[Samba] Configure DHCP to update DNS records with BIND9

Rowland penny rpenny at samba.org
Tue Aug 13 17:26:36 UTC 2019 

On 13/08/2019 17:53, jokie74 at webstatics.de wrote:
> Hello,
>
> I implemented the samba on a running Bind9 DHCP environment, so I already had a working BIND9 config with dynamic DNS updates. This is the reason why there are some lines on top.
I suggest you follow the wiki, it is known to work with your Samba 
version, you can add extra lines after you get it working.
> I am using Ubuntu 18.04
>
> root at SAMBA:~# uname -r
> 4.15.0-55-generic

I actually meant your version of Samba, but never mind, unless you have 
installed Samba from elsewhere, it will be 4.7.6

> --------------------------------------------
> root at SAMBA:~# apt show bind9
> Package: bind9
> Version: 1:9.11.3+dfsg-1ubuntu1.8
> --------------------------------------------
> root at SAMBA:~# apt show isc-dhcp-server
> Package: isc-dhcp-server
> Version: 4.3.5-3ubuntu7.1
> ----------------------------------------------------------------------
> root at SAMBA:~# cat /etc/bind/named.conf.options
> acl internals {
>          localhost;
>          localnets;
> };
Why set 'acl internals' ? you never use it.
> options {
>          directory "/var/cache/bind";
>          notify no;
>          tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>          empty-zones-enable no;
>
>          forwarders {
>                  8.8.4.4;
>                  8.8.8.8;
>          };
>
>          allow-query {
>                  127.0.0.1;
>                  192.168.0.0/24;
>          };
>
>          allow-recursion {
>                  127.0.0.1;
>                  192.168.0.0/24;
>          };
>
>          allow-transfer {
>                  none;
>          };
>
>          dnssec-validation auto;

Change 'dns-validation auto;' to 'dns-validation no;'

Also add:

     dnssec-enable no;
     dnssec-lookaside no;

>          auth-nxdomain no;    # conform to RFC1035
Remove the above, The DC is Authoritative.
>          listen-on-v6 { any; };

I would also add something like:

listen-on port 53 { 192.168.0.6; 127.0.0.1; };

> };
> --------------------------------------------------------------------------------------------
>
Do you have the following in /etc/bind/name.conf.local:

include "/var/lib/samba/private/named.conf";

Rowland

More information about the samba mailing list