[Samba] Samba AD DC dns issue

lingpanda101 lingpanda101 at gmail.com
Mon Oct 9 19:27:16 UTC 2017 

On 10/9/2017 3:03 PM, Tom Diehl via samba wrote:
> Hi,
>
> I have 2 samba AD Dc's running 4.7.0 with bind_DLZ on both servers.
> For the most part things seem to be working as expected. I have created
> reverse zones as per 
> https://wiki.samba.org/index.php/DNS_Administration#Creating_a_new_zone.
>
> I have noticed 2 things that seem odd. when I use the windows dns manager
> to add an A record. If I check the box that says to update the reverse 
> zone
> and then click add. I get a response that says the record was created
> but if I look at the reverse zone the ptr never gets created. I then have
> to add the ptr by hand.
>
> Is this expected behavior? If it is not expected, how do I 
> troubleshoot it?
>
> The other thing I have noticed is that if I join a machine to the domain
> sometimes the forward DNS records get created and other times they do 
> not.
> The reverse zones never get updated.
>
> Name resolution and replication between the 2 DC's work as advertised.
>
> Does anyone know how i can go about troubleshooting this problem?
>
> My bind config is as follows:
>
> options {
>     listen-on port 53 { any; };
>     directory   "/var/named";
>     dump-file   "/var/named/data/cache_dump.db";
>     statistics-file "/var/named/data/named_stats.txt";
>     memstatistics-file "/var/named/data/named_mem_stats.txt";
>     allow-query     { localhost; internal; };
>
>     recursion yes;
>
>     /*
>     dnssec-enable yes;
>     dnssec-validation yes;
>     dnssec-lookaside auto;
>     */
>
>     /* Path to ISC DLV key */
>     bindkeys-file "/etc/named.iscdlv.key";
>
>     managed-keys-directory "/var/named/dynamic";
>
>     pid-file "/var/run/named/named.pid";
>     session-keyfile "/var/run/named/session.key";
>
>     forwarders { 172.20.0.14; 172.20.0.11; 10.224.135.11; };
>
>     // Added for Samba-4.x.
>     tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> };
>
> acl "internal" { 10.224.135.0/24; 172.20.0.0/23; 172.20.10.0/24; 
> 172.30.0.0/23; 172.30.10.0/24; 192.168.100.0/24; 192.168.101.0/24; 
> 192.168.102.0/24; 192.168.103.0/24; 127.0.0.1; };
>
> logging {
>         channel default_debug {
>             file "data/named.run"
>                 versions 10
>                 size 10M;
>             severity dynamic;
>             print-time yes;
>             print-severity yes;
>             print-category yes;
>         };
> };
>
> zone "." IN {
>     type hint;
>     file "named.ca";
> };
>
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
> # added below for bind DLZ.
> include "/usr/local/samba/private/named.conf";
>
> The smb.conf is as follows:
>
> [global]
>     netbios name = VDC1
>     realm = SAMDOM.MYDOMAIN.COM
>     server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
> winbindd, ntp_signd, kcc, dnsupdate
>     workgroup = SAMDOM
>     server role = active directory domain controller
>     idmap_ldb:use rfc2307 = yes
>
>     log file = /var/log/samba/%m.log
>     max log size = 5000
>     log level = 2
>
>     idmap config SAMDOM:unix_nss_info = yes
>
>     template shell = /bin/bash
>     template homedir = /home/samba/users/%U
>
>     deadtime = 5
>
> [netlogon]
>     path = /usr/local/samba/var/locks/sysvol/samdom.mydomain.com/scripts
>     read only = No
>
> [sysvol]
>     path = /usr/local/samba/var/locks/sysvol
>     read only = No
>
> Regards,
>
The PTR issue is a bug. See https://bugzilla.samba.org/show_bug.cgi?id=12186


-- 
--
James

More information about the samba mailing list