[Samba] Issues with bind9 dlz

Rowland Penny rpenny at samba.org
Sun May 5 07:10:36 UTC 2019 

On Sun, 5 May 2019 09:30:10 +1000
Rob Thoman <emailthomasrob at gmail.com> wrote:

> Hi Rowland,
> 
> Thank you.
> 
> I think the 5 zones maybe a parsing issues somewhere. 

I think you need to double check this, you normally only have 3, what
does this command produce when run on a DC:

samba-tool dns zonelist 127.0.0.1 -U Administrator%xxxxxxxxxx | grep 'pszZoneName'

Replace 'xxxxxxxxxx' with your Administrator password.

It should produce something like this:

  pszZoneName                 : samdom.example.com
  pszZoneName                 : 0.168.192.in-addr.arpa
  pszZoneName                 : _msdcs.samdom.example.com

> /etc/bind/named.conf.options has
> options {
>         directory "/var/cache/bind";
>         dnssec-validation auto;
>         tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
>         auth-nxdomain no;    # conform to RFC1035
>         listen-on-v6 { any; };
> };

This is mine, which has worked since 2012:

options {
    directory "/var/cache/bind";
    version "0.0.7";
    notify no;
    empty-zones-enable no;
    allow-query { 127.0.0.1; 192.168.0.0/24; };
    allow-recursion {  192.168.0.0/24; 127.0.0.1/32; };
    forwarders { 8.8.8.8; 8.8.4.4; };
    allow-transfer { none; };
    dnssec-validation no;
    dnssec-enable no;
    dnssec-lookaside no;
    listen-on-v6 { none; };
    listen-on port 53 { 192.168.0.6; 127.0.0.1; };

    tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
};

You do not have any forwarders and the 'dns.keytab' location has
changed.

> /usr/lib/x86_64-linux-gnu/samba/bind9
> -rw-r--r--  1 root root 38904 Apr  4 18:05 dlz_bind9.so
> -rw-r--r--  1 root root 38904 Apr  4 18:05 dlz_bind9_10.so
> -rw-r--r--  1 root root 38904 Apr  4 18:05 dlz_bind9_11.so
> -rw-r--r--  1 root root 38904 Apr  4 18:05 dlz_bind9_9.so

Nothing wrong there

> /etc/hosts
> 192.168.117.10 server5
> 192.168.117.10 server5.intdom.group

That really should be on one line and what happened to '127.0.0.1' ?

try it like this:
127.0.0.1 localhost
192.168.117.10 server5.intdom.group server5

> /etc/hostname
> server5

Good, just the short hostname

Rowland

More information about the samba mailing list