[Samba] Internal DNS migrate to Bind9_DLZ

Eben Victor eben.victor at gmail.com
Wed Oct 31 21:34:38 UTC 2018 

Hi Rowland,

I didn't build samba, I'm running the sernet packages,
# rpm -qa | grep sernet
sernet-samba-libsmbclient0-4.8.6-16.el7.x86_64
sernet-samba-ad-4.8.6-16.el7.x86_64
sernet-samba-libs-4.8.6-16.el7.x86_64
sernet-samba-client-4.8.6-16.el7.x86_64
sernet-samba-winbind-4.8.6-16.el7.x86_64
sernet-samba-common-4.8.6-16.el7.x86_64
sernet-samba-4.8.6-16.el7.x86_64

I don't mind having to remove and rebuild bind, but...
Excuse my ignorance, but what I don't understand is that I have a test DC
with random zones/data and migrating from INTERNAL DNS to BIND9 wasn't an
issue. The only difference between the two environments is that my test
site has 1 DC and my prod is 7 DC's.
My test environment is working 100% as is, same packages as prod.

Kind Regards

On Wed, Oct 31, 2018 at 7:35 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Wed, 31 Oct 2018 18:36:52 +0200
> Eben Victor <eben.victor at gmail.com> wrote:
>
> > Hello Rowland,
> >
> > I have already checked and the DN's are in AD, see attached.
> >
> > SOA:
> > <domain>.corp.    3600    IN    SOA    psad102zadprh.<domain>.corp. .
> > 9766 3600 600 86400 3600
> >
> > See below NS, but the 1st NS (zatprdc001) doesn't exsit, and I cannot
> > find it anywhere.
> > NS:
> > <domain>.corp.    3600    IN    NS    zatprdc001.<domain>.corp.
> > <domain>.corp.    3600    IN    NS    psad102zadprh.<domain>.corp.
> > <domain>.corp.    3600    IN    NS    prdc001zacprh.<domain>.corp.
> > <domain>.corp.    3600    IN    NS    prdc001zafsrh.<domain>.corp.
> > <domain>.corp.    3600    IN    NS    prdc001zatcrh.<domain>.corp.
> > <domain>.corp.    3600    IN    NS    prdc002zacprh.<domain>.corp.
> > <domain>.corp.    3600    IN    NS    prdc003zacprh.<domain>.corp.
> > <domain>.corp.    3600    IN    NS    psad101zatcrh.<domain>.corp.
> >
> > We did rebuild all our DC's to RHEL7.
> > We demoted on the DC being rebuild, then removed any and all records
> > we could find in AD/DNS. Rebuild the new server and rejoined.
> >
>
> OK, after reading your 'named.log', there is the line that starts
> (after the date) 'built with' and amongst all the build options there
> is this '--disable-isc-spnego'
>
> I take it you have built Samba yourself as there are no RHEL7 packages
> that provision as a DC, so you know how to build things.
>
> I think you know what is coming ;-)
>
> Read this:
>
>
> https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates
>
> And this:
>
> https://github.com/hvenzke/CentOS-Bind-DLZ
>
> And then build Bind9 yourself, removing the thing that is stopping it
> working for you '--disable-isc-spnego'
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Eben Victor
Cell:  +27 82 759 5266
Email: eben.victor at gmail.com

More information about the samba mailing list