[Samba] DNS not resolving particular host from queries from particular subnet
Zdravko Zdravkov
nirayah at gmail.com
Fri Jun 1 11:12:43 UTC 2018
True that! Sorry
smb.conf
> [global]
> netbios name = AD
> realm = XXXX.CO.UK
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = XXXX
> idmap config XXXX:unix_nss_info = yes
> idmap_ldb:use rfc2307 = yes
> log file = /var/log/samba/samba.log
> log level = 3
named.conf
include "/usr/local/samba/private/named.conf";
> options {
> listen-on port 53 { 127.0.0.1; 192.168.26.2; };
> // listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> allow-query { any; };
> /*
> - If you are building an AUTHORITATIVE DNS server, do NOT enable
> recursion.
> - If you are building a RECURSIVE (caching) DNS server, you need
> to enable
> recursion.
> - If your recursive DNS server has a public IP address, you MUST
> enable access
> control to limit queries to your legitimate users. Failing to
> do so will
> cause your server to become part of large scale DNS
> amplification
> attacks. Implementing BCP38 within your network would greatly
> reduce such attack surface
> */
> allow-recursion {
> 127.0.0.1;
> 192.168.26.0/24;
> 192.168.27.0/24;
> };
>
>
> //recursion yes;
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> dnssec-enable yes;
> dnssec-validation yes;
> /* Path to ISC DLV key */
> bindkeys-file "/etc/named.iscdlv.key";
> managed-keys-directory "/var/named/dynamic";
> pid-file "/run/named/named.pid";
> session-keyfile "/run/named/session.key";
> };
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> };
> };
> zone "." IN {
> type hint;
> file "named.ca";
> };
> //include "/etc/named.rfc1912.zones";
> //include "/etc/named.root.key";
On Fri, Jun 1, 2018 at 11:48 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 1 Jun 2018 11:39:33 +0100
> Zdravko Zdravkov via samba <samba at lists.samba.org> wrote:
>
> > Hi all.
> >
> > Our setup is samba+dlz AD DC. Since last week the DNS doesn't resolve
> > the delegated record for our storage *storage.domain.ltd*
> > (192.168.26.xx) when being queried from clients in 192.168.29.0 which
> > is our openvpn designated network. The OpenVPN is configured to push
> > the DNS of our network, and also successfully resolves other hosts in
> > the 192.168.26.0 subnet. I have no memory of changing anything. Last
> > friday just some of our remote clients reported that the access to
> > the storage has been lost.
> >
> > Any ideas will be appreciated!
>
> Might be a good idea to post your smb.conf and bind9 conf files.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list