From 4a437eb4beca6e52ab1e3dfda6427b40af1b06fd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 17 Feb 2017 18:24:27 +1300 Subject: [PATCH] samba_dnsupdate: Ensure we only force "server" under resolv_wrapper This ensures that nsupdate can use a namserver in /etc/resolv.conf that is a cache or forwarder, rather than the AD DC directly. This avoids a regression from forcing the nameservers to the /etc/resolv.conf nameservers in e85ef1dbfef4b16c35cac80c0efc563d8cd1ba3e Signed-off-by: Andrew Bartlett Reviewed-by: Garming Sam --- source4/scripting/bin/samba_dnsupdate | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index d382758168b..ba167da2876 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -430,8 +430,19 @@ def call_nsupdate(d, op="add"): (tmp_fd, tmpfile) = tempfile.mkstemp() f = os.fdopen(tmp_fd, 'w') - if d.nameservers != []: + + # Getting this line right is really important. When we are under + # resolv_wrapper, then we want to use RESOLV_CONF and the + # nameserver therein. The issue is that this parameter forces us + # to only ever use that server, and not some other server that the + # NS record may point to, even as we get a ticket to that other + # server. + # + # Therefore we must not set this in production. + + if os.getenv('RESOLV_CONF') and d.nameservers != []: f.write('server %s\n' % d.nameservers[0]) + if d.type == "A": f.write("update %s %s %u A %s\n" % (op, normalised_name, default_ttl, d.ip)) if d.type == "AAAA": -- 2.47.2