Gestione DNS con sambatool
Gestione record DNS
- Per creare il PTR 192.168.1.7 -> metvirt06.ad.metrica.it
samba-tool dns add metdc01 1.168.192.in-addr.arpa. 7 PTR metvirt06.ad.metrica.it. -U Administrator
Riferimenti
Esportare una zona DNS
Usare lo script:
#!/bin/sh
#
# Extract DNS zone from Samba4 native DNS using samba-tool
#
# Prerequistes:
# samba krb5-workstation
SAMBA_TOOL=samba-tool
#kinit Administrator
#trap "kdestroy; rm -f $TMPFILE" 0 1 2 15
#klist
## -k=yes doesn't work...
## Using --password isn't secure.
USER=Administrator
echo -n "$USER password:" >&2; stty -echo; read PASS; stty echo; echo '' >&2
echo 'Please ignore "Cannot do GSSAPI to an IP address" errors...' >&2
## Extract zones
# 2 zone(s) found
#
# pszZoneName : a.example.or.jp
# Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
# ZoneType : DNS_ZONE_TYPE_PRIMARY
# Version : 50
# dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
# pszDpFqdn : DomainDnsZones.a.example.or.jp
#
# pszZoneName : _msdcs.a.example.or.jp
# Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
# ZoneType : DNS_ZONE_TYPE_PRIMARY
# Version : 50
# dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
# pszDpFqdn : ForestDnsZones.a.example.or.jp
#$SAMBA_TOOL dns zonelist localhost --kerberos=yes > $TMPFILE
ZONES=`$SAMBA_TOOL dns zonelist localhost -U "$USER" --password "$PASS" | awk '$1 ~ /pszZoneName/{print $3}'`
## queryzone $zone "ForestDnsZones"
queryzone () {
local zone="$1"
local entry="$2"
local qentry="$entry"
local name
local children
local lhs
test -z "$entry" && qentry="@"
$SAMBA_TOOL dns query localhost $zone "$qentry" ALL -U "$USER" --password "$PASS" |
# Name=, Records=3, Children=0
# SOA: serial=1, refresh=900, retry=600, expire=86400, minttl=3600, ns=ad01.a.example.or.jp., email=hostmaster.a.example.or.jp. (flags=600000f0, serial=1, ttl=3600)
# NS: ad01.a.example.or.jp. (flags=600000f0, serial=1, ttl=900)
# A: 100.64.96.31 (flags=600000f0, serial=1, ttl=900)
# Name=_msdcs, Records=0, Children=0
# Name=_sites, Records=0, Children=1
# Name=_tcp, Records=0, Children=4
while read line; do
set $line
case "$1" in
Name=*,)
name=`expr $1 : 'Name=\([^,]*\)*,'`
children=`expr $3 : 'Children=\([0-9]*\)'`
if [ $children -gt 0 ]; then
queryzone $zone $name${entry:+.}$entry
fi
if [ -z "$name" ]; then
if [ -z "$entry" ]; then
lhs="@"
else
lhs="${entry}"
fi
else
lhs="${name}${entry:+.}${entry}"
fi
;;
SOA:)
# SOA: serial=1, refresh=900, retry=600, expire=86400, minttl=3600, ns=ad01.a.example.or.jp., email=hostmaster.a.example.or.jp. (flags=600000f0, serial=1, ttl=3600)
echo "$@" | sed -e 's/.*serial=\([0-9]*\), refresh=\([0-9]*\), retry=\([0-9]*\), expire=\([0-9]*\), minttl=\([0-9]*\), ns=\([^,]*\), email=\([^,]*\) (flags=.*, serial=[0-9]*, ttl=\([0-9]*\))/'"${name:-@}"' \8 IN SOA \6 \7 \1 \2 \3 \4 \5/'
;;
# NS: ad01.a.example.or.jp. (flags=600000f0, serial=1, ttl=900)
# A: 100.64.96.31 (flags=600000f0, serial=1, ttl=900)
NS:|A:)
echo "$@" | sed -ne 's/\([^ ]*\): \([^ ]*\) (flags=[0-9a-f]*, serial=[0-9]*, ttl=\([0-9]*\)).*/'"${lhs}"' \3 IN \1 \2/p'
;;
# SRV: ad01.a.example.or.jp. (88, 0, 100) (flags=f0, serial=1, ttl=900)
SRV:)
echo "$@" | sed -ne 's/\([^ ]*\): \([^ ]*\) (\([0-9]*\), \([0-9]*\), \([0-9]*\)) (flags=[0-9a-f]*, serial=[0-9]*, ttl=\([0-9]*\)).*/'"${lhs}"' \6 IN \1 \4 \5 \3 \2/p'
;;
# CNAME: ad01.a.example.or.jp. (flags=f0, serial=1, ttl=900)
CNAME:)
echo "$@" | sed -ne 's/\([^ ]*\): \([^ ]*\) (flags=[0-9a-f]*, serial=[0-9]*, ttl=\([0-9]*\)).*/'"${lhs}"' \3 IN \1 \2/p'
;;
*)
echo "ERROR unknown record type $1; aborting" >&2; exit 1
;;
esac
done
}
echo Zones: $ZONES >&2
for zone in $ZONES; do
echo '$ORIGIN' $zone
echo ''
queryzone $zone ""
echo ''
done ;# zone $ZONES