[Samba] named wont start

Peter Carlson peter at howudodat.com
Wed May 1 15:21:25 UTC 2024 

> I think your problems could be all down to the way that your dns is set
> up, I do not think the Samba bind_dlz module knows anything about
> 'views'.
ugg...ok
>
> In an ideal world, the Samba dns server (be it the internal or Bind9)
> should just be responsible for the AD domain and forward anything
> unknown to another dns server (which is how dns servers generally work).
>
> One of the reasons that people try to use a setup like yours, is that
> they have a registered dns domain (lets say 'example.com') and then use
> that domain for AD instead of something like 'ad.example.com'. This is
> definitely not a good idea and isn't best practice.
>
> If your AD is using something like 'ad.example.com' and your registered
> dns domain is 'example.com', then I suggest you setup a dns server on a
> non domain machine to work with your 'view' and forward everything for
> 'ad.example.com' to a DC.
>
> If your external and AD dns domains are both the same, then you either
> put up with the problems you are having or you rebuild your AD using a
> supported dns domain.
>
> As I said, it works for myself using the Debian Bookworm Bind9 package
> and Samba 4.19.5 from BookWorm-backports (which from my understanding
> is built exactly like the 4.20.0 mjt package), however, I do not use a
> 'view'
>
> Rowland
>
This is an inherited scenario and some changes would be hard to do at 
the moment.  Good news is that the public domain and internal domain are 
different.  Bad news is that it was set up as <company>.com and 
<company>.local...sigh...but that can't be changed at the moment.

The current configuration, and imo is something strong to be considered, 
is a unified network controller...network boss, small business server, 
whatever you want to call it that is responsible for dhcp, dns and AD.  
A small business sometimes needs some of the capabilities of a larger 
network but cant afford multiple servers.  No one should have to put up 
with crashing or hanging services.

Good news is that I can easily spin up another server (thanks to running 
everything on proxmox) to split out AD from the rest of the network 
controller.  If I have no other choice I will do that.

However another point of reference is that I can launch both named and 
smbd without it immediately crashing using versions:

    administrator at nc1:~$ smbd --version
    Version 4.20.0-Ubuntu
    administrator at nc1:~$ named -version
    BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu (Extended Support Version) <id:>

However that combination creates an occasional 100% utilization hung 
named process

Peter

More information about the samba mailing list