[Samba] Workstations cannot update DNS

durwin at mgtsciences.com durwin at mgtsciences.com
Wed May 15 21:10:12 UTC 2019 

> > > > *named.conf.options*
> > > > options {
> > > >         directory "/var/cache/bind";
> > > >
> > > >         // If there is a firewall between you and nameservers you 
want
> > > >         // to talk to, you may need to fix the firewall to allow 
> > multiple
> > > >         // ports to talk.  See 
http://www.kb.cert.org/vuls/id/800113
> > > >
> > > >         // If your ISP provided one or more IP addresses for 
stable
> > > >         // nameservers, you probably want to use them as 
forwarders.
> > > >         // Uncomment the following block, and insert the addresses
> > > > replacing
> > > >         // the all-0's placeholder.
> > > >         // 172.23.93.3 is master dns for mycompany.com
> > > >
> > > >         forwarders {
> > > >   172.23.93.3; 8.8.8.8;
> > > >         };
> > > >
> > > > 
> > 
//========================================================================
> > > >         // If BIND logs error messages about the root key being 
> > expired,
> > > >         // you will need to update your keys.  See
> > > > https://www.isc.org/bind-keys
> > > > 
> > 
//========================================================================
> > > >         dnssec-validation auto;
> > > >
> > > >         auth-nxdomain no;    # conform to RFC1035
> > > >         //listen-on-v6 { any; };
> > > >         listen-on { any; };
> > > >         notify no;
> > > >
> > > >         empty-zones-enable no;
> > > >         // DNS dynamic updates via Kerberos
> > > > /var/lib/samba/private/dns.keytab;
> > > >         tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> > > > };
> > >
> > >
> > > OK, everything looks okay, except for /etc/bind/named.conf.options, 
> > this
> > > is mine (which as worked since 2012):
> > >
> > > options {
> > >      directory "/var/cache/bind";
> > >      version "0.0.7";
> > >      notify no;
> > >      empty-zones-enable no;
> > >      allow-query { 127.0.0.1; 192.168.0.0/24; };
> > >      allow-recursion {  192.168.0.0/24; 127.0.0.1/32; };
> > >      forwarders { 8.8.8.8; 8.8.4.4; };
> > >      allow-transfer { none; };
> > >      dnssec-validation no;
> > >      dnssec-enable no;
> > >      dnssec-lookaside no;
> > >      listen-on-v6 { none; };
> > >      listen-on port 53 { 192.168.0.6; 127.0.0.1; };
> > >
> > >      tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> > > };
> > >
> > > I think you should be able to see the differences, especially the 
last
> > > line ;-)
> >
> > I took your lines, modified for my subnet.
> >   1 options {
> >   2      directory "/var/cache/bind";
> >   3      notify no;
> >   4      empty-zones-enable no;
> >   5      allow-query { 127.0.0.1; 172.23.93.0/24; };
> >   6      allow-recursion {  172.23.93.0/24; 127.0.0.1/32; };
> >   7      forwarders { 172.23.93.3; 8.8.8.8; };
> >   8      allow-transfer { none; };
> >   9      dnssec-validation no;
> >  10      dnssec-enable no;
> >  11      dnssec-lookaside no;
> >  12      listen-on-v6 { none; };
> >  13      listen-on port 53 { 172.23.93.25; 127.0.0.1; };
> >  14
> >  15      tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> >  16 };
> >
> > This is what systemctl status bind9 shows
> >
> > ● bind9.service - BIND Domain Name Server
> >    Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor 
> > preset: enabled)
> >    Active: failed (Result: exit-code) since Wed 2019-05-15 14:25:31 
> > MDT; 10min ago
> >      Docs: man:named(8)
> >   Process: 868 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, 
> > status=1/FAILURE)
> >  Main PID: 868 (code=exited, status=1/FAILURE)
> >
> > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:9: 
> > unknown option '   '
> > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:10: 
> > unknown option '   '
> > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:11: 
> > unknown option '   '
> > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:12: 
> > unknown option '   '
> > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:13: 
> > unknown option '   '
> > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:15: 
> > unknown option '   '
> > May 15 14:25:31 dc0 named[868]: loading configuration: failure
> > May 15 14:25:31 dc0 named[868]: exiting (due to fatal error)
> > May 15 14:25:31 dc0 systemd[1]: bind9.service: Main process exited, 
> > code=exited, status=1/FAILURE
> > May 15 14:25:31 dc0 systemd[1]: bind9.service: Failed with result 
> > 'exit-code'.
> >
> Bit lost here, as I said, I have been using this since 2012, first on 
> