[Samba] Switching from Internal DNS to Bind9_DLZ

Tue Jan 2 18:38:52 UTC 2018

On 1/2/2018 12:25 PM, Rowland Penny wrote:
> On Tue, 2 Jan 2018 12:09:33 -0500
> lingpanda101 via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>>       Installing bind9 on my Ubuntu 14.04 via. apt-get displays the
>> following options.
>>
>>    #named -V
>> BIND 9.9.5-3ubuntu0.16-Ubuntu (Extended Support Version)
>> <id:f9b8a50e> built by make with '--prefix=/usr'
>> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
>> '--enable-largefile' '--with-libtool' '--enable-shared'
>> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
>> '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
>> '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing
>> -DDIG_SIGCHASE -O2'
>>
>> The Samba wiki states I should see;
>>
>> named -V
>> BIND 9.x.y built with ... '--with-dlopen=yes' '--with-gssapi=yes' ...
>>
>> As you can see I have;
>>
>> '--with-gssapi=/usr' and *NO* '--with-dlopen=yes'
>>
>> Is it possible to enable '--with-dlopen=yes' without compiling?
>> Thanks.
>>
>>
>>
> No, but funnily enough, you won't be able enable it by compiling it
> either ;-)
>
> It is now built into the standard compiled Bind9, so I suppose the real
> answer to your question is that you can use the standard Bind9 package
> on 14.04 with Samba.
>
> I will update the wiki page.
>
> Rowland

A few other observations while attempting to switch.

  * I do not have a dns.keytab file. Should I or is created after
    attempting to switch?
  * running 'named-checkconf' throws an error.

named-checkconf
/etc/bind/named.conf:15: 'options' redefined near 'options'

My 'named.conf' is the following

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/usr/local/samba/private/named.conf";

# Global Configuration Options
options {

     auth-nxdomain yes;
     directory "/var/named";
     notify no;
     empty-zones-enable no;
     tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";

     # IP addresses and network ranges allowed to query the DNS server:
     allow-query {
         127.0.0.1;
         172.0.0.0/8;
     };

     # IP addresses and network ranges allowed to run recursive queries:
     # (Zones not served by this DNS server)
     allow-recursion {
         127.0.0.1;
         172.0.0.0/8;
     };

     # Forward queries that can not be answered from own zones
     # to these DNS servers:
     forwarders {
         8.8.8.8;
         8.8.4.4;
     };

     # Disable zone transfers
     allow-transfer {
         none;
     };
  };

# Root Servers
# (Required for recursive DNS queries)
zone "." {
    type hint;
    file "named.root";
};

# localhost zone
zone "localhost" {
     type master;
     file "master/localhost.zone";
};

# 127.0.0. zone.
zone "0.0.127.in-addr.arpa" {
     type master;
     file "master/0.0.127.zone";
};

-- 
--
James