[Samba] SAMBA4 + BIND DLZ/DNSSEC + ISCDHCP
Jan Dušátko
jan at dusatko.org
Sat Sep 12 19:24:44 UTC 2015
Hi,
please, could someone make me an advice about integrating those together?
SAMBA4 in Active Directory server mode (this need internal LDAP)
BIND with the DLZ, used for store DNS data, but use DNSSEC (hash based
authentication for the data updates)
ISCDHCP with DNS authentication (hash based)
For few months I trying to find solution how can complete all of them,
but seems like I failed. I didn't found information how can I use BIND
with DLZ and use DNSSEC (need those in configuration)
options {
...
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/etc/named/dynamic/";
}
include "/etc/namedb/ddns.key";
managed-keys {
"." initial-key 257 3 8 "AwEAAag....1ihz0=";
}
trusted-keys {
// backward compatibility
"." 257 3 8 "AwEAAag....1ihz0=";
}
...
The ddns.key should consist:
key DDNS_UPDATE {
algorithm HMAC-???.SIG-ALG.REG.INT;
secret "...==";
};
The ISC-DHCP server configuration should consist those clauses:
...
ddns-updates on;
ddns-update-style interim;
allow unknown-clients;
ignore client-updates;
update-static-leases on;
one-lease-per-client true;
include "/etc/namedb/ddns.key";
...
Coexistence of BIND DLZ and DNSSEC together with ISCDHCP works well as
well as coexistence of BIND DLZ and SAMBA4. But integration all of them
is too hard for me, may I overlook something
Any advice please?
Regards
Jan
--
Jan Dušátko
e-mail: jan at dusatko.org
More information about the samba
mailing list