[Samba] Maybe working - Re: BIND DLZ zone transfers
Robert Moskowitz
rgm at htt-consult.com
Mon Sep 7 21:13:42 UTC 2015
On 09/07/2015 04:56 PM, Rowland Penny wrote:
> On 07/09/15 21:26, Robert Moskowitz wrote:
>> Is there some option on the slave to set the frequency of the AXFR?
>> Say every hour?
>>
>> On 09/07/2015 03:45 PM, Lars Hanke wrote:
>>> Hi Robert,
>>>
>>> yes it does work. But the DLZ bind will not notify any slaves, when
>>> the repository changes. This can be painful, especially for longer
>>> TTL values.
>>>
>>> Regards,
>>> - lars.
>>>
>>> Am 07.09.2015 um 20:16 schrieb Robert Moskowitz:
>>>>
>>>>
>>>> On 09/07/2015 12:52 PM, Robert Moskowitz wrote:
>>>>> I am looking at: https://wiki.samba.org/index.php/DNS_administration
>>>>>
>>>>> I am using bind 9.9 on all my DNS servers.
>>>>>
>>>>> To set up secondarying my Samba DNS zones to my other Bind servers. I
>>>>> come across the following:
>>>>>
>>>>> https://bugzilla.samba.org/show_bug.cgi?id=9634
>>>>>
>>>>> Is it possible to transfer the DLZ zones now as dates on this bug are
>>>>> 2 years old?
>>>>
>>>> So I tried it anyway:
>>>>
>>>> In my main DNS server:
>>>>
>>>> zone "home.htt" {
>>>> type slave;
>>>> file "slaves/bak.home.htt";
>>>> masters {192.168.192.2; };
>>>> };
>>>>
>>>> I reload and there I see:
>>>>
>>>> Sep 07 14:00:05 valeria.htt-consult.com systemd[1]: Reloaded Berkeley
>>>> Internet Name Domain (DNS).
>>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: dns_master_load:
>>>> file format mismatch
>>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone
>>>> home.htt/IN/internal: loading from master file slaves/bak.home.htt
>>>> failed: not implemented
>>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: all zones loaded
>>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: running
>>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone
>>>> home.htt/IN/internal: Transfer started.
>>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: transfer of
>>>> 'home.htt/IN/internal' from 192.168.192.2#53: connected using
>>>> 192.168.192.5#51888
>>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone
>>>> home.htt/IN/internal: transferred serial 3
>>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone
>>>> home.htt/IN/internal: transfer: could not set file modification
>>>> time of
>>>> 'slaves/bak.home.htt': permission denied
>>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: transfer of
>>>> 'home.htt/IN/internal' from 192.168.192.2#53: Transfer completed: 1
>>>> messages, 23 records, 1000 bytes, 0.020 secs (50000 bytes/sec)
>>>>
>>>> And over on homebase:
>>>>
>>>> Sep 7 14:00:05 homebase named[1133]: client 192.168.192.5#51888
>>>> (home.htt): transfer of 'home.htt/IN': AXFR started
>>>> Sep 7 14:00:05 homebase named[1133]: client 192.168.192.5#51888
>>>> (home.htt): transfer of 'home.htt/IN': AXFR ended
>>>>
>>>> But no file /var/named/slaves/bak.home.htt
>>>>
>>>> And yet on my DNS server, I can resolve homebase.home.htt:
>>>>
>>>> # dig homebase.home.htt
>>>>
>>>> ; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> homebase.home.htt
>>>> ;; global options: +cmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55142
>>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1,
>>>> ADDITIONAL: 1
>>>>
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags:; udp: 4096
>>>> ;; QUESTION SECTION:
>>>> ;homebase.home.htt. IN A
>>>>
>>>> ;; ANSWER SECTION:
>>>> homebase.home.htt. 900 IN A 192.168.192.2
>>>>
>>>> ;; AUTHORITY SECTION:
>>>> home.htt. 900 IN NS homebase.home.htt.
>>>>
>>>> ;; Query time: 3 msec
>>>> ;; SERVER: 192.168.192.5#53(192.168.192.5)
>>>> ;; WHEN: Mon Sep 07 14:15:46 EDT 2015
>>>> ;; MSG SIZE rcvd: 76
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
> You might want to have a look here:
>
> http://bind-dlz.sourceforge.net/best_practices.html
So I would implement OpenLDAP replication on the AD and run 'native'
LDAP on the master nameserver, using the same Bind LDAP interface.
Hmmm....
ARGH!!! :)
More information about the samba
mailing list