[Samba] DNS database question

Giuseppe Arvati giuseppe.arvati at gmail.com
Tue Oct 24 09:30:03 UTC 2017 

Il 24/10/2017 10:28, Rowland Penny via samba ha scritto:
> On Tue, 24 Oct 2017 09:01:16 +0200
> Giuseppe Arvati via samba <samba at lists.samba.org> wrote:
> 
>> Hello,
>>
>> I was checking my configuration regarding DNS
>> while I was reading
>> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#New_DNS_Entries_Are_Not_Resolvable
>>
>> and I found that private/sam.ldb.d/ and private/dns/sam.ldb.d/
>> are different
>>
>> # ls -lai /usr/local/samba/private/sam.ldb.d/
>> 2760569 -rw-------. 1 root root  16400384 Oct 24 08:28
>> CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760570 -rw-------. 1 root root  10391552 Oct 24 08:28
>> CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760568 -rw-------. 1 root root   6647808 Oct 24 08:28
>> DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760571 -rw-rw----. 2 root named  4251648 Oct 24 08:28
>> DC%3DDOMAINDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760572 -rw-rw----. 2 root named  4251648 Oct 24 08:28
>> DC%3DFORESTDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760567 -rw-rw----. 2 root named   421888 Oct 24 08:28 metadata.tdb
>> # ls -lai /usr/local/samba/private/dns/sam.ldb.d/
>> 2763729 -rw-rw----  1 root named 8384512 Feb  6  2017
>> CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2763732 -rw-rw----  1 root named 9236480 Feb  6  2017
>> CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2763665 -rw-rw----  1 root named 1286144 Feb  6  2017
>> DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760571 -rw-rw----. 2 root named 4251648 Oct 24 08:28
>> DC%3DDOMAINDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760572 -rw-rw----. 2 root named 4251648 Oct 24 08:28
>> DC%3DFORESTDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760567 -rw-rw----. 2 root named  421888 Oct 24 08:28 metadata.tdb
>>
>> I noticed:
>> 1) file file starting with CN are different in the 2 folder
>> 2) file file starting with CN in private/sam.ldb.d/ are owned by
>> root:root in private/dns/sam.ldb.d/ are owned by root:named
> 
> They should both be 'root:named'
> 
> ls -lad /usr/local/samba/private/sam.ldb.d/
> drwxr-x--- 2 root bind 4096 Nov 23  2016 /usr/local/samba/private/sam.ldb.d/
> ls -lad /usr/local/samba/private/dns/sam.ldb.d/
> drwxrwx--- 2 root bind 4096 Nov 23
> 2016 /usr/local/samba/private/dns/sam.ldb.d/
> 
> Note: this is on Devuan where 'bind' = 'named'
> 
>>
>> I was starting to check dns configuration because I had a NOAUTH
>> problem when samba tried to update dlz on bind.
>> I solved with a "service named restart" and now the dns entry are
>> up to date but these files aren't compliant to the documentation
>> so is this a problem ?
>> If yes what kind of problem can I have ?
> 
> Do not check anything in a 'sam.ldb.d' directory, check everything in
> the sam.ldb file. As long as everything is okay here, then you do not
> need to worry.
> 
>>

Good

>>
>> CentOS Linux 2.6.32-642.13.1.el6.x86_64
>> Samba version 4.5.6
>> bind version  32:9.8.2-0.62.rc1.el6_9.4
> 
> Can I suggest you upgrade to Centos 7, this will get you a more up to
> date Bind.
> 

I hope to switch to new server in the next mouths

> Rowland
>

Thank you very much
Giuseppe

More information about the samba mailing list