Adding a Forwarding Zone (Bind 9.9.2)
Charles Tryon
charles.tryon at gmail.com
Thu Dec 6 14:08:34 MST 2012
Amitay,
I tried your branch (as in the git link you sent), and unfortunately, I'm
getting almost the same error.
Interesting... Using the Windows DNS tool, I can create a normal domain,
and then change the "NS" record, but I still get an error "The start of
authority (SOA) record cannot be updated. The record does not exist."
<samba:etc>? /usr/local/samba/bin/samba-tool dns zoneinfo samba
global.local
pszZoneName : global.local
dwZoneType : DNS_ZONE_TYPE_PRIMARY
fReverse : FALSE
fAllowUpdate : DNS_ZONE_UPDATE_SECURE
fPaused : FALSE
fShutdown : FALSE
fAutoCreated : FALSE
fUseDatabase : TRUE
pszDataFile : None
aipMasters : []
fSecureSecondaries : DNS_ZONE_SECSECURE_NO_XFER
fNotifyLevel : DNS_ZONE_NOTIFY_LIST_ONLY
aipSecondaries : []
aipNotify : []
fUseWins : FALSE
fUseNbstat : FALSE
fAging : FALSE
dwNoRefreshInterval : 168
dwRefreshInterval : 168
dwAvailForScavengeTime : 0
aipScavengeServers : []
dwRpcStructureVersion : 0x2
dwForwarderTimeout : 0
fForwarderSlave : 0
aipLocalMasters : []
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.usa.om.org
pwszZoneDn :
DC=global.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=usa,DC=om,DC=org
dwLastSuccessfulSoaCheck : 0
dwLastSuccessfulXfr : 0
fQueuedForBackgroundLoad : FALSE
fBackgroundLoadInProgress : FALSE
fReadOnlyZone : FALSE
dwLastXfrAttempt : 0
dwLastXfrResult : 0
I also tried this Microsoft page for adding a forwarder:
http://technet.microsoft.com/en-us/library/cc773370%28v=ws.10%29.aspx
This also gave me the error: "The server forwarders cannot be updated.
This function is not supported on this system."
(Probably just as well, since I suspect this is a different forwarding
function than what I'm looking for...)
On Thu, Dec 6, 2012 at 12:25 AM, Amitay Isaacs <amitay at gmail.com> wrote:
>
> On Thu, Dec 6, 2012 at 9:22 AM, Amitay Isaacs <amitay at gmail.com> wrote:
>
>> Hi Charles,
>>
>> On Thu, Dec 6, 2012 at 5:51 AM, Charles Tryon <charles.tryon at gmail.com>wrote:
>>
>>> I am trying to set up the DNS on my Samba4 system to forward requests
>>> for a
>>> different zone to another server. I can create the empty zone, but then
>>> can't figure out how to create a SOA record in the zone. This is on a
>>> fairly new CentOS base server, running the latest version (9.9.2) of
>>> Bind,
>>> with the original tables set up using the Samba3/Samba4 migration process
>>> (as of maybe 6 months ago, back in the Beta releases). I'm running a
>>> recent version of Samba4 from Git Version (4.1.0pre1-GIT-2ad5620)
>>>
>>> The main zone for this domain is mydomain.com. I have another DNS
>>> server
>>> (running on a different Win2008R2 AD controller) which is authoritative
>>> for
>>> the domain "global.local". I would like to forward requests which come
>>> into my Bind server referencing the global.local domain to get forwarded
>>> to
>>> the other controller.
>>>
>>> I'm no DNS wizard so I'm not even sure I have the terminology right, but
>>> my
>>> understanding is that the old way to do it would be to add a zone
>>> definition (of type "forward") into the named.conf file, and then supply
>>> a
>>> forward to IP.
>>>
>>
>> Yes. That's the easiest option. You can add following entry in your
>> named.conf.
>>
>> zone "global.local" IN {
>> type "forward";
>> forwarders { ip.address.of.dns-server; };
>> };
>>
>> This should tell BIND to forward all the queries for domain global.local
>> to ip.address.of.dns-server.
>>
>>
>>> I've looked through posts in this group, and what I've seen so far is
>>> that
>>> you either use the "Windows Way" and use the MS RSA tools and the DNS
>>> "Add
>>> Domain" wizard, or you do it on the command line with the samba-tool dns
>>> commands, first creating an empty domain and then adding an "@" record or
>>> SOA.
>>>
>>> The MS DNS tool, running on a Win7 client added to the domain (logged in
>>> with a user in the DnsAdmins group) lets me get up to the point where I
>>> create a "Secondary zone", and then add the IP address for the DNS
>>> server.
>>> However, when I enter the IP (and it comes back with the correct FQDN),
>>> it
>>> tells me:
>>>
>>> Validation Error, please try later.
>>>
>>> If I hit Next, it gives me the error:
>>>
>>> The zone cannot be created.
>>> This function is not supported on this system.
>>>
>>> Does this sound like an incompatibility between the MS tools and the Bind
>>> 9.9 tools? Or, is there something that needs to be changed on the other
>>> MS
>>> Windows DNS controller to allow forwarded queries?
>>>
>>>
>> I will have to check why this doesn't work. May be it's using some
>> additional RPC call which is not implemented. When you try to add secondary
>> zone via MS DNS tool, can you check if there is anything in the logs that
>> would give indication of why it's not working?
>>
>>
>>> Approaching from the command line (where I'm always more comfortable
>>> anyway...), I can create the empty zone with the samba-tool dns zoneadd
>>> command, but I have not yet found any instructions on how to change that
>>> into a secondary zone, or point the SOA.
>>>
>>> Ideas? Pointers to Wikis?
>>>
>>
>> This has been reported by others. The code to add SOA record is currently
>> missing and needs to be added. Patches welcome. ;-)
>>
>>
>
> After looking at the code I found a bug in handling of SOA records. The
> fixed code is available in my dns-wip branch if you would like to try it.
>
> When you create a new zone, SOA and NS entries for @ record are filled in
> automatically. With the changes in dns-wip branch now you can update SOA
> record using samba-tool dns command.
>
> Git repo: git://git.samba.org/amitay/samba.git
> Git web:
> https://git.samba.org/?p=amitay/samba.git;a=shortlog;h=refs/heads/dns-wip
>
> Amitay.
>
--
Charles Tryon
_________________________________________________________________________
“Risks are not to be evaluated in terms of the probability of success,
but in terms of the value of the goal.”
- Ralph D. Winter
More information about the samba-technical
mailing list