[Samba] Workstations cannot update DNS
Rowland penny
rpenny at samba.org
Wed May 15 21:00:06 UTC 2019
On 15/05/2019 21:43, durwin at mgtsciences.com wrote:
> > > *named.conf.options*
> > > options {
> > > directory "/var/cache/bind";
> > >
> > > // If there is a firewall between you and nameservers you want
> > > // to talk to, you may need to fix the firewall to allow
> multiple
> > > // ports to talk. See http://www.kb.cert.org/vuls/id/800113
> > >
> > > // If your ISP provided one or more IP addresses for stable
> > > // nameservers, you probably want to use them as forwarders.
> > > // Uncomment the following block, and insert the addresses
> > > replacing
> > > // the all-0's placeholder.
> > > // 172.23.93.3 is master dns for mycompany.com
> > >
> > > forwarders {
> > > 172.23.93.3; 8.8.8.8;
> > > };
> > >
> > >
> //========================================================================
> > > // If BIND logs error messages about the root key being
> expired,
> > > // you will need to update your keys. See
> > > https://www.isc.org/bind-keys
> > >
> //========================================================================
> > > dnssec-validation auto;
> > >
> > > auth-nxdomain no; # conform to RFC1035
> > > //listen-on-v6 { any; };
> > > listen-on { any; };
> > > notify no;
> > >
> > > empty-zones-enable no;
> > > // DNS dynamic updates via Kerberos
> > > /var/lib/samba/private/dns.keytab;
> > > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> > > };
> >
> >
> > OK, everything looks okay, except for /etc/bind/named.conf.options,
> this
> > is mine (which as worked since 2012):
> >
> > options {
> > directory "/var/cache/bind";
> > version "0.0.7";
> > notify no;
> > empty-zones-enable no;
> > allow-query { 127.0.0.1; 192.168.0.0/24; };
> > allow-recursion { 192.168.0.0/24; 127.0.0.1/32; };
> > forwarders { 8.8.8.8; 8.8.4.4; };
> > allow-transfer { none; };
> > dnssec-validation no;
> > dnssec-enable no;
> > dnssec-lookaside no;
> > listen-on-v6 { none; };
> > listen-on port 53 { 192.168.0.6; 127.0.0.1; };
> >
> > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> > };
> >
> > I think you should be able to see the differences, especially the last
> > line ;-)
>
> I took your lines, modified for my subnet.
> 1 options {
> 2 directory "/var/cache/bind";
> 3 notify no;
> 4 empty-zones-enable no;
> 5 allow-query { 127.0.0.1; 172.23.93.0/24; };
> 6 allow-recursion { 172.23.93.0/24; 127.0.0.1/32; };
> 7 forwarders { 172.23.93.3; 8.8.8.8; };
> 8 allow-transfer { none; };
> 9 dnssec-validation no;
> 10 dnssec-enable no;
> 11 dnssec-lookaside no;
> 12 listen-on-v6 { none; };
> 13 listen-on port 53 { 172.23.93.25; 127.0.0.1; };
> 14
> 15 tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> 16 };
>
> This is what systemctl status bind9 shows
>
> ● bind9.service - BIND Domain Name Server
> Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
> preset: enabled)
> Active: failed (Result: exit-code) since Wed 2019-05-15 14:25:31
> MDT; 10min ago
> Docs: man:named(8)
> Process: 868 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited,
> status=1/FAILURE)
> Main PID: 868 (code=exited, status=1/FAILURE)
>
> May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:9:
> unknown option ' '
> May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:10:
> unknown option ' '
> May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:11:
> unknown option ' '
> May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:12:
> unknown option ' '
> May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:13:
> unknown option ' '
> May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:15:
> unknown option ' '
> May 15 14:25:31 dc0 named[868]: loading configuration: failure
> May 15 14:25:31 dc0 named[868]: exiting (due to fatal error)
> May 15 14:25:31 dc0 systemd[1]: bind9.service: Main process exited,
> code=exited, status=1/FAILURE
> May 15 14:25:31 dc0 systemd[1]: bind9.service: Failed with result
> 'exit-code'.
>
Bit lost here, as I said, I have been using this since 2012, first on
Ubuntu, then Debian and finally on Devuan, without problems. All I can
suggest is that you check it again for typos's etc.
Rowland
More information about the samba
mailing list