[Pkg-samba-maint] Bug#927747: Bug#927747: bind9_dlz backend is entirely broken in Debian

Steinar H. Gunderson sesse at debian.org
Tue Apr 23 21:34:36 BST 2019

On Tue, Apr 23, 2019 at 10:24:54PM +0200, Mathieu Parent wrote:
> There are several issues here. Trying a summary.
> 1. We need to patch bind9 apparmor profile (this is the cloned bug)


> 2. The /var/lib/samba/bind-dns directory is created on domain
> provision. Nothing to do here?

It's not created on upgrade from stretch, though? You don't re-provision your
domain when upgrading Samba, yet upgrading should be allowed.

> 2. bind9 conf "include" should be updated. As the conffile is not
> owned by samba all we can do is printing a message in samba preinst
> (if include "/usr/local/samba/private/named.conf" is found in
> /etc/named/named.conf or /etc/bind/named.conf.local)


> 3.Patching "named.conf" template to load the correct bind9 module (i.e 9.11)

I _think_ samba_dnsupgradedns writes a new config fragment.

> 4. Run "samba_upgradedns --dns-backend=BIND9_DLZ", but when?

I would assume in postinst (assuming we detect its use).

/* Steinar */
Homepage: https://www.sesse.net/

More information about the Pkg-samba-maint mailing list