[Samba] Samba BIND9_DLZ autoupdate PTR
basti
mailinglist at unix-solution.de
Tue Jan 22 15:51:58 UTC 2019
I have set this option to yes.
I think the problem is on an other place. The DHCP server is not the DNS
Server. And I don't know how does the dhcp inform the dns server.
I a classic setup without DLZ somethink like the following is working well.
zone "example.com" in {
...
include "/etc/bind/update-policy";
}
zone "30.168.192.in-addr.arpa." {
...
include "/etc/bind/update-policy";
};
cat /etc/bind/update-policy
// to be included by every zone configuration
update-policy {
grant local-ddns zonesub any;
grant dhcpkey zonesub any;
};
How can I do this with DLZ in samba?
I have try this: https://kb.isc.org/docs/aa-00995
My named.conf looks as follow:
root at dc1:/etc/bind# cat /var/lib/samba/private/named.conf
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba/private/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "ad_dns" {
# For BIND 9.10.x
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so";
};
key dhcpkey {
algorithm hmac-md5;
secret "......";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { dhcpkey; };
};
zone "sam.domain.com." {
type master;
dlz ad_dns;
include "/etc/bind/update-policy";
};
Jan 22 16:46:14 dc1 named[12777]: generating session key for dynamic DNS
Jan 22 16:46:14 dc1 named[12777]: sizing zone task pool based on 8 zones
Jan 22 16:46:14 dc1 named[12777]: Loading 'ad_dns' using driver dlopen
Jan 22 16:46:14 dc1 named[12777]: samba_dlz: started for DN
DC=sam,DC=domain,DC=com
Jan 22 16:46:14 dc1 named[12777]: samba_dlz: starting configure
Jan 22 16:46:14 dc1 named[12777]: samba_dlz: configured writeable zone
'30.168.192.in-addr.arpa'
Jan 22 16:46:14 dc1 named[12777]: samba_dlz: Failed to configure zone
'sam.domain.com'
Jan 22 16:46:14 dc1 named[12777]: loading configuration: already exists
Jan 22 16:46:14 dc1 named[12777]: exiting (due to fatal error)
root at dc1:/etc/bind# named -V
BIND 9.10.3-P4-Debian <id:ebd72b3>
built by make with '--prefix=/usr' '--mandir=/usr/share/man'
'--libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/'
'--enable-threads' '--enable-largefile' '--with-libtool'
'--enable-shared' '--enable-static' '--with-gost=no'
'--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld'
'--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl'
'--enable-filter-aaaa' '--enable-native-pkcs11'
'--with-pkcs11=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so'
'--with-randomdev=/dev/urandom' 'CFLAGS=-g -O2
-fdebug-prefix-map=/build/bind9-zVMG3I/bind9-9.10.3.dfsg.P4=.
-fstack-protector-strong -Wformat -Werror=format-security
-fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE
-DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time
-D_FORTIFY_SOURCE=2'
compiled by GCC 6.3.0 20170516
compiled with OpenSSL version: OpenSSL 1.0.2l 25 May 2017
linked to OpenSSL version: OpenSSL 1.0.2q 20 Nov 2018
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
root at dc1:/etc/bind#
Am 22.01.19 um 14:35 schrieb L.P.H. van Belle via samba:
> Set auth-nxdomain yes;
More information about the samba
mailing list