From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 12 Sep 2012 07:31:17 +0000 (+0200)
Subject: lib/param: change the default for 'allow dns updates' to 'secure only'
X-Git-Tag: samba-4.0.0rc1~24
X-Git-Url: http://git.samba.org/samba.git/?p=nivanova%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=1b848ecbffe5761ba8c6368a3eae24c3ee10cfce

lib/param: change the default for 'allow dns updates' to 'secure only'

metze
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f571f55741e..e8e2613f0f4 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -140,6 +140,7 @@ We changed the default dns implementation to the internal dns server
 (SAMBA_INTERNAL). BIND9_FLATFILE and BIND9_DLZ are still available,
 but you'll have to add '-dns' to the 'server services' option
 to disable the internal dns server.
+The default for 'allow dns updates' has changed to 'secure only'.
 
 CHANGES SINCE beta7
 =====================
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 76f87bf528c..277a92124b3 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2214,7 +2214,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 	lpcfg_do_global_parameter(lp_ctx, "rndc command", "/usr/sbin/rndc");
 	lpcfg_do_global_parameter(lp_ctx, "nsupdate command", "/usr/bin/nsupdate -g");
 
-        lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "False");
+        lpcfg_do_global_parameter(lp_ctx, "allow dns updates", "secure only");
         lpcfg_do_global_parameter(lp_ctx, "dns recursive queries", "False");
         lpcfg_do_global_parameter(lp_ctx, "dns forwarder", "");
 
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index b1f61187463..ce005d48740 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1191,8 +1191,7 @@ sub provision_dc($$)
 	my ($self, $prefix) = @_;
 
 	print "PROVISIONING DC...";
-        my $extra_conf_options = "netbios aliases = localDC1-a
-allow dns updates = signed";
+        my $extra_conf_options = "netbios aliases = localDC1-a";
 	my $ret = $self->provision($prefix,
 				   "domain controller",
 				   "localdc",
@@ -1251,7 +1250,7 @@ sub provision_fl2003dc($$)
 				   "samba2003.example.com",
 				   "2003",
 				   "locDCpass6",
-				   undef, "allow dns updates = True", "", undef);
+				   undef, "allow dns updates = nonsecure and secure", "", undef);
 
 	unless($self->add_wins_config("$prefix/private")) {
 		warn("Unable to add wins configuration");