[Samba] samba dlz. bind9 nslookup is wrong
Patrik
alabard at gmail.com
Mon Aug 5 09:37:30 UTC 2019
but as i shown in my config i use bind9, why do you say i am using
BIND9_FLATFILE
DNS?
root at server:/# cat etc/bind/named.conf.local
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// the order is important!!!! first internal, then external!!!
view "internal-enp1s0f3" {
match-clients { "internal-enp1s0f3"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f3"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";
zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f3/patrikx3.com";
*// include "/var/lib/samba/private/named.conf.update"; *
};
zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f3/corifeus.com";
};
zone "gitlist.tk" {
type master;
file "/etc/bind/zones/enp1s0f3/gitlist.tk";
};
zone "albafructus.eu" {
type master;
file "/etc/bind/zones/enp1s0f3/albafructus.eu";
};
zone "fruitinfo.hu" {
type master;
file "/etc/bind/zones/enp1s0f3/fruitinfo.hu";
};
zone "venyimgyumolcse.hu" {
type master;
file "/etc/bind/zones/enp1s0f3/venyimgyumolcse.hu";
};
* include "/var/lib/samba/private/named.conf";*
};
view "internal-enp1s0f2" {
match-clients { "internal-enp1s0f2"; };
match-recursive-only yes;
recursion yes;
allow-recursion { "internal-enp1s0f2"; };
notify yes;
allow-update { none; };
allow-query { any; };
allow-transfer { xfer; };
include "/etc/bind/named.conf.default-zones";
zone "patrikx3.com" {
type master;
file "/etc/bind/zones/enp1s0f2/patrikx3.com";
*// include "/var/lib/samba/private/named.conf.update"; * };
zone "corifeus.com" {
type master;
file "/etc/bind/zones/enp1s0f2/corifeus.com";
};
zone "gitlist.tk" {
type master;
file "/etc/bind/zones/enp1s0f2/gitlist.tk";
};
zone "albafructus.eu" {
type master;
file "/etc/bind/zones/enp1s0f2/albafructus.eu";
};
zone "fruitinfo.hu" {
type master;
file "/etc/bind/zones/enp1s0f2/fruitinfo.hu";
};
zone "venyimgyumolcse.hu" {
type master;
file "/etc/bind/zones/enp1s0f2/venyimgyumolcse.hu";
};
*// include "/var/lib/samba/private/named.conf";*};
view "external" {
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
// allow-transfer { any; }; // temporarily allowed for debugging purposes
allow-transfer { none; };
// zone "namesystem.tk" IN {
// type master;
// file "/etc/bind/zones/external.namesystem.tk";
// };
};
*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36
20 342 8046
On Mon, Aug 5, 2019 at 11:32 AM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> If i may.
>
> Rowland is right, below is not going to work as you want it to work.
>
> Bind9_flatfile with samba will be removed soon, because.. Its not
> supported.
> Read : https://wiki.samba.org/index.php/The_Samba_AD_DNS_Back_Ends
> Which states.
>
> Do not use the BIND9_FLATFILE DNS back end. It is not supported and will
> be removed in the future.
>
> And then this part.
>
> [router-logs]
> path = /var/log-router
> read only = yes
> guest ok = yes
> writable = no
> browseable = yes
> force user = root
> follow symlinks = yes
> wide links = yes
>
> That is asking for problems, and again, wide links and follow symlinks are
> very dangerus to use.
> And especialy when you force user root.
>
> Your on debian buster.
> Enforce your logging to root:staff or root:adm
> Which is debian default on most logs, setup your logrotate for that also.
> And use the group(s) to allow access for the samba share.
>
> But thats what i would do.
>
> Ps, run my debugscript, anonimize it where needed and we know if there is
> more off in your setup.
>
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Patrik via samba
> > Verzonden: maandag 5 augustus 2019 11:14
> > Aan: Rowland penny
> > CC: samba at lists.samba.org
> > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong
> >
> > I am not using flatfiles and i using BIND_DLZ it shows in my
> > log and i do
> > not use flatfiles. BIND_DLZ only.
> > as you can see it is pure bind and it just generates a weird
> > ip address
> > (192.168.81.120, 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84) this
> > ip addresses
> > cannot be pinged, missing this client.
> > you can see in smb.conf i do not use dnsupdate either.
> > and it is rotating and sometimes giving the wrong ip address
> > for windows
> > and linux. i am on debian buster.
