summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-09-12 09:31:17 +0200
committerStefan Metzmacher <metze@samba.org>2012-09-12 16:51:29 +0200
commit1b848ecbffe5761ba8c6368a3eae24c3ee10cfce (patch)
treec0797e02826a1e414d461a342eb4aae2f0d6993b
parentea1841ee10a25e654ff1f7dde6518707c9d1581a (diff)
downloadsamba-1b848ecbffe5761ba8c6368a3eae24c3ee10cfce.tar.gz
samba-1b848ecbffe5761ba8c6368a3eae24c3ee10cfce.tar.bz2
samba-1b848ecbffe5761ba8c6368a3eae24c3ee10cfce.zip
lib/param: change the default for 'allow dns updates' to 'secure only'
metze
Diffstat
-rw-r--r--WHATSNEW.txt1
-rw-r--r--lib/param/loadparm.c2
-rw-r--r--selftest/target/Samba4.pm5
3 files changed, 4 insertions, 4 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f571f55741..e8e2613f0f 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -140,6 +140,7 @@ We changed the default dns implementation to the internal dns server
(SAMBA_INTERNAL). BIND9_FLATFILE and BIND9_DLZ are still available,
but you'll have to add '-dns' to the 'server services' option
to disable the internal dns server.
+The default for 'allow dns updates' has changed to 'secure only'.
CHANGES SINCE beta7
=====================
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 76f87bf528..277a92124b 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2214,7 +2214,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter(lp_ctx, "rndc command", "/usr/sbin/rndc");
lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g");
- lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "False");
+ lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "secure only");
lpcfg_do_global_parameter(lp_ctx, "dns recursive queries", "False");
lpcfg_do_global_parameter(lp_ctx, "dns forwarder", "");
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index b1f6118746..ce005d4874 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1191,8 +1191,7 @@ sub provision_dc($$)
my ($self, $prefix) = @_;
print "PROVISIONING DC...";
- my $extra_conf_options = "netbios aliases = localDC1-a
-allow dns updates = signed";
+ my $extra_conf_options = "netbios aliases = localDC1-a";
my $ret = $self->provision($prefix,
"domain controller",
"localdc",
@@ -1251,7 +1250,7 @@ sub provision_fl2003dc($$)
"samba2003.example.com",
"2003",
"locDCpass6",
- undef, "allow dns updates = True", "", undef);
+ undef, "allow dns updates = nonsecure and secure", "", undef);
unless($self->add_wins_config("$prefix/private")) {
warn("Unable to add wins configuration");
generated by cgit (git 2.34.1) at 2024-05-03 14:03:20 +0000