search

gclayburg / synology-diskstation-scripts

Update Synology DNS records from DHCP IP address reservation
169 stars 41 forks source link

SAMBA Intergrated DNS updates #22

Open prosewall opened 7 years ago

prosewall commented 7 years ago

Hi, All, With Synology implementing SAMBA's excellent Active Directory Domain support into their devices, I believe AD domains are using SAMBA's integrated DNS, rather than the traditional BIND text format (although their may be a BIND_DLZ integration module running there somewhere - I cannot be certain though I've tried to locate/demonstate/detect it.)

To update records in this scenario you need to execute samba-tools with an appropriate login who has DNSUpdateProxy Active Directory Group membership. This is necessary because the DNS is not held in BIND text databases, but are 'Active Directory Integrated' databases, likely trivial database files (.tdb)

The commands of interest are samba-tools dns add, samba-tools dns update , samba-tools dns query, samba-tool dns delete. From the online help: Available subcommands: add - Add a DNS record delete - Delete a DNS record query - Query a name. roothints - Query root hints. serverinfo - Query for Server information. synoquery - Query a name. update - Update a DNS record zonecreate - Create a zone. zonedelete - Delete a zone. zoneinfo - Query for zone information. zonelist - Query for zones. I was wondering if you believe there is an opportunity to expand this functionality to include AD-integrated DNS records. This would be brilliant.

Typically ROOT user cannot be added to the AD group needed, so that would be a problem that would need to be resolved, and the samba-tool implementation on the synology currently does not seem to support the --username= --password= commandline switches that would make this a doddle to get around.

I have not been able to test the functionality of the samba-tool command because of this limitation - it prompts for root credentials.

Just thought I'd throw it out there for comment. Many thanks, Peter

gclayburg commented 7 years ago

So if I understand correctly, you are using your Synology as a Domain Controller and you are also using Synology for DHCP addresses?

This tool is basically a set of scripts that updates the DNS text files from the DHCP text files. If your environment uses a different DNS setup, I would think there would be a way to send those updates to the AD domain instead. And yes, as I recall updating Active Directory data requires a service account with the correct permissions.

You would think that synology themselves would provide a functionality like that. But barring that, if there is a will, there usually is a way.