[Samba] DNS database question

Tue Oct 24 08:28:55 UTC 2017

On Tue, 24 Oct 2017 09:01:16 +0200
Giuseppe Arvati via samba <samba at lists.samba.org> wrote:

> Hello,
> 
> I was checking my configuration regarding DNS
> while I was reading
> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#New_DNS_Entries_Are_Not_Resolvable
> 
> and I found that private/sam.ldb.d/ and private/dns/sam.ldb.d/
> are different
> 
> # ls -lai /usr/local/samba/private/sam.ldb.d/
> 2760569 -rw-------. 1 root root  16400384 Oct 24 08:28 
> CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760570 -rw-------. 1 root root  10391552 Oct 24 08:28 
> CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760568 -rw-------. 1 root root   6647808 Oct 24 08:28 
> DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760571 -rw-rw----. 2 root named  4251648 Oct 24 08:28 
> DC%3DDOMAINDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760572 -rw-rw----. 2 root named  4251648 Oct 24 08:28 
> DC%3DFORESTDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760567 -rw-rw----. 2 root named   421888 Oct 24 08:28 metadata.tdb
> # ls -lai /usr/local/samba/private/dns/sam.ldb.d/
> 2763729 -rw-rw----  1 root named 8384512 Feb  6  2017 
> CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2763732 -rw-rw----  1 root named 9236480 Feb  6  2017 
> CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2763665 -rw-rw----  1 root named 1286144 Feb  6  2017 
> DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760571 -rw-rw----. 2 root named 4251648 Oct 24 08:28 
> DC%3DDOMAINDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760572 -rw-rw----. 2 root named 4251648 Oct 24 08:28 
> DC%3DFORESTDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760567 -rw-rw----. 2 root named  421888 Oct 24 08:28 metadata.tdb
> 
> I noticed:
> 1) file file starting with CN are different in the 2 folder
> 2) file file starting with CN in private/sam.ldb.d/ are owned by 
> root:root in private/dns/sam.ldb.d/ are owned by root:named

They should both be 'root:named'

ls -lad /usr/local/samba/private/sam.ldb.d/
drwxr-x--- 2 root bind 4096 Nov 23  2016 /usr/local/samba/private/sam.ldb.d/
ls -lad /usr/local/samba/private/dns/sam.ldb.d/
drwxrwx--- 2 root bind 4096 Nov 23
2016 /usr/local/samba/private/dns/sam.ldb.d/

Note: this is on Devuan where 'bind' = 'named'

> 
> I was starting to check dns configuration because I had a NOAUTH
> problem when samba tried to update dlz on bind.
> I solved with a "service named restart" and now the dns entry are
> up to date but these files aren't compliant to the documentation
> so is this a problem ?
> If yes what kind of problem can I have ?

Do not check anything in a 'sam.ldb.d' directory, check everything in
the sam.ldb file. As long as everything is okay here, then you do not
need to worry.

> 
> 
> CentOS Linux 2.6.32-642.13.1.el6.x86_64
> Samba version 4.5.6
> bind version  32:9.8.2-0.62.rc1.el6_9.4

Can I suggest you upgrade to Centos 7, this will get you a more up to
date Bind.

Rowland