From: Andrew Bartlett Date: Fri, 17 Feb 2017 05:24:27 +0000 (+1300) Subject: samba_dnsupdate: Ensure we only force "server" under resolv_wrapper X-Git-Tag: ldb-1.1.31~117 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4a437eb4beca6e52ab1e3dfda6427b40af1b06fd;p=thirdparty%2Fsamba.git samba_dnsupdate: Ensure we only force "server" under resolv_wrapper This ensures that nsupdate can use a namserver in /etc/resolv.conf that is a cache or forwarder, rather than the AD DC directly. This avoids a regression from forcing the nameservers to the /etc/resolv.conf nameservers in e85ef1dbfef4b16c35cac80c0efc563d8cd1ba3e Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam --- diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index d382758168b..ba167da2876 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -430,8 +430,19 @@ def call_nsupdate(d, op="add"): (tmp_fd, tmpfile) = tempfile.mkstemp() f = os.fdopen(tmp_fd, 'w') - if d.nameservers != []: + + # Getting this line right is really important. When we are under + # resolv_wrapper, then we want to use RESOLV_CONF and the + # nameserver therein. The issue is that this parameter forces us + # to only ever use that server, and not some other server that the + # NS record may point to, even as we get a ticket to that other + # server. + # + # Therefore we must not set this in production. + + if os.getenv('RESOLV_CONF') and d.nameservers != []: f.write('server %s\n' % d.nameservers[0]) + if d.type == "A": f.write("update %s %s %u A %s\n" % (op, normalised_name, default_ttl, d.ip)) if d.type == "AAAA":