> >
> > *My bind settings is correct as well (i wanna use enp1s0f3):*
> > root at server:/# cat /etc/bind/named.conf.local
> > view "internal-enp1s0f3" {
> > match-clients { "internal-enp1s0f3"; };
> > match-recursive-only yes;
> > recursion yes;
> > allow-recursion { "internal-enp1s0f3"; };
> >
> > notify yes;
> > allow-update { none; };
> > allow-query { any; };
> > allow-transfer { xfer; };
> > include "/etc/bind/named.conf.default-zones";
> >
> > zone "patrikx3.com" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/patrikx3.com";
> >
> > * include "/var/lib/samba/private/named.conf.update"; * };
> >
> > zone "corifeus.com" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/corifeus.com";
> > };
> >
> > zone "gitlist.tk" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/gitlist.tk";
> > };
> >
> > zone "albafructus.eu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/albafructus.eu";
> > };
> >
> >
> > zone "fruitinfo.hu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/fruitinfo.hu";
> > };
> >
> >
> > zone "venyimgyumolcse.hu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f3/venyimgyumolcse.hu";
> > };
> >
> >
> > * include "/var/lib/samba/private/named.conf";*};
> >
> > view "internal-enp1s0f2" {
> > match-clients { "internal-enp1s0f2"; };
> > match-recursive-only yes;
> > recursion yes;
> > allow-recursion { "internal-enp1s0f2"; };
> > notify yes;
> > allow-update { none; };
> > allow-query { any; };
> > allow-transfer { xfer; };
> >
> > include "/etc/bind/named.conf.default-zones";
> >
> > zone "patrikx3.com" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/patrikx3.com";
> > };
> >
> > zone "corifeus.com" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/corifeus.com";
> > };
> >
> > zone "gitlist.tk" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/gitlist.tk";
> > };
> >
> > zone "albafructus.eu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/albafructus.eu";
> > };
> >
> > zone "fruitinfo.hu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/fruitinfo.hu";
> > };
> >
> >
> > zone "venyimgyumolcse.hu" {
> > type master;
> > file "/etc/bind/zones/enp1s0f2/venyimgyumolcse.hu";
> > };
> >
> > };
> >
> >
> > view "external" {
> > match-clients { any; };
> >
> > recursion no;
> > additional-from-auth no;
> > additional-from-cache no;
> >
> > // allow-transfer { any; }; // temporarily allowed for
> > debugging purposes
> > allow-transfer { none; };
> >
> > // zone "namesystem.tk" IN {
> > // type master;
> > // file "/etc/bind/zones/external.namesystem.tk";
> > // };
> > };
> >
> > *My samba looks like this:*
> > # Global parameters
> > [global]
> >
> > *bind interfaces only = yes*# if this is turned on, always perfect
> > # interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
> > # interfaces = lo 192.168.78.20 2001:470:1f1b:5b3:21b:21ff:fea6:ce93
> > 192.168.81.20 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
> > # interfaces = lo 192.168.81.20
> > 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
> > # if all interfaces known, order is important, the last is
> > the required
> > # interfaces = lo 192.168.78.20 192.168.81.20
> >
> > # you can see it is should only allow on enp1s0f3 which is above
> >
> > *interfaces = lo enp1s0f3*netbios name = SERVER
> > realm = P3X-DC.PATRIKX3.COM <http://p3x-dc.patrikx3.com/>
> > # server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> > winbindd, ntp_signd, kcc, dnsupdate
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbindd,
> > ntp_signd, kcc
> > workgroup = P3X-DC
> > allow insecure wide links = Yes
> > # before was working
> > unix extensions = no
> > server role = active directory domain controller
> > idmap_ldb:use rfc2307 = yes
> > comment =
> > # log level = 3
> > template shell = /bin/bash
> > template homedir = /home/%U
> >
> > [netlogon]
> > path = /var/lib/samba/sysvol/p3x-dc.patrikx3.com/scripts
> > read only = No
> >
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> >
> > [media]
> > path = /media
> > read only = no
> > guest ok = no
> > force group = media
> > writable = yes
> >
> > [mounts]
> > path = /mnt
> > read only = no
> > guest ok = no
> > force group = mount
> > writable = yes
> >
> > [router-logs]
> > path = /var/log-router
> > read only = yes
> > guest ok = yes
> > writable = no
> > browseable = yes
> > # valid users = router
> > force user = root
> > follow symlinks = yes
> > wide links = yes
> >
> > *Patrik*
> > WWW <https://patrikx3.com> | GitHub
> > <https://github.com/patrikx3/> | NPM
> > <https://www.npmjs.com/~patrikx3> | Corifeus
> > <https://corifeus.com> | +36
> > 20 342 8046
> >
> >
> >
> >
> >
> > On Mon, Aug 5, 2019 at 11:10 AM Rowland penny via samba <
> > samba at lists.samba.org> wrote:
> >
> > > On 05/08/2019 09:55, Patrik via samba wrote:
> > > > the dig is wrong as well, it adds an additional ip
> > address, which i have
> > > > not request to use other interfaces:
> > > > root at server:/# dig p3x-dc.patrikx3.com
> > > >
> > > Patrik, I have told you what your problem is, refusing to
> > accept that
> > > you have setup Bind9 incorrectly is no reason for opening a
> > new thread.
> > >
> > > Just in case you missed it, or misunderstood it:
> > >
> > > You need to decide which network card you want to use with
> > Samba and set
> > > up smb.conf accordingly.
> > >
> > > You need to stop use 'flatfiles' with Samba and use
> > BIND_DLZ instead.
> > >
> > > As I said, once you accept your setup is incorrect, I am prepared to
> > > help you set it up correctly.
> > >
> > > Rowland
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list