[Samba] some DNS trouble ...
moss.mose at gmail.com
moss.mose at gmail.com
Thu Feb 28 02:57:35 MST 2013
For all the nice people in the world who … maybe … run into a similar problem …
Thank's to some help from Gregory Sloop here is the solution to my problem:
The problem was that BIND did reject "non-LAN" queries to "non-local"/"non-authorative" zones ...
Thus "all" I had to do was to tell BIND explicitly to accept other sub nets as well ...
In my case I changed my VPN net from 10.x.x.n to something similar to my LAN (192.168.x.n) and allowed all sub nets 192.168.0.0/16
in "named.conf.option"
allow-query { localhost; 192.168.0.0/16; };
allow-query-cache { localhost; 192.168.0.0/16; };
for good measure I added as well:
listen-on { any; };
(was only set for v6 in my conf … this didn't do the trick though but … ;) )
greetings,
Oliver
Am 26.02.2013 um 17:29 schrieb Ricky Nance <ricky.nance at weaubleau.k12.mo.us>:
> Correct me if I am wrong, but isn't it dns forwarder = (not dns forwarderS) run your config through samba-tool testparm and see if it complains.
>
> Ricky
>
>
> On Tue, Feb 26, 2013 at 9:11 AM, Gregory Sloop <gregs at sloop.net> wrote:
>
> mmgc> Well … just found that the options
> mmgc> server role
> mmgc> dns recursive queries
> mmgc> dns forwarders
>
> mmgc> are ignored … hmmm … well … does anyone know how to achieve the
> mmgc> desired behavior without these options ?
>
> Perhaps I don't understand what's going on - but are you sure your DNS
> forwarder *IS* working properly? Because if the forwarder wasn't
> servicing the DNS queries, then it would *look* like [dns forwarders]
> wasn't working.
>
> This came up in another thread in the last week. Make sure the DNS
> server specified in the [dns forwarders] is actually serving DNS
> queries for the AD host in question.
>
> It's common for BIND to be locked down so it will handle local
> queries for all requests, or remote queries for zones it's "auth" for
> - but not to handle remote requests for non-auth zones.
>
> [See listen-on and allow-query in BIND docs, among other things.]
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
>
More information about the samba
mailing list