, 'w')
 
-    # Getting this line right is really important.  When we are under
-    # resolv_wrapper, then we want to use RESOLV_CONF and the
-    # nameserver therein. The issue is that this parameter forces us
-    # to only ever use that server, and not some other server that the
-    # NS record may point to, even as we get a ticket to that other
-    # server.
-    #
-    # Therefore we must not set this in production, instead we want
-    # to find the name of a SOA for the zone and use that server.
+    resolver = get_resolver(d)
 
-    if os.getenv('RESOLV_CONF') and d.nameservers != []:
-        f.write('server %s\n' % d.nameservers[0])
-    else:
-        resolver = get_resolver(d)
-
-        # Local the zone for this name
-        zone = dns.resolver.zone_for_name(normalised_name,
-                                          resolver=resolver)
-
-        # Now find the SOA, or if we can't get a ticket to the SOA,
-        # any server with an NS record we can get a ticket for.
-        #
-        # Thanks to the Kerberos Credentials cache this is not
-        # expensive inside the loop
-        server = get_krb5_rw_dns_server(creds, zone)
-        f.write('server %s\n' % server)
+    # Local the zone for this name
+    zone = dns.resolver.zone_for_name(normalised_name,
+                                      resolver=resolver)
+
+    # Now find the SOA, or if we can't get a ticket to the SOA,
+    # any server with an NS record we can get a ticket for.
+    #
+    # Thanks to the Kerberos Credentials cache this is not
+    # expensive inside the loop
+    server = get_krb5_rw_dns_server(creds, zone)
+    f.write('server %s\n' % server)
 
     if d.type == "A":
         f.write("update %s %s %u A %s\n" % (op, normalised_name, default_ttl, d.ip))
-- 
cgit v1.2.1