blob: bac64be5f0f8235ad1bcf12dea365222aef2b70e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
#!/bin/sh
# rebuild a zone file, adding all DCs
[ $# -eq 2 ] || {
echo "rebuild_zone.sh <sam.ldb> <zonefile>"
exit 1
}
LDB="$1"
ZFILE="$2"
dnshostname=$(bin/ldbsearch -H $LDB -s base -b '' dnsHostname | grep ^dns | cut -d' ' -f2)
host=$(echo $dnshostname | cut -d. -f1)
realm=$(echo $dnshostname | cut -d. -f2-)
GUIDs=$(bin/ldbsearch -H $LDB objectclass=ntdsdsa objectguid --cross-ncs|grep ^objectGUID| cut -d' ' -f2)
DOMAINGUID=$(bin/ldbsearch -H $LDB -s base objectguid |grep ^objectGUID| cut -d' ' -f2)
dcname() {
GUID=$1
echo $(bin/ldbsearch -H $LDB objectguid=$GUID dn --cross-ncs|grep CN=NTDS.Settings| cut -d, -f2| cut -d= -f2)
}
getip() {
NAME=$1
ret=$(nmblookup $NAME| egrep '^[0-9]' | head -1 | cut -d' ' -f1)
test -n "$ret" || {
echo "Unable to find IP for $NAME. Using XX.XX.XX.XX. Please edit" 1>&2
echo "XX.XX.XX.XX"
}
echo $ret
}
echo "Generating header for host $host in realm $realm"
cat <<EOF > $ZFILE
; -*- zone -*-
; generated by rebuild_zone.sh
\$ORIGIN $realm.
\$TTL 1W
@ IN SOA @ hostmaster (
$(date +%Y%m%d%H) ; serial
2D ; refresh
4H ; retry
6W ; expiry
1W ) ; minimum
IN NS $host
EOF
for GUID in $GUIDs; do
dc=$(dcname $GUID)
echo "Generating IP for DC $dc"
ip=$(getip $dc)
test -n "$ip" || exit 1
echo " IN A $ip" >> $ZFILE
done
echo "; IP Addresses" >> $ZFILE
for GUID in $GUIDs; do
dc=$(dcname $GUID)
ip=$(getip $dc)
test -n "$ip" || exit 1
echo "$dc IN A $ip" >> $ZFILE
done
for GUID in $GUIDs; do
dc=$(dcname $GUID)
ip=$(getip $dc)
test -n "$ip" || exit 1
echo "Generating zone body for DC $dc with IP $ip"
cat <<EOF >> $ZFILE
;
; Entries for $dc
gc._msdcs IN A $ip
$GUID._msdcs IN CNAME $dc
_gc._tcp IN SRV 0 100 3268 $dc
_gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268 $dc
_ldap._tcp.gc._msdcs IN SRV 0 100 389 $dc
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs IN SRV 0 100 389 $dc
_ldap._tcp IN SRV 0 100 389 $dc
_ldap._tcp.dc._msdcs IN SRV 0 100 389 $dc
_ldap._tcp.pdc._msdcs IN SRV 0 100 389 $dc
_ldap._tcp.$DOMAINGUID.domains._msdcs IN SRV 0 100 389 $dc
_ldap._tcp.Default-First-Site-Name._sites IN SRV 0 100 389 $dc
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 389 $dc
_kerberos._tcp IN SRV 0 100 88 $dc
_kerberos._tcp.dc._msdcs IN SRV 0 100 88 $dc
_kerberos._tcp.Default-First-Site-Name._sites IN SRV 0 100 88 $dc
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 $dc
_kerberos._udp IN SRV 0 100 88 $dc
_kerberos-master._tcp IN SRV 0 100 88 $dc
_kerberos-master._udp IN SRV 0 100 88 $dc
_kpasswd._tcp IN SRV 0 100 464 $dc
_kpasswd._udp IN SRV 0 100 464 $dc
EOF
done
cat <<EOF >> $ZFILE
; kerberos hack
_kerberos IN TXT $(echo $realm | tr [a-z] [A-Z])
EOF
echo "Rebuilt zone file $ZFILE OK"
echo "Reloading bind config"
PATH="/usr/sbin:$PATH" rndc reload
exit 0
|
