[Samba] Workstations cannot update DNS
Rowland penny
rpenny at samba.org
Wed May 15 20:18:35 UTC 2019
On 15/05/2019 21:03, durwin at mgtsciences.com wrote:
> *named.conf.options*
> options {
> directory "/var/cache/bind";
>
> // If there is a firewall between you and nameservers you want
> // to talk to, you may need to fix the firewall to allow multiple
> // ports to talk. See http://www.kb.cert.org/vuls/id/800113
>
> // If your ISP provided one or more IP addresses for stable
> // nameservers, you probably want to use them as forwarders.
> // Uncomment the following block, and insert the addresses
> replacing
> // the all-0's placeholder.
> // 172.23.93.3 is master dns for mycompany.com
>
> forwarders {
> 172.23.93.3; 8.8.8.8;
> };
>
> //========================================================================
> // If BIND logs error messages about the root key being expired,
> // you will need to update your keys. See
> https://www.isc.org/bind-keys
> //========================================================================
> dnssec-validation auto;
>
> auth-nxdomain no; # conform to RFC1035
> //listen-on-v6 { any; };
> listen-on { any; };
> notify no;
>
> empty-zones-enable no;
> // DNS dynamic updates via Kerberos
> /var/lib/samba/private/dns.keytab;
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
OK, everything looks okay, except for /etc/bind/named.conf.options, this
is mine (which as worked since 2012):
options {
directory "/var/cache/bind";
version "0.0.7";
notify no;
empty-zones-enable no;
allow-query { 127.0.0.1; 192.168.0.0/24; };
allow-recursion { 192.168.0.0/24; 127.0.0.1/32; };
forwarders { 8.8.8.8; 8.8.4.4; };
allow-transfer { none; };
dnssec-validation no;
dnssec-enable no;
dnssec-lookaside no;
listen-on-v6 { none; };
listen-on port 53 { 192.168.0.6; 127.0.0.1; };
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
};
I think you should be able to see the differences, especially the last
line ;-)
Rowland
More information about the samba
mailing list