[1] https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
+Customizable DNS listening port
+-------------------------------
+
+It is now possible to set a custom listening port for the builtin DNS service,
+making easy to host another DNS on the same system that would bind to the
+default port and forward the domain-specific queries to Samba using the custom
+port. This is the opposite configuration of setting a forwarder in Samba.
+
+It makes possible to use another DNS server as a front and forward to Samba.
+
+Dynamic DNS updates may not be proxied by the front DNS server when forwarding
+to Samba. Dynamic DNS update proxying depends on the features of the other DNS
+server used as a front.
+
REMOVED FEATURES
================
Parameter Name Description Default
-------------- ----------- -------
+ dns port New default 53
KNOWN ISSUES
--- /dev/null
+<samba:parameter name="dns port"
+ context="G"
+ type="integer"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>Specifies which ports the server should listen on for
+ DNS traffic.</para>
+
+ <para>It makes possible to use another DNS server as a front
+ and forward to Samba.</para>
+
+ <warning>
+ <para>Dynamic DNS updates may not be proxied by the front
+ DNS server when forwarding to Samba. Dynamic DNS update
+ proxying depends on the features of the other DNS server
+ used as a front.</para>
+ </warning>
+</description>
+
+<value type="default">53</value>
+</samba:parameter>
#include "libcli/smb/smb_constants.h"
#include "tdb.h"
#include "librpc/gen_ndr/nbt.h"
+#include "librpc/gen_ndr/dns.h"
#include "libds/common/roles.h"
#include "lib/util/samba_util.h"
#include "libcli/auth/ntlm_check.h"
lpcfg_do_global_parameter(lp_ctx, "cldap port", "389");
lpcfg_do_global_parameter(lp_ctx, "krb5 port", "88");
lpcfg_do_global_parameter(lp_ctx, "kpasswd port", "464");
+ lpcfg_do_global_parameter_var(lp_ctx, "dns port", "%d", DNS_SERVICE_PORT);
lpcfg_do_global_parameter(lp_ctx, "kdc enable fast", "True");
#include "dbwrap/dbwrap_rbt.h"
#include "../lib/util/bitmap.h"
#include "librpc/gen_ndr/nbt.h"
+#include "librpc/gen_ndr/dns.h"
#include "source4/lib/tls/tls.h"
#include "libcli/auth/ntlm_check.h"
#include "lib/crypto/gnutls_helpers.h"
Globals.init_logon_delay = 100; /* 100 ms default delay */
Globals.wins_dns_proxy = true;
+ Globals.dns_port = DNS_SERVICE_PORT;
Globals.allow_trusted_domains = true;
lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");
iface_list_n_ip(ifaces, i));
status = dns_add_socket(dns, model_ops, "dns", address,
- DNS_SERVICE_PORT);
+ lpcfg_dns_port(dns->task->lp_ctx));
NT_STATUS_NOT_OK_RETURN(status);
}
} else {
}
for (i = 0; wcard[i] != NULL; i++) {
status = dns_add_socket(dns, model_ops, "dns", wcard[i],
- DNS_SERVICE_PORT);
+ lpcfg_dns_port(dns->task->lp_ctx));
if (NT_STATUS_IS_OK(status)) {
num_binds++;
}