[Samba] Samba4 DNS question

Kunszt Árpád arpad.kunszt at syrius-software.hu
Fri Dec 27 13:08:51 MST 2013 

On 2013. December 27. 20:21:21 Marc Muehlfeld wrote:
> Hello Árpád,
> 
> Am 19.12.2013 14:40, schrieb Kunszt Árpád:
> > I have a virtual server with 2 network interfaces. The first one
>  > is in the server network, the second one is in the storage network
>  > (the samba shares are on an NFS volume). If I start the
>  > sernet-samba-ad service with both interfaces are up I got both IPs
>  > in the A record.
> 
> Can you try binding Samba to your none-storage-network-NIC (plus localhost):
> 
> bind interfaces only = yes
> interfaces = lo ethX
> 
> And make sure, that you removed all DNS entries pointing to the other 
> NIC from all zones.

Thanks that solved it. Samba4 has a lot of new features and I just forgot that the smb.conf and most of the old configuration settings are still exists.

> 
> 
> 
> 
> > Another question about DNS. Can I use my BIND server as a
>  > secondary for the zones in the Samba server?
> 
> Currently, if you use BIND DLZ on your Samba DC, then you can do zone 
> transfers (regardless, what is configured in AD). This is a bug 
> (https://bugzilla.samba.org/show_bug.cgi?id=9634). If you use the 
> internal DNS of Samba on your DC, then you can't 
> (https://bugzilla.samba.org/show_bug.cgi?id=9634#c11).
> 
> As long as the DNS backend isn't fully fixed, you can maybe use the bug 
> with BIND DLZ to do zone transfers. :-) How you can switch from internal 
> to BIND DLZ, I've described in the Wiki.
> 
> But it would be better if you have an additional DC. This would bring 
> you reliability - not just for DNS. And in your Bind server, you can add 
> a forward zone:
> 
> zone "samdom.example.com" {
>           type forward;
>           forwarders { 192.168.1.1; 192.168.1.2; };
>   };

I tried this, but this doesn't work for me. Probably a bind configuration issue. The bind ignored the forwarders in the zone definition, it wanted to use the global ones (ISP ones). I had to add an NS record to the example.com zone and it's running fine now.

I think I'll stay with this (forward zone) configuration. I'm just building the system, somebody else will maintain it. I don't want to depend on a bug.

Thanks, for the explanation.

> 
> 
> 
> 
> > [root at samba ~]# samba-tool dns zoneinfo 127.0.0.1 user.test
> > ...
> >    aipSecondaries              : []
> >    aipNotify                   : []
> > ...
> >
> > Can I set the values above somehow? Do they allow the BIND to AXFR the zone?
> 
> The zone transfer/DNS stuff isn't currently fully implemented. See 
> above. Depending on what kind of backend you use (internal/BIND), zone 
> transfers are currently possible or not (regardless what is configured).
> 

Ok, thanks.

Árpád Kunszt

More information about the samba mailing list