search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-provision: Provision DNS records with correct rank
[Samba/gebeck_regimport.git] / source4 / scripting / python / samba / provision / sambadns.py
blob6e58f07e18db73b664fed423cc5a3e234bcb9c00
1 # Unix SMB/CIFS implementation.
2 # backend code for provisioning DNS for a Samba4 server
3 #
4 # Copyright (C) Kai Blin <kai@samba.org> 2011
5 # Copyright (C) Amitay Isaacs <amitay@gmail.com> 2011
6 #
7 # This program is free software; you can redistribute it and/or modify
8 # it under the terms of the GNU General Public License as published by
9 # the Free Software Foundation; either version 3 of the License, or
10 # (at your option) any later version.
11 #
12 # This program is distributed in the hope that it will be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
16 #
17 # You should have received a copy of the GNU General Public License
18 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 #
20
21 """DNS-related provisioning"""
22
23 import os
24 import uuid
25 import ldb
26 import samba
27 from samba.ndr import ndr_pack, ndr_unpack
28 from samba import read_and_sub_file
29 from samba.dcerpc import dnsp, misc
30 from samba.dsdb import (
31 DS_DOMAIN_FUNCTION_2000,
32 DS_DOMAIN_FUNCTION_2003,
33 DS_DOMAIN_FUNCTION_2008,
34 DS_DOMAIN_FUNCTION_2008_R2
35 )
36
37
38 def add_ldif(ldb, ldif_file, subst_vars, controls=["relax:0"]):
39 ldif_file_path = os.path.join(samba.param.setup_dir(), ldif_file)
40 data = read_and_sub_file(ldif_file_path, subst_vars)
41 ldb.add_ldif(data, controls)
42
43 def modify_ldif(ldb, ldif_file, subst_vars, controls=["relax:0"]):
44 ldif_file_path = os.path.join(samba.param.setup_dir(), ldif_file)
45 data = read_and_sub_file(ldif_file_path, subst_vars)
46 ldb.modify_ldif(data, controls)
47
48 def get_domainguid(samdb, domaindn):
49 res = samdb.search(base=domaindn, scope=ldb.SCOPE_BASE, attrs=["objectGUID"])
50 domainguid = str(ndr_unpack(misc.GUID, res[0]["objectGUID"][0]))
51 return domainguid
52
53 def get_ntdsguid(samdb, domaindn):
54 configdn = samdb.get_config_basedn()
55
56 res1 = samdb.search(base="OU=Domain Controllers,%s" % domaindn, scope=ldb.SCOPE_ONELEVEL,
57 attrs=["dNSHostName"])
58
59 res2 = samdb.search(expression="serverReference=%s" % res1[0].dn, base=configdn)
60
61 res3 = samdb.search(base="CN=NTDS Settings,%s" % res2[0].dn, scope=ldb.SCOPE_BASE,
62 attrs=["objectGUID"])
63 ntdsguid = str(ndr_unpack(misc.GUID, res3[0]["objectGUID"][0]))
64 return ntdsguid
65
66
67 class ARecord(dnsp.DnssrvRpcRecord):
68 def __init__(self, ip_addr, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE):
69 super(ARecord, self).__init__()
70 self.wType = dnsp.DNS_TYPE_A
71 self.rank = rank
72 self.dwSerial = serial
73 self.dwTtlSeconds = ttl
74 self.data = ip_addr
75
76 class AAAARecord(dnsp.DnssrvRpcRecord):
77 def __init__(self, ip6_addr, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE):
78 super(AAAARecord, self).__init__()
79 self.wType = dnsp.DNS_TYPE_AAAA
80 self.rank = rank
81 self.dwSerial = serial
82 self.dwTtlSeconds = ttl
83 self.data = ip6_addr
84
85 class CNameRecord(dnsp.DnssrvRpcRecord):
86 def __init__(self, cname, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE):
87 super(CNameRecord, self).__init__()
88 self.wType = dnsp.DNS_TYPE_CNAME
89 self.rank = rank
90 self.dwSerial = serial
91 self.dwTtlSeconds = ttl
92 self.data = cname
93
94 class NSRecord(dnsp.DnssrvRpcRecord):
95 def __init__(self, dns_server, serial=1, ttl=900, rank=dnsp.DNS_RANK_ZONE):
96 super(NSRecord, self).__init__()
97 self.wType = dnsp.DNS_TYPE_NS
98 self.rank = rank
99 self.dwSerial = serial
100 self.dwTtlSeconds = ttl
101 self.data = dns_server
102
103 class SOARecord(dnsp.DnssrvRpcRecord):
104 def __init__(self, mname, rname, serial=1, refresh=900, retry=600,
105 expire=86400, minimum=3600, ttl=3600, rank=dnsp.DNS_RANK_ZONE):
106 super(SOARecord, self).__init__()
107 self.wType = dnsp.DNS_TYPE_SOA
108 self.rank = rank
109 self.dwSerial = serial
110 self.dwTtlSeconds = ttl
111 soa = dnsp.soa()
112 soa.serial = serial
113 soa.refresh = refresh
114 soa.retry = retry
115 soa.expire = expire
116 soa.mname = mname
117 soa.rname = rname
118 self.data = soa
119
120 class SRVRecord(dnsp.DnssrvRpcRecord):
121 def __init__(self, target, port, priority=0, weight=100, serial=1, ttl=900,
122 rank=dnsp.DNS_RANK_ZONE):
123 super(SRVRecord, self).__init__()
124 self.wType = dnsp.DNS_TYPE_SRV
125 self.rank = rank
126 self.dwSerial = serial
127 self.dwTtlSeconds = ttl
128 srv = dnsp.srv()
129 srv.nameTarget = target
130 srv.wPort = port
131 srv.wPriority = priority
132 srv.wWeight = weight
133 self.data = srv
134
135
136 def setup_dns_partitions(samdb, domaindn, forestdn, configdn, serverdn):
137
138 # FIXME: Default security descriptor for Domain-DNS objectCategory is different in
139 # our documentation from windows
140
141 domainzone_dn = "DC=DomainDnsZones,%s" % domaindn
142 forestzone_dn = "DC=ForestDnsZones,%s" % forestdn
143
144 add_ldif(samdb, "provision_dnszones_partitions.ldif", {
145 "DOMAINZONE_DN": domainzone_dn,
146 "FORESTZONE_DN": forestzone_dn,
147 })
148
149 domainzone_guid = get_domainguid(samdb, domainzone_dn)
150 forestzone_guid = get_domainguid(samdb, forestzone_dn)
151
152 domainzone_guid = str(uuid.uuid4())
153 forestzone_guid = str(uuid.uuid4())
154
155 domainzone_dns = ldb.Dn(samdb, domainzone_dn).canonical_ex_str().strip()
156 forestzone_dns = ldb.Dn(samdb, forestzone_dn).canonical_ex_str().strip()
157
158 add_ldif(samdb, "provision_dnszones_add.ldif", {
159 "DOMAINZONE_DN": domainzone_dn,
160 "FORESTZONE_DN": forestzone_dn,
161 "DOMAINZONE_GUID": domainzone_guid,
162 "FORESTZONE_GUID": forestzone_guid,
163 "DOMAINZONE_DNS": domainzone_dns,
164 "FORESTZONE_DNS": forestzone_dns,
165 "CONFIGDN": configdn,
166 "SERVERDN": serverdn,
167 })
168
169 modify_ldif(samdb, "provision_dnszones_modify.ldif", {
170 "CONFIGDN": configdn,
171 "SERVERDN": serverdn,
172 "DOMAINZONE_DN": domainzone_dn,
173 "FORESTZONE_DN": forestzone_dn,
174 })
175
176
177 def add_dns_accounts(samdb, domaindn):
178 add_ldif(samdb, "provision_dns_accounts_add.ldif", {
179 "DOMAINDN": domaindn,
180 })
181
182 def add_dns_container(samdb, domaindn, prefix):
183 # CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
184 msg = ldb.Message(ldb.Dn(samdb, "CN=MicrosoftDNS,%s,%s" % (prefix, domaindn)))
185 msg["objectClass"] = ["top", "container"]
186 msg["displayName"] = ldb.MessageElement("DNS Servers", ldb.FLAG_MOD_ADD, "displayName")
187 samdb.add(msg)
188
189
190 def add_rootservers(samdb, domaindn, prefix):
191 rootservers = {}
192 rootservers["a.root-servers.net"] = "198.41.0.4"
193 rootservers["b.root-servers.net"] = "192.228.79.201"
194 rootservers["c.root-servers.net"] = "192.33.4.12"
195 rootservers["d.root-servers.net"] = "128.8.10.90"
196 rootservers["e.root-servers.net"] = "192.203.230.10"
197 rootservers["f.root-servers.net"] = "192.5.5.241"
198 rootservers["g.root-servers.net"] = "192.112.36.4"
199 rootservers["h.root-servers.net"] = "128.63.2.53"
200 rootservers["i.root-servers.net"] = "192.36.148.17"
201 rootservers["j.root-servers.net"] = "192.58.128.30"
202 rootservers["k.root-servers.net"] = "193.0.14.129"
203 rootservers["l.root-servers.net"] = "199.7.83.42"
204 rootservers["m.root-servers.net"] = "202.12.27.33"
205
206 rootservers_v6 = {}
207 rootservers_v6["a.root-servers.net"] = "2001:503:ba3e::2:30"
208 rootservers_v6["f.root-servers.net"] = "2001:500:2f::f"
209 rootservers_v6["h.root-servers.net"] = "2001:500:1::803f:235"
210 rootservers_v6["j.root-servers.net"] = "2001:503:c27::2:30"
211 rootservers_v6["k.root-servers.net"] = "2001:7fd::1"
212 rootservers_v6["m.root-servers.net"] = "2001:dc3::35"
213
214 container_dn = "DC=RootDNSServers,CN=MicrosoftDNS,%s,%s" % (prefix, domaindn)
215
216 # Add DC=RootDNSServers,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
217 msg = ldb.Message(ldb.Dn(samdb, container_dn))
218 msg["objectClass"] = ["top", "dnsZone"]
219 samdb.add(msg)
220
221 # Add DC=@,DC=RootDNSServers,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
222 record = []
223 for rserver in rootservers:
224 record.append(ndr_pack(NSRecord(rserver, serial=0, ttl=0, rank=dnsp.DNS_RANK_ROOT_HINT)))
225
226 msg = ldb.Message(ldb.Dn(samdb, "DC=@,%s" % container_dn))
227 msg["objectClass"] = ["top", "dnsNode"]
228 msg["dnsRecord"] = ldb.MessageElement(record, ldb.FLAG_MOD_ADD, "dnsRecord")
229 samdb.add(msg)
230
231 # Add DC=<rootserver>,DC=RootDNSServers,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
232 for rserver in rootservers:
233 record = [ndr_pack(ARecord(rootservers[rserver], serial=0, ttl=0, rank=dnsp.DNS_RANK_ROOT_HINT))]
234 # Add AAAA record as well (How does W2K* add IPv6 records?)
235 #if rserver in rootservers_v6:
236 # record.append(ndr_pack(AAAARecord(rootservers_v6[rserver], serial=0, ttl=0)))
237 msg = ldb.Message(ldb.Dn(samdb, "DC=%s,%s" % (rserver, container_dn)))
238 msg["objectClass"] = ["top", "dnsNode"]
239 msg["dnsRecord"] = ldb.MessageElement(record, ldb.FLAG_MOD_ADD, "dnsRecord")
240 samdb.add(msg)
241
242 def add_at_record(samdb, container_dn, prefix, hostname, dnsdomain, hostip, hostip6):
243
244 fqdn_hostname = "%s.%s" % (hostname, dnsdomain)
245
246 at_records = []
247
248 # SOA record
249 at_soa_record = SOARecord(fqdn_hostname, "hostmaster.%s" % dnsdomain)
250 at_records.append(ndr_pack(at_soa_record))
251
252 # NS record
253 at_ns_record = NSRecord(fqdn_hostname)
254 at_records.append(ndr_pack(at_ns_record))
255
256 if hostip is not None:
257 # A record
258 at_a_record = ARecord(hostip)
259 at_records.append(ndr_pack(at_a_record))
260
261 if hostip6 is not None:
262 # AAAA record
263 at_aaaa_record = AAAARecord(hostip6)
264 at_records.append(ndr_pack(at_aaaa_record))
265
266 msg = ldb.Message(ldb.Dn(samdb, "DC=@,%s" % container_dn))
267 msg["objectClass"] = ["top", "dnsNode"]
268 msg["dnsRecord"] = ldb.MessageElement(at_records, ldb.FLAG_MOD_ADD, "dnsRecord")
269 samdb.add(msg)
270
271 def add_srv_record(samdb, container_dn, prefix, host, port):
272 srv_record = SRVRecord(host, port)
273 msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn)))
274 msg["objectClass"] = ["top", "dnsNode"]
275 msg["dnsRecord"] = ldb.MessageElement(ndr_pack(srv_record), ldb.FLAG_MOD_ADD, "dnsRecord")
276 samdb.add(msg)
277
278 def add_ns_record(samdb, container_dn, prefix, host):
279 ns_record = NSRecord(host)
280 msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn)))
281 msg["objectClass"] = ["top", "dnsNode"]
282 msg["dnsRecord"] = ldb.MessageElement(ndr_pack(ns_record), ldb.FLAG_MOD_ADD, "dnsRecord")
283 samdb.add(msg)
284
285 def add_ns_glue_record(samdb, container_dn, prefix, host):
286 ns_record = NSRecord(host, rank=dnsp.DNS_RANK_NS_GLUE)
287 msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn)))
288 msg["objectClass"] = ["top", "dnsNode"]
289 msg["dnsRecord"] = ldb.MessageElement(ndr_pack(ns_record), ldb.FLAG_MOD_ADD, "dnsRecord")
290 samdb.add(msg)
291
292 def add_cname_record(samdb, container_dn, prefix, host):
293 cname_record = CNameRecord(host)
294 msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn)))
295 msg["objectClass"] = ["top", "dnsNode"]
296 msg["dnsRecord"] = ldb.MessageElement(ndr_pack(cname_record), ldb.FLAG_MOD_ADD, "dnsRecord")
297 samdb.add(msg)
298
299 def add_host_record(samdb, container_dn, prefix, hostip, hostip6):
300 host_records = []
301 if hostip:
302 a_record = ARecord(hostip)
303 host_records.append(ndr_pack(a_record))
304 if hostip6:
305 aaaa_record = AAAARecord(hostip6)
306 host_records.append(ndr_pack(aaaa_record))
307 if host_records:
308 msg = ldb.Message(ldb.Dn(samdb, "%s,%s" % (prefix, container_dn)))
309 msg["objectClass"] = ["top", "dnsNode"]
310 msg["dnsRecord"] = ldb.MessageElement(host_records, ldb.FLAG_MOD_ADD, "dnsRecord")
311 samdb.add(msg)
312
313 def add_domain_record(samdb, domaindn, prefix, dnsdomain):
314 # DC=<DNSDOMAIN>,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
315 msg = ldb.Message(ldb.Dn(samdb, "DC=%s,CN=MicrosoftDNS,%s,%s" % (dnsdomain, prefix, domaindn)))
316 msg["objectClass"] = ["top", "dnsZone"]
317 samdb.add(msg)
318
319 def add_msdcs_record(samdb, forestdn, prefix, dnsforest):
320 # DC=_msdcs.<DNSFOREST>,CN=MicrosoftDNS,<PREFIX>,<FORESTDN>
321 msg = ldb.Message(ldb.Dn(samdb, "DC=_msdcs.%s,CN=MicrosoftDNS,%s,%s" %
322 (dnsforest, prefix, forestdn)))
323 msg["objectClass"] = ["top", "dnsZone"]
324 samdb.add(msg)
325
326
327 def add_dc_domain_records(samdb, domaindn, prefix, site, dnsdomain, hostname, hostip, hostip6):
328
329 fqdn_hostname = "%s.%s" % (hostname, dnsdomain)
330
331 # Set up domain container - DC=<DNSDOMAIN>,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
332 domain_container_dn = ldb.Dn(samdb, "DC=%s,CN=MicrosoftDNS,%s,%s" %
333 (dnsdomain, prefix, domaindn))
334
335 # DC=@ record
336 add_at_record(samdb, domain_container_dn, "DC=@", hostname, dnsdomain, hostip, hostip6)
337
338 # DC=<HOSTNAME> record
339 add_host_record(samdb, domain_container_dn, "DC=%s" % hostname, hostip, hostip6)
340
341 # DC=_kerberos._tcp record
342 add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp", fqdn_hostname, 88)
343
344 # DC=_kerberos._tcp.<SITENAME>._sites record
345 add_srv_record(samdb, domain_container_dn, "DC=_kerberos._tcp.%s._sites" % site,
346 fqdn_hostname, 88)
347
348 # DC=_kerberos._udp record
349 add_srv_record(samdb, domain_container_dn, "DC=_kerberos._udp", fqdn_hostname, 88)
350
351 # DC=_kpasswd._tcp record
352 add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._tcp", fqdn_hostname, 464)
353
354 # DC=_kpasswd._udp record
355 add_srv_record(samdb, domain_container_dn, "DC=_kpasswd._udp", fqdn_hostname, 464)
356
357 # DC=_ldap._tcp record
358 add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp", fqdn_hostname, 389)
359
360 # DC=_ldap._tcp.<SITENAME>._sites record
361 add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.%s._sites" % site,
362 fqdn_hostname, 389)
363
364 # FIXME: The number of SRV records depend on the various roles this DC has.
365 # _gc and _msdcs records are added if the we are the forest dc and not subdomain dc
366 #
367 # Assumption: current DC is GC and add all the entries
368
369 # DC=_gc._tcp record
370 add_srv_record(samdb, domain_container_dn, "DC=_gc._tcp", fqdn_hostname, 3268)
371
372 # DC=_gc._tcp.<SITENAME>,_sites record
373 add_srv_record(samdb, domain_container_dn, "DC=_gc._tcp.%s._sites" % site, fqdn_hostname, 3268)
374
375 # DC=_msdcs record
376 add_ns_glue_record(samdb, domain_container_dn, "DC=_msdcs", fqdn_hostname)
377
378 # FIXME: Following entries are added only if DomainDnsZones and ForestDnsZones partitions
379 # are created
380 #
381 # Assumption: Additional entries won't hurt on os_level = 2000
382
383 # DC=_ldap._tcp.<SITENAME>._sites.DomainDnsZones
384 add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.%s._sites.DomainDnsZones" % site,
385 fqdn_hostname, 389)
386
387 # DC=_ldap._tcp.<SITENAME>._sites.ForestDnsZones
388 add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.%s._sites.ForestDnsZones" % site,
389 fqdn_hostname, 389)
390
391 # DC=_ldap._tcp.DomainDnsZones
392 add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.DomainDnsZones",
393 fqdn_hostname, 389)
394
395 # DC=_ldap._tcp.ForestDnsZones
396 add_srv_record(samdb, domain_container_dn, "DC=_ldap._tcp.ForestDnsZones",
397 fqdn_hostname, 389)
398
399 # DC=DomainDnsZones
400 add_host_record(samdb, domain_container_dn, "DC=DomainDnsZones", hostip, hostip6)
401
402 # DC=ForestDnsZones
403 add_host_record(samdb, domain_container_dn, "DC=ForestDnsZones", hostip, hostip6)
404
405
406 def add_dc_msdcs_records(samdb, forestdn, prefix, site, dnsforest, hostname,
407 hostip, hostip6, domainguid, ntdsguid):
408
409 fqdn_hostname = "%s.%s" % (hostname, dnsforest)
410
411 # Set up forest container - DC=<DNSDOMAIN>,CN=MicrosoftDNS,<PREFIX>,<DOMAINDN>
412 forest_container_dn = ldb.Dn(samdb, "DC=_msdcs.%s,CN=MicrosoftDNS,%s,%s" %
413 (dnsforest, prefix, forestdn))
414
415 # DC=@ record
416 add_at_record(samdb, forest_container_dn, "DC=@", hostname, dnsforest, None, None)
417
418 # DC=_kerberos._tcp.dc record
419 add_srv_record(samdb, forest_container_dn, "DC=_kerberos._tcp.dc", fqdn_hostname, 88)
420
421 # DC=_kerberos._tcp.<SITENAME>._sites.dc record
422 add_srv_record(samdb, forest_container_dn, "DC=_kerberos._tcp.%s._sites.dc" % site,
423 fqdn_hostname, 88)
424
425 # DC=_ldap._tcp.dc record
426 add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.dc", fqdn_hostname, 389)
427
428 # DC=_ldap._tcp.<SITENAME>._sites.dc record
429 add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s._sites.dc" % site,
430 fqdn_hostname, 389)
431
432 # DC=_ldap._tcp.<SITENAME>._sites.gc record
433 add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s._sites.gc" % site,
434 fqdn_hostname, 3268)
435
436 # DC=_ldap._tcp.gc record
437 add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.gc", fqdn_hostname, 3268)
438
439 # DC=_ldap._tcp.pdc record
440 add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.pdc", fqdn_hostname, 389)
441
442 # DC=gc record
443 add_host_record(samdb, forest_container_dn, "DC=gc", hostip, hostip6)
444
445 # DC=_ldap._tcp.<DOMAINGUID>.domains record
446 add_srv_record(samdb, forest_container_dn, "DC=_ldap._tcp.%s.domains" % domainguid,
447 fqdn_hostname, 389)
448
449 # DC=<NTDSGUID>
450 add_cname_record(samdb, forest_container_dn, "DC=%s" % ntdsguid, fqdn_hostname)
451
452
453 def is_valid_dns_backend(dns_backend):
454 return dns_backend in ("BIND9_FLATFILE", "BIND9_DLZ", "SAMBA_INTERNAL", "NONE")
455
456
457 def is_valid_os_level(os_level):
458 return DS_DOMAIN_FUNCTION_2000 <= os_level <= DS_DOMAIN_FUNCTION_2008_R2
459
460
461 def setup_ad_dns(samdb, names, logger, dns_backend, os_level, hostip=None,
462 hostip6=None,):
463 """Provision DNS information (assuming GC role)
464
465 :param samdb: LDB object connected to sam.ldb file
466 :param names: Names shortcut
467 :param logger: Logger object
468 :param dns_backend: Type of DNS backend
469 :param os_level: Functional level (treated as os level)
470 :param hostip: IPv4 address
471 :param hostip6: IPv6 address
472 """
473
474 if not is_valid_dns_backend(dns_backend):
475 raise Exception("Invalid dns backend: %r" % dns_backend)
476
477 if not is_valid_os_level(os_level):
478 raise Exception("Invalid os level: %r" % os_level)
