s4: dns: Add customizable dns port option

Signed-off-by: Thomas Debesse <dev@illwieckz.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 25 20:25:28 UTC 2022 on sn-devel-184

WHATSNEW.txt

@@ -48,6 +48,20 @@ available for Samba AD compiled with MIT Kerberos 1.20.
 
 [1] https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview
 
+Customizable DNS listening port
+-------------------------------
+
+It is now possible to set a custom listening port for the builtin DNS service,
+making easy to host another DNS on the same system that would bind to the
+default port and forward the domain-specific queries to Samba using the custom
+port. This is the opposite configuration of setting a forwarder in Samba.
+
+It makes possible to use another DNS server as a front and forward to Samba.
+
+Dynamic DNS updates may not be proxied by the front DNS server when forwarding
+to Samba. Dynamic DNS update proxying depends on the features of the other DNS
+server used as a front.
+
 
 REMOVED FEATURES
 ================
@@ -58,6 +72,7 @@ smb.conf changes
 
   Parameter Name                          Description     Default
   --------------                          -----------     -------
+  dns port                                New default     53
 
 
 KNOWN ISSUES

docs-xml/smbdotconf/protocol/dnsport.xml

@@ -0,0 +1,21 @@
+<samba:parameter name="dns port"
+                 context="G"
+                 type="integer"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>Specifies which ports the server should listen on for
+    DNS traffic.</para>
+
+    <para>It makes possible to use another DNS server as a front
+    and forward to Samba.</para>
+
+    <warning>
+        <para>Dynamic DNS updates may not be proxied by the front
+        DNS server when forwarding to Samba. Dynamic DNS update
+        proxying depends on the features of the other DNS server
+        used as a front.</para>
+    </warning>
+</description>
+
+<value type="default">53</value>
+</samba:parameter>

lib/param/loadparm.c

@@ -69,6 +69,7 @@
 #include "libcli/smb/smb_constants.h"
 #include "tdb.h"
 #include "librpc/gen_ndr/nbt.h"
+#include "librpc/gen_ndr/dns.h"
 #include "libds/common/roles.h"
 #include "lib/util/samba_util.h"
 #include "libcli/auth/ntlm_check.h"
@@ -2694,6 +2695,7 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 	lpcfg_do_global_parameter(lp_ctx, "cldap port", "389");
 	lpcfg_do_global_parameter(lp_ctx, "krb5 port", "88");
 	lpcfg_do_global_parameter(lp_ctx, "kpasswd port", "464");
+	lpcfg_do_global_parameter_var(lp_ctx, "dns port", "%d", DNS_SERVICE_PORT);
 
 	lpcfg_do_global_parameter(lp_ctx, "kdc enable fast", "True");
 

source3/param/loadparm.c

@@ -71,6 +71,7 @@
 #include "dbwrap/dbwrap_rbt.h"
 #include "../lib/util/bitmap.h"
 #include "librpc/gen_ndr/nbt.h"
+#include "librpc/gen_ndr/dns.h"
 #include "source4/lib/tls/tls.h"
 #include "libcli/auth/ntlm_check.h"
 #include "lib/crypto/gnutls_helpers.h"
@@ -786,6 +787,7 @@ static void init_globals(struct loadparm_context *lp_ctx, bool reinit_globals)
 	Globals.init_logon_delay = 100; /* 100 ms default delay */
 
 	Globals.wins_dns_proxy = true;
+	Globals.dns_port = DNS_SERVICE_PORT;
 
 	Globals.allow_trusted_domains = true;
 	lpcfg_string_set(Globals.ctx, &Globals.idmap_backend, "tdb");

source4/dns_server/dns_server.c

@@ -700,7 +700,7 @@ static NTSTATUS dns_startup_interfaces(struct dns_server *dns,
 							    iface_list_n_ip(ifaces, i));
 
 			status = dns_add_socket(dns, model_ops, "dns", address,
-						DNS_SERVICE_PORT);
+						lpcfg_dns_port(dns->task->lp_ctx));
 			NT_STATUS_NOT_OK_RETURN(status);
 		}
 	} else {
@@ -713,7 +713,7 @@ static NTSTATUS dns_startup_interfaces(struct dns_server *dns,
 		}
 		for (i = 0; wcard[i] != NULL; i++) {
 			status = dns_add_socket(dns, model_ops, "dns", wcard[i],
-						DNS_SERVICE_PORT);
+						lpcfg_dns_port(dns->task->lp_ctx));
 			if (NT_STATUS_IS_OK(status)) {
 				num_binds++;
 			}