[Samba] DNS (bind_dlz) forwarding not working

Elias Pereira empbilly at gmail.com
Tue May 16 18:12:38 UTC 2017 

Hello,

I provisioned an samba AD with the bind_dlz option. So far so
good. Followed the samba wiki.

I have a DNS for our external access services (website, moodle, etc) and
I'm using it as a forwarder to AD but it is not working.

In a win7 I configured the AD IP as primary DNS and put it in the domain.
When I try to access, for example, "wiki.samba.org" it opens normally, but
when I try to access our site "www.myinstitution.edu" it does not open.

I have reviewed the bind and samba settings several times and do not show
any errors.

*Note: All services (www, dns, moodle, etc) and user computers have public
IP.*

*Here are my settings:*

*named.conf*

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
include "/etc/bind/named.conf.log";

*db.local*
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       127.0.0.1
@       IN      AAAA    ::1
addc    IN      A       xxx.xxx.xxx.6

_kerberos._udp.myinstitution.edu. IN SRV 0 100 88 addc
_ldap._tcp.myinstitution.edu. IN SRV 0 100 389 addc
_kpasswd._udp.myinstitution.edu. IN SRV 0 100 464 addc

*named.conf.options*

acl clientes {
        127.0.0.1;
        mylocalsubnets; # public IP subnets
};

options {
        directory "/var/cache/bind";

        recursion yes;
        allow-query {
                clientes;
        };

        forwarders {
                xxx.xxx.xxx.10; # Our DNS
        };
        forward only;

        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
        listen-on port 53 { 127.0.0.1; xxx.xxx.xxx.6; };
};
xxx.xxx.xxx.6 -> Ip of AD

*smb.conf*

# Global parameters
[global]
        netbios name = ADDC
        realm = MYINSTITUTION.EDU
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
        workgroup = MYINSTITUTION
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/sysvol/myinstitution.edu/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

Am I forgetting something?

-- 
Elias Pereira

More information about the samba mailing list