s4: dns: Add customizable dns port option

Signed-off-by: Thomas Debesse <dev@illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 25 20:25:28 UTC 2022 on sn-devel-184

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 1ce1d27567f34bee86c905313ed886ad7cbf61f4..d23bede2da28d324cb3e9aa462298dd55043a7a2 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -48,6 +48,20 @@ available for Samba AD compiled with MIT Kerberos 1.20.
 
 [1] https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
 
+Customizable DNS listening port
+-------------------------------
+
+It is now possible to set a custom listening port for the builtin DNS service,
+making easy to host another DNS on the same system that would bind to the
+default port and forward the domain-specific queries to Samba using the custom
+port. This is the opposite configuration of setting a forwarder in Samba.
+
+It makes possible to use another DNS server as a front and forward to Samba.
+
+Dynamic DNS updates may not be proxied by the front DNS server when forwarding
+to Samba. Dynamic DNS update proxying depends on the features of the other DNS
+server used as a front.
+
 
 REMOVED FEATURES
 ================
@@ -58,6 +72,7 @@ smb.conf changes
 
   Parameter Name                          Description     Default
   --------------                          -----------     -------
+  dns port                                New default     53
 
 
 KNOWN ISSUES

diff --git a/docs-xml/smbdotconf/protocol/dnsport.xml b/docs-xml/smbdotconf/protocol/dnsport.xml
new file mode 100644 (file)
index 0000000..20d39b2
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/dnsport.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="dns port"
+                 context="G"
+                 type="integer"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>Specifies which ports the server should listen on for
+    DNS traffic.</para>
+
+    <para>It makes possible to use another DNS server as a front
+    and forward to Samba.</para>
+
+    <warning>
+        <para>Dynamic DNS updates may not be proxied by the front
+        DNS server when forwarding to Samba. Dynamic DNS update
+        proxying depends on the features of the other DNS server
+        used as a front.</para>
+    </warning>
+</description>
+
+<value type="default">53</value>
+</samba:parameter>

diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index d6d845391e6f3bb53d2f940059887c6806fdcbf0..ab73fbdda3d010ccabd3a7e1f886ecf9c62a1101 100644 (file)
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -69,6 +69,7 @@
 #include "libcli/smb/smb_constants.h"
 #include "tdb.h"
 #include "librpc/gen_ndr/nbt.h"
+#include "librpc/gen_ndr/dns.h"
 #include "libds/common/roles.h"
 #include "lib/util/samba_util.h"
 #include "libcli/auth/ntlm_check.h"
@@ -2694,6 +2695,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
        lpcfg_do_global_parameter(lp_ctx, "cldap port", "389");
        lpcfg_do_global_parameter(lp_ctx, "krb5 port", "88");
        lpcfg_do_global_parameter(lp_ctx, "kpasswd port", "464");
+       lpcfg_do_global_parameter_var(lp_ctx, "dns port", "%d", DNS_SERVICE_PORT);
 
        lpcfg_do_global_parameter(lp_ctx, "kdc enable fast", "True");
 

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 630937e521d407b21523dbd479b535434265fd87..1b7b0b064848e1f5ab2bd590823364aa74637a5d 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -71,6 +71,7 @@
 #include "dbwrap/dbwrap_rbt.h"
 #include "../lib/util/bitmap.h"
 #include "librpc/gen_ndr/nbt.h"
+#include "librpc/gen_ndr/dns.h"
 #include "source4/lib/tls/tls.h"
 #include "libcli/auth/ntlm_check.h"
 #include "lib/crypto/gnutls_helpers.h"
@@ -786,6 +787,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
        Globals.init_logon_delay = 100; /* 100 ms default delay */
 
        Globals.wins_dns_proxy = true;
+       Globals.dns_port = DNS_SERVICE_PORT;
 
        Globals.allow_trusted_domains = true;
        lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");

diff --git a/source4/dns_server/dns_server.c b/source4/dns_server/dns_server.c
index 7d5a884bd2e1cf7b2ddeb8c25566739f7fef3952..7d0c08627253534164f40c828aef72a2e401afaa 100644 (file)
--- a/source4/dns_server/dns_server.c
+++ b/source4/dns_server/dns_server.c
@@ -700,7 +700,7 @@ static NTSTATUS dns_startup_interfaces(struct dns_server *dns,
                                                            iface_list_n_ip(ifaces, i));
 
                        status = dns_add_socket(dns, model_ops, "dns", address,
-                                               DNS_SERVICE_PORT);
+                                               lpcfg_dns_port(dns->task->lp_ctx));
                        NT_STATUS_NOT_OK_RETURN(status);
                }
        } else {
@@ -713,7 +713,7 @@ static NTSTATUS dns_startup_interfaces(struct dns_server *dns,
                }
                for (i = 0; wcard[i] != NULL; i++) {
                        status = dns_add_socket(dns, model_ops, "dns", wcard[i],
-                                               DNS_SERVICE_PORT);
+                                               lpcfg_dns_port(dns->task->lp_ctx));
                        if (NT_STATUS_IS_OK(status)) {
                                num_binds++;
                        }