Migrate dns to bind

Taylor, Jonn jonnt at taylortelephone.com
Wed Sep 4 15:19:45 CEST 2013 

On 09/03/2013 09:42 PM, Amitay Isaacs wrote:
> Hi John,
>
> On Wed, Sep 4, 2013 at 2:49 AM, Jonn Taylor <jonnt at taylortelephone.com 
> <mailto:jonnt at taylortelephone.com>> wrote:
>
>     I am having problems migrating away from the internal dns server.
>     I have 2 win2k3 servers that I would like to make go away someday.
>     My DC2 server is currently providing pdc, dhcp and dns. DC0 will
>     be the final replacement.
>
>     Is this problem caused by this bug?
>     https://bugzilla.samba.org/show_bug.cgi?id=9210
>
>     Sep  3 11:36:19 dc0 named[4401]: starting BIND
>     9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6.3 -u named
>     Sep  3 11:36:19 dc0 named[4401]: built with
>     '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu'
>     '--target=x86_64-redhat-linux-gnu' '--program-prefix='
>     '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
>     '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
>     '--includedir=/usr/include' '--libdir=/usr/lib64'
>     '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
>     '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>     '--with-libtool' '--localstatedir=/var' '--enable-threads'
>     '--enable-ipv6' '--with-pic' '--disable-static'
>     '--disable-openssl-version-check' '--with-dlz-ldap=yes'
>     '--with-dlz-postgres=yes' '--with-dlz-mysql=yes'
>     '--with-dlz-filesystem=yes' '--with-gssapi=yes'
>     '--disable-isc-spnego'
>     '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets'
>     '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu'
>     'host_alias=x86_64-redhat-linux-gnu'
>     'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall
>     -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
>     --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS=
>     -DDIG_SIGCHASE'
>     Sep  3 11:36:19 dc0 named[4401]:
>     ----------------------------------------------------
>     Sep  3 11:36:19 dc0 named[4401]: BIND 9 is maintained by Internet
>     Systems Consortium,
>     Sep  3 11:36:19 dc0 named[4401]: Inc. (ISC), a non-profit
>     501(c)(3) public-benefit
>     Sep  3 11:36:19 dc0 named[4401]: corporation.  Support and
>     training for BIND 9 are
>     Sep  3 11:36:19 dc0 named[4401]: available at
>     https://www.isc.org/support
>     Sep  3 11:36:19 dc0 named[4401]:
>     ----------------------------------------------------
>     Sep  3 11:36:19 dc0 named[4401]: adjusted limit on open files from
>     4096 to 1048576
>     Sep  3 11:36:19 dc0 named[4401]: found 1 CPU, using 1 worker thread
>     Sep  3 11:36:19 dc0 named[4401]: using up to 4096 sockets
>     Sep  3 11:36:19 dc0 named[4401]: loading configuration from
>     '/etc/named.conf'
>     Sep  3 11:36:19 dc0 named[4401]: reading built-in trusted keys
>     from file '/etc/named.iscdlv.key'
>     Sep  3 11:36:19 dc0 named[4401]: using default UDP/IPv4 port
>     range: [1024, 65535]
>     Sep  3 11:36:19 dc0 named[4401]: using default UDP/IPv6 port
>     range: [1024, 65535]
>     Sep  3 11:36:19 dc0 named[4401]: listening on IPv6 interface lo,
>     ::1#53
>     Sep  3 11:36:19 dc0 named[4401]: generating session key for
>     dynamic DNS
>     Sep  3 11:36:19 dc0 named[4401]: sizing zone task pool based on 1
>     zones
>     Sep  3 11:36:19 dc0 named[4401]: Loading 'AD DNS Zone' using
>     driver dlopen
>     Sep  3 11:36:20 dc0 named[4401]: samba_dlz: started for DN
>     DC=taylortelephone,DC=com
>     Sep  3 11:36:20 dc0 named[4401]: samba_dlz: starting configure
>     Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable
>     zone 'example.lan'
>     Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable
>     zone '198.89.70.in-addr.arpa'
>     Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable
>     zone '173.168.192.in-addr.arpa'
>     Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable
>     zone '183.168.192.in-addr.arpa'
>     Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable
>     zone '170.168.192.in-addr.arpa'
>     Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable
>     zone 'taylortelephone.com <http://taylortelephone.com>'
>     Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable
>     zone 'taylordatacom.com <http://taylordatacom.com>'
>     Sep  3 11:36:20 dc0 named[4401]: samba_dlz: configured writeable
>     zone '_msdcs.taylortelephone.com <http://msdcs.taylortelephone.com>'
>     Sep  3 11:36:20 dc0 named[4401]: samba_dlz: Failed to configure
>     zone 'taylortelephone.com <http://taylortelephone.com>'
>     Sep  3 11:36:20 dc0 named[4401]: loading configuration: already exists
>     Sep  3 11:36:20 dc0 named[4401]: exiting (due to fatal error)
>
>
> It does appear to be related. You seem to have sames zones defined 
> both in DNS partitions and the domain partition.  This will cause 
> problem with BIND DLZ module as it will try to load zones from all DNS 
> partitions and domain partition (CN=MicrosoftDNS,CN=System subtree). 
> W2K3 server can maintain DNS information in two places if you have DNS 
> partitions configured. Currently Samba does not support that.
>
> One option would be to remove duplicate DNS information and store the 
> zones only in one place (preferably in DNS partitions).  Then any of 
> DNS solutions (internal server or BIND DLZ) would work just fine.
>
> Amitay.
Problem is according to Andrew this location is hard coded for 2003 
domain level but correct in 2008.

Jonn

More information about the samba-technical mailing list