[Samba] Internal DNS migrate to Bind9_DLZ
Rowland Penny
rpenny at samba.org
Wed Oct 31 17:34:11 UTC 2018
On Wed, 31 Oct 2018 18:36:52 +0200
Eben Victor <eben.victor at gmail.com> wrote:
> Hello Rowland,
>
> I have already checked and the DN's are in AD, see attached.
>
> SOA:
> <domain>.corp. 3600 IN SOA psad102zadprh.<domain>.corp. .
> 9766 3600 600 86400 3600
>
> See below NS, but the 1st NS (zatprdc001) doesn't exsit, and I cannot
> find it anywhere.
> NS:
> <domain>.corp. 3600 IN NS zatprdc001.<domain>.corp.
> <domain>.corp. 3600 IN NS psad102zadprh.<domain>.corp.
> <domain>.corp. 3600 IN NS prdc001zacprh.<domain>.corp.
> <domain>.corp. 3600 IN NS prdc001zafsrh.<domain>.corp.
> <domain>.corp. 3600 IN NS prdc001zatcrh.<domain>.corp.
> <domain>.corp. 3600 IN NS prdc002zacprh.<domain>.corp.
> <domain>.corp. 3600 IN NS prdc003zacprh.<domain>.corp.
> <domain>.corp. 3600 IN NS psad101zatcrh.<domain>.corp.
>
> We did rebuild all our DC's to RHEL7.
> We demoted on the DC being rebuild, then removed any and all records
> we could find in AD/DNS. Rebuild the new server and rejoined.
>
OK, after reading your 'named.log', there is the line that starts
(after the date) 'built with' and amongst all the build options there
is this '--disable-isc-spnego'
I take it you have built Samba yourself as there are no RHEL7 packages
that provision as a DC, so you know how to build things.
I think you know what is coming ;-)
Read this:
https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates
And this:
https://github.com/hvenzke/CentOS-Bind-DLZ
And then build Bind9 yourself, removing the thing that is stopping it
working for you '--disable-isc-spnego'
Rowland
More information about the samba
mailing list