[Samba] Switching from Internal DNS to Bind9_DLZ

Tue Jan 2 21:05:03 UTC 2018

On Tue, 2 Jan 2018 15:52:57 -0500
lingpanda101 <lingpanda101 at gmail.com> wrote:

> On 1/2/2018 3:37 PM, Rowland Penny wrote:
> > On Tue, 2 Jan 2018 15:23:18 -0500
> > lingpanda101 <lingpanda101 at gmail.com> wrote:
> >
> >
> >> Actually it looks as if Bind isn't running. Though I could've sworn
> >> it did at one point.
> >>
> >> service bind9 restart
> >>    * Stopping domain name service... bind9
> >>                 rndc: connect failed: 127.0.0.1#953: connection
> >> refused [ OK ]
> >>    * Starting domain name service... bind9 [fail]
> >>
> >> Log shows;
> >>
> >> Jan  2 15:20:51 ddc2 named[2793]:
> >> ----------------------------------------------------
> >> Jan  2 15:20:51 ddc2 named[2793]: BIND 9 is maintained by Internet
> >> Systems Consortium,
> >> Jan  2 15:20:51 ddc2 named[2793]: Inc. (ISC), a non-profit
> >> 501(c)(3) public-benefit
> >> Jan  2 15:20:51 ddc2 named[2793]: corporation.  Support and
> >> training for BIND 9 are
> >> Jan  2 15:20:51 ddc2 named[2793]: available at
> >> https://www.isc.org/support Jan  2 15:20:51 ddc2 named[2793]:
> >> ----------------------------------------------------
> >> Jan  2 15:20:51 ddc2 named[2793]: adjusted limit on open files from
> >> 4096 to 1048576
> >> Jan  2 15:20:51 ddc2 named[2793]: found 2 CPUs, using 2 worker
> >> threads Jan  2 15:20:51 ddc2 named[2793]: using 2 UDP listeners
> >> per interface Jan  2 15:20:51 ddc2 named[2793]: using up to 4096
> >> sockets Jan  2 15:20:51 ddc2 named[2793]: loading configuration
> >> from '/etc/bind/named.conf'
> >> Jan  2 15:20:51 ddc2 named[2793]: /etc/bind/named.conf:15:
> >> 'options' redefined near 'options'
> >> Jan  2 15:20:51 ddc2 named[2793]: loading configuration: already
> >> exists Jan  2 15:20:51 ddc2 named[2793]: exiting (due to fatal
> >> error)
> >>
> >> It seems to stem from the issue I had before
> >> "/etc/bind/named.conf:15: 'options' redefined near 'options'"
> >>
> > I reread your earlier post and noticed something I missed earlier,
> > do you normally use red-hat ?
> > I ask this because you have this line in /etc/bind/named.conf:
> >
> > include "/etc/bind/named.conf.options";
> >
> > Followed by:
> > # Global Configuration Options
> > options {
> > .........
> > ......
> >
> >
> >
> > If this is all in the one file (ala red-hat), then this is your
> > problem, debian splits up Bind9 into separate conf files and you
> > will have two 'options'
> >
> > Rowland
> 
> I do not. Ubuntu but I do have two CentOS systems.
> 
> The config file was auto-generated when I installed via. apt-get.
> This is what it originally contained before I made any modifications.
> 
> // This is the primary configuration file for the BIND DNS server
> named. //
> // Please read /usr/share/doc/bind9/README.Debian.gz for information
> on the // structure of BIND configuration files in Debian, *BEFORE*
> you customize // this configuration file.
> //
> // If you are just adding zones, please do that in 
> /etc/bind/named.conf.local
> 
> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> include "/etc/bind/named.conf.default-zones";
> 
> If I comment out these include files, Bind9 starts. However I do
> still get
> 
> rndc: connect failed: 127.0.0.1#953: connection refused
> 
> However I'm still getting the TSIG errors.
> 

These are my named.conf files (with any comments stripped out), they
have worked for me for the last 5 years ;-)

/etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";
        version "0.0.7";
        notify no;
        empty-zones-enable no;
        allow-query { 127.0.0.1; 192.168.0.0/24; };
        allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
        forwarders { 8.8.8.8; 8.8.4.4; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;
        listen-on-v6 { none; };
        listen-on port 53 { 192.168.0.7; 127.0.0.1; };

        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

/etc/bind/named.conf.local

include "/usr/local/samba/private/named.conf";


/etc/bind/named.conf.default-zones

zone "." {
        type hint;
        file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

Rowland