479
480 if dns_backend is "NONE":
481 logger.info("No DNS backend set, not configuring DNS")
482 return
483
484 # If dns_backend is BIND9_FLATFILE
485 # Populate only CN=MicrosoftDNS,CN=System,<DOMAINDN>
486 #
487 # If dns_backend is SAMBA_INTERNAL or BIND9_DLZ
488 # Populate DNS partitions
489
490 # If os_level < 2003 (DS_DOMAIN_FUNCTION_2000)
491 # All dns records are in CN=MicrosoftDNS,CN=System,<DOMAINDN>
492 #
493 # If os_level >= 2003 (DS_DOMAIN_FUNCTION_2003, DS_DOMAIN_FUNCTION_2008,
494 # DS_DOMAIN_FUNCTION_2008_R2)
495 # Root server records are in CN=MicrosoftDNS,CN=System,<DOMAINDN>
496 # Domain records are in CN=MicrosoftDNS,CN=System,<DOMAINDN>
497 # Domain records are in CN=MicrosoftDNS,DC=DomainDnsZones,<DOMAINDN>
498 # Forest records are in CN=MicrosoftDNS,DC=ForestDnsZones,<DOMAINDN>
499
500 domaindn = names.domaindn
501 forestdn = samdb.get_root_basedn().get_linearized()
502
503 dnsdomain = names.dnsdomain.lower()
504 dnsforest = dnsdomain
505
506 hostname = names.netbiosname.lower()
507 site = names.sitename
508
509 domainguid = get_domainguid(samdb, domaindn)
510 ntdsguid = get_ntdsguid(samdb, domaindn)
511
512 # Add dns accounts (DnsAdmins, DnsUpdateProxy) in domain
513 logger.info("Adding DNS accounts")
514 add_dns_accounts(samdb, domaindn)
515
516 logger.info("Populating CN=MicrosoftDNS,CN=System,%s" % domaindn)
517
518 # Set up MicrosoftDNS container
519 add_dns_container(samdb, domaindn, "CN=System")
520
521 # Add root servers
522 add_rootservers(samdb, domaindn, "CN=System")
523
524 if os_level == DS_DOMAIN_FUNCTION_2000:
525
526 # Add domain record
527 add_domain_record(samdb, domaindn, "CN=System", dnsdomain)
528
529 # Add DNS records for a DC in domain
530 add_dc_domain_records(samdb, domaindn, "CN=System", site, dnsdomain,
531 hostname, hostip, hostip6)
532
533 elif dns_backend in ("SAMBA_INTERNAL", "BIND9_DLZ") and \
534 os_level >= DS_DOMAIN_FUNCTION_2003:
535
536 # Set up additional partitions (DomainDnsZones, ForstDnsZones)
537 logger.info("Creating DomainDnsZones and ForestDnsZones partitions")
538 setup_dns_partitions(samdb, domaindn, forestdn, names.configdn, names.serverdn)
539
540 ##### Set up DC=DomainDnsZones,<DOMAINDN>
541 logger.info("Populating DomainDnsZones partition")
542
543 # Set up MicrosoftDNS container
544 add_dns_container(samdb, domaindn, "DC=DomainDnsZones")
545
546 # Add rootserver records
547 add_rootservers(samdb, domaindn, "DC=DomainDnsZones")
548
549 # Add domain record
550 add_domain_record(samdb, domaindn, "DC=DomainDnsZones", dnsdomain)
551
552 # Add DNS records for a DC in domain
553 add_dc_domain_records(samdb, domaindn, "DC=DomainDnsZones", site, dnsdomain,
554 hostname, hostip, hostip6)
555
556 ##### Set up DC=ForestDnsZones,<DOMAINDN>
557 logger.info("Populating ForestDnsZones partition")
558
559 # Set up MicrosoftDNS container
560 add_dns_container(samdb, forestdn, "DC=ForestDnsZones")
561
562 # Add _msdcs record
563 add_msdcs_record(samdb, forestdn, "DC=ForestDnsZones", dnsforest)
564
565 # Add DNS records for a DC in forest
566 add_dc_msdcs_records(samdb, forestdn, "DC=ForestDnsZones", site, dnsforest,
567 hostname, hostip, hostip6, domainguid, ntdsguid)
reg import