[Samba] Internal DNS migrate to Bind9_DLZ

Eben Victor eben.victor at gmail.com
Tue Aug 21 14:27:38 UTC 2018

Hello All,

So I’ve been playing around, setting a test site and some test data. 

When doing the migration from internal dns to bind dlz then it works perfect. 

Using the same configuration on my production env it still fails.

Could my database be corrupt somehow on 1 of my 7 dc’s?

Really struggling to get this working. 


Did you make sure that your root and localhost zones are loaded last in the bind config. 

The order matters, at least if you also use bind_DLZ. 

I suggest, you try it. 
Im Just thinking about this,  if your . (root) zone is loaded, and its trying to lookup you company.corp domain. 
It hits resolv.conf then you bind, and bind_dlz is not loaded yet, so lookup on the internet.
Its a possible option this happens, i dont know the bind9_dlz code. 

And this, >>  domain.corp is just an alias, not the actual domain name. 
Setup a with a real zone. 

But pretty im sure your problem is caused by one of these 2. 

I suguest start with making sure your localhost and root zones are loaded last on named.conf.

In my Debian server the order is as followed.
include "/etc/bind/named.conf.options";        < here (withing the options line:  at the bottum of the global options: tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
include "/etc/bind/named.conf.local";        < here only one line:  include "/var/lib/samba/private/named.conf";  
include "/etc/bind/named.conf.default-zones";    < here are my root and localhost zones ( default bind, not in DLZ )



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: dinsdag 31 juli 2018 10:23
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ
> On Mon, 30 Jul 2018 23:36:46 +0200
> Eben Victor <eben.victor at gmail.com> wrote:
>> It is part of the Sernet packages and is currently on 1.3.4
>> /usr/lib64/samba/libldb.so.1.3.4
>> We started using sernet-samba-ad from v4 using the internal dns and
>> updated as versions were released. We have now recently updated from
>> 4.8.2 to 4.8.3 and still using internal dns.
>> Our DNS is working as it should, it's only been since recently that
>> we have to migrate to bind9.
> So, you are using Samba without problem, it is just that when you try
> to use Bind9 instead of the internal dns server, your problems start.
> Let's just recap
> You have run 'samba_upgradedns'
> You have altered smb.conf
> You have configured 'named.conf' correctly
> The Samba 'named.conf' file is readable by 'named' (this should be
> 'rw-r--r--' i.e. world readable)
> But, even though everything looks okay, Bind9 will not start.
> This is strange, there doesn't seem to be any reason for it.
> Is anybody using the combination of Centos 7, Samba 4.8.3 and Bind9
> without problems ?
> Rowland
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list