[Samba] Samba AD DC dns issue

me at tdiehl.org me at tdiehl.org
Mon Oct 9 19:03:23 UTC 2017 

Hi,

I have 2 samba AD Dc's running 4.7.0 with bind_DLZ on both servers.
For the most part things seem to be working as expected. I have created
reverse zones as per 
https://wiki.samba.org/index.php/DNS_Administration#Creating_a_new_zone.

I have noticed 2 things that seem odd. when I use the windows dns manager
to add an A record. If I check the box that says to update the reverse zone
and then click add. I get a response that says the record was created
but if I look at the reverse zone the ptr never gets created. I then have
to add the ptr by hand.

Is this expected behavior? If it is not expected, how do I troubleshoot it?

The other thing I have noticed is that if I join a machine to the domain
sometimes the forward DNS records get created and other times they do not.
The reverse zones never get updated.

Name resolution and replication between the 2 DC's work as advertised.

Does anyone know how i can go about troubleshooting this problem?

My bind config is as follows:

options {
     listen-on port 53 { any; };
     directory   "/var/named";
     dump-file   "/var/named/data/cache_dump.db";
     statistics-file "/var/named/data/named_stats.txt";
     memstatistics-file "/var/named/data/named_mem_stats.txt";
     allow-query     { localhost; internal; };

     recursion yes;

     /*
     dnssec-enable yes;
     dnssec-validation yes;
     dnssec-lookaside auto;
     */

     /* Path to ISC DLV key */
     bindkeys-file "/etc/named.iscdlv.key";

     managed-keys-directory "/var/named/dynamic";

     pid-file "/var/run/named/named.pid";
     session-keyfile "/var/run/named/session.key";

     forwarders { 172.20.0.14; 172.20.0.11; 10.224.135.11; };

     // Added for Samba-4.x.
     tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

acl "internal" { 10.224.135.0/24; 172.20.0.0/23; 172.20.10.0/24; 172.30.0.0/23; 172.30.10.0/24; 192.168.100.0/24; 192.168.101.0/24; 192.168.102.0/24; 192.168.103.0/24; 127.0.0.1; };

logging {
         channel default_debug {
             file "data/named.run"
                 versions 10
                 size 10M;
             severity dynamic;
             print-time yes;
             print-severity yes;
             print-category yes;
         };
};

zone "." IN {
     type hint;
     file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
# added below for bind DLZ.
include "/usr/local/samba/private/named.conf";

The smb.conf is as follows:

[global]
     netbios name = VDC1
     realm = SAMDOM.MYDOMAIN.COM
     server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
     workgroup = SAMDOM
     server role = active directory domain controller
     idmap_ldb:use rfc2307 = yes

     log file = /var/log/samba/%m.log
     max log size = 5000
     log level = 2

     idmap config SAMDOM:unix_nss_info = yes

     template shell = /bin/bash
     template homedir = /home/samba/users/%U

     deadtime = 5

[netlogon]
     path = /usr/local/samba/var/locks/sysvol/samdom.mydomain.com/scripts
     read only = No

[sysvol]
     path = /usr/local/samba/var/locks/sysvol
     read only = No

Regards,

-- 
Tom			me at tdiehl.org

More information about the samba mailing list