On Mon, 2013-06-03 at 01:11 +0200, steve wrote: > On Mon, 2013-06-03 at 08:16 +1000, Andrew Bartlett wrote: > > On Mon, 2013-06-03 at 00:05 +0200, steve wrote: > > > > Hi > > > openSUSE 12.3 > > > This is the first time in many years where the SUSE/openSUSE bind has > > > _almost_ worked out of the box. They will not entertain non chrooted > > > installs. > > > > This is somehow totally disabled? > > No. You can enable it, but the chroot is the default. You cannot install > bind without the bind-chroot environment package too. > > > > > I've tested it. It's OK without tkey-domain nor tkey-gssapi-credential > > > > Good. > > > > > I am trying to present as minimal a setup for the OP. I think in > > > situations such as these, it is important to get bind working choose > > > what. For that we must cut it down to an absolute minimal install with > > > security settings wide open. once it's working, then we can. . . > > > > > > I think that DNS is still our weakest link and I'm really pleased to see > > > the devs looking through the end user list occasionally. Until the > > > internal DNS is ready, we're stuck with bind. Let's try and make it as > > > painless as possible for ourselves. > > > > The only way we can really improve it (as far as I'm currently aware) is > > to take the bind binary, and launch it with a custom config file inside > > 'samba' like we do smbd, pointing only at our DNS zone, and with chroot > > etc disabled. > > > > That should, in theory, get us most of the control we get with the > > internal server. Someone needs to write the patches however, and it > > would mean we gain yet another DNS mode (which may be more trouble than > > it's worth - I don't know). > > > > Andrew Bartlett > > End users need something simple to install. We also need something that > does dynamic dns reliably. The strong points of the internal dns are > it's simplicity of installation. Would it be possible to get it to do > dns updates from nsupdate?
It does do dns updates from nsupdate. There is a client-side error shown *after* the successful update, but the developer who developed the patch for this hasn't been able to write the tests to allow his changes to make it into master. > The only reason most of us have to go with > bind is because we need reliable dynamic dns updates. Not just sometimes > and then only with windows clients. Many of the questions and confusion > on this list is to do with DNS. Get that sorted and you have a killer > app. We are not aware that this is anything more than a cosmetic issue. We know it looks really bad, but we need someone to pick up that patch, and find a way to test. > As this is a very big stopper for many of us, would it be possible to > consider a change of developer emphasis for 4.1? Something like a 'DNS > or bust' approach? Many of the things you are doing are amazing but > without the basic DNS, they're lost on us end users. If you wanted any > DNS testers to get it to the rolling out stage, I'm sure many of us here > would be only too pleased to help you test whatever you could throw at > us. Sadly that just isn't how the Samba Team works, sorry. > Thanks for reading. Please don't lose sight of those of us do not code. > We're still very much Samba and still very much here to help the devs > and so the project. We do very much appreciate your interest. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
