[Samba] Workstations cannot update DNS
durwin at mgtsciences.com
durwin at mgtsciences.com
Wed May 15 20:43:02 UTC 2019
> > *named.conf.options*
> > options {
> > directory "/var/cache/bind";
> >
> > // If there is a firewall between you and nameservers you want
> > // to talk to, you may need to fix the firewall to allow
multiple
> > // ports to talk. See http://www.kb.cert.org/vuls/id/800113
> >
> > // If your ISP provided one or more IP addresses for stable
> > // nameservers, you probably want to use them as forwarders.
> > // Uncomment the following block, and insert the addresses
> > replacing
> > // the all-0's placeholder.
> > // 172.23.93.3 is master dns for mycompany.com
> >
> > forwarders {
> > 172.23.93.3; 8.8.8.8;
> > };
> >
> >
//========================================================================
> > // If BIND logs error messages about the root key being
expired,
> > // you will need to update your keys. See
> > https://www.isc.org/bind-keys
> >
//========================================================================
> > dnssec-validation auto;
> >
> > auth-nxdomain no; # conform to RFC1035
> > //listen-on-v6 { any; };
> > listen-on { any; };
> > notify no;
> >
> > empty-zones-enable no;
> > // DNS dynamic updates via Kerberos
> > /var/lib/samba/private/dns.keytab;
> > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> > };
>
>
> OK, everything looks okay, except for /etc/bind/named.conf.options, this
> is mine (which as worked since 2012):
>
> options {
> directory "/var/cache/bind";
> version "0.0.7";
> notify no;
> empty-zones-enable no;
> allow-query { 127.0.0.1; 192.168.0.0/24; };
> allow-recursion { 192.168.0.0/24; 127.0.0.1/32; };
> forwarders { 8.8.8.8; 8.8.4.4; };
> allow-transfer { none; };
> dnssec-validation no;
> dnssec-enable no;
> dnssec-lookaside no;
> listen-on-v6 { none; };
> listen-on port 53 { 192.168.0.6; 127.0.0.1; };
>
> tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> };
>
> I think you should be able to see the differences, especially the last
> line ;-)
I took your lines, modified for my subnet.
1 options {
2 directory "/var/cache/bind";
3 notify no;
4 empty-zones-enable no;
5 allow-query { 127.0.0.1; 172.23.93.0/24; };
6 allow-recursion { 172.23.93.0/24; 127.0.0.1/32; };
7 forwarders { 172.23.93.3; 8.8.8.8; };
8 allow-transfer { none; };
9 dnssec-validation no;
10 dnssec-enable no;
11 dnssec-lookaside no;
12 listen-on-v6 { none; };
13 listen-on port 53 { 172.23.93.25; 127.0.0.1; };
14
15 tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
16 };
This is what systemctl status bind9 shows
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
preset: enabled)
Active: failed (Result: exit-code) since Wed 2019-05-15 14:25:31 MDT;
10min ago
Docs: man:named(8)
Process: 868 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited,
status=1/FAILURE)
Main PID: 868 (code=exited, status=1/FAILURE)
May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:9: unknown
option ' '
May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:10: unknown
option ' '
May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:11: unknown
option ' '
May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:12: unknown
option ' '
May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:13: unknown
option ' '
May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:15: unknown
option ' '
May 15 14:25:31 dc0 named[868]: loading configuration: failure
May 15 14:25:31 dc0 named[868]: exiting (due to fatal error)
May 15 14:25:31 dc0 systemd[1]: bind9.service: Main process exited,
code=exited, status=1/FAILURE
May 15 14:25:31 dc0 systemd[1]: bind9.service: Failed with result
'exit-code'.
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
This email message and any attachments are for the sole use of the
intended recipient(s) and may contain proprietary and/or confidential
information which may be privileged or otherwise protected from
disclosure. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient(s), please contact the
sender by reply email and destroy the original message and any copies of
the message as well as any attachments to the original message.
More information about the samba
mailing list