[Samba] DNS (bind_dlz) forwarding not working
Rowland Penny
rpenny at samba.org
Tue May 16 19:29:21 UTC 2017
On Tue, 16 May 2017 15:12:38 -0300
Elias Pereira via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I provisioned an samba AD with the bind_dlz option. So far so
> good. Followed the samba wiki.
>
> I have a DNS for our external access services (website, moodle, etc)
> and I'm using it as a forwarder to AD but it is not working.
>
> In a win7 I configured the AD IP as primary DNS and put it in the
> domain. When I try to access, for example, "wiki.samba.org" it opens
> normally, but when I try to access our site "www.myinstitution.edu"
> it does not open.
>
> I have reviewed the bind and samba settings several times and do not
> show any errors.
>
> *Note: All services (www, dns, moodle, etc) and user computers have
> public IP.*
>
> *Here are my settings:*
>
> *named.conf*
>
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> include "/var/lib/samba/private/named.conf";
> include "/etc/bind/named.conf.log";
>
> *db.local*
> ;
> ; BIND data file for local loopback interface
> ;
> $TTL 604800
> @ IN SOA localhost. root.localhost. (
> 2 ; Serial
> 604800 ; Refresh
> 86400 ; Retry
> 2419200 ; Expire
> 604800 ) ; Negative Cache TTL
> ;
> @ IN NS localhost.
> @ IN A 127.0.0.1
> @ IN AAAA ::1
> addc IN A xxx.xxx.xxx.6
>
> _kerberos._udp.myinstitution.edu. IN SRV 0 100 88 addc
> _ldap._tcp.myinstitution.edu. IN SRV 0 100 389 addc
> _kpasswd._udp.myinstitution.edu. IN SRV 0 100 464 addc
>
> *named.conf.options*
>
> acl clientes {
> 127.0.0.1;
> mylocalsubnets; # public IP subnets
> };
>
> options {
> directory "/var/cache/bind";
>
> recursion yes;
> allow-query {
> clientes;
> };
>
> forwarders {
> xxx.xxx.xxx.10; # Our DNS
> };
> forward only;
>
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>
> dnssec-validation auto;
>
> auth-nxdomain no; # conform to RFC1035
> listen-on-v6 { any; };
> listen-on port 53 { 127.0.0.1; xxx.xxx.xxx.6; };
> };
> xxx.xxx.xxx.6 -> Ip of AD
>
> *smb.conf*
>
> # Global parameters
> [global]
> netbios name = ADDC
> realm = MYINSTITUTION.EDU
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
> workgroup = MYINSTITUTION
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
>
> [netlogon]
> path = /var/lib/samba/sysvol/myinstitution.edu/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> Am I forgetting something?
>
Not so much forgetting but not understanding ;-)
Your dns for AD should be in AD, all of it, these are my named files:
named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
named.conf.options
options {
directory "/var/cache/bind";
version "0.0.7";
notify no;
empty-zones-enable no;
allow-query { 127.0.0.1; 192.168.0.0/24; };
allow-recursion { 192.168.0.0/24; 127.0.0.1/32; };
forwarders { 8.8.8.8; };
allow-transfer { none; };
dnssec-validation no;
dnssec-enable no;
listen-on-v6 { none; };
listen-on port 53 { 192.168.0.2; 127.0.0.1; };
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};
named.conf.local
include "/usr/local/samba/private/named.conf";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
/etc/resolv.conf
search samdom.example.com
nameserver 192.168.0.2
nameserver 192.168.0.7
My dns domain is samdom.example.com and the two DCs are 192.168.0.2 and
192.168.0.7
Rowland
More information about the samba
mailing list