On Mon, 2013-06-03 at 08:16 +1000, Andrew Bartlett wrote: > On Mon, 2013-06-03 at 00:05 +0200, steve wrote:
> > Hi > > openSUSE 12.3 > > This is the first time in many years where the SUSE/openSUSE bind has > > _almost_ worked out of the box. They will not entertain non chrooted > > installs. > > This is somehow totally disabled? No. You can enable it, but the chroot is the default. You cannot install bind without the bind-chroot environment package too. > > > I've tested it. It's OK without tkey-domain nor tkey-gssapi-credential > > Good. > > > I am trying to present as minimal a setup for the OP. I think in > > situations such as these, it is important to get bind working choose > > what. For that we must cut it down to an absolute minimal install with > > security settings wide open. once it's working, then we can. . . > > > > I think that DNS is still our weakest link and I'm really pleased to see > > the devs looking through the end user list occasionally. Until the > > internal DNS is ready, we're stuck with bind. Let's try and make it as > > painless as possible for ourselves. > > The only way we can really improve it (as far as I'm currently aware) is > to take the bind binary, and launch it with a custom config file inside > 'samba' like we do smbd, pointing only at our DNS zone, and with chroot > etc disabled. > > That should, in theory, get us most of the control we get with the > internal server. Someone needs to write the patches however, and it > would mean we gain yet another DNS mode (which may be more trouble than > it's worth - I don't know). > > Andrew Bartlett End users need something simple to install. We also need something that does dynamic dns reliably. The strong points of the internal dns are it's simplicity of installation. Would it be possible to get it to do dns updates from nsupdate? The only reason most of us have to go with bind is because we need reliable dynamic dns updates. Not just sometimes and then only with windows clients. Many of the questions and confusion on this list is to do with DNS. Get that sorted and you have a killer app. As this is a very big stopper for many of us, would it be possible to consider a change of developer emphasis for 4.1? Something like a 'DNS or bust' approach? Many of the things you are doing are amazing but without the basic DNS, they're lost on us end users. If you wanted any DNS testers to get it to the rolling out stage, I'm sure many of us here would be only too pleased to help you test whatever you could throw at us. Thanks for reading. Please don't lose sight of those of us do not code. We're still very much Samba and still very much here to help the devs and so the project. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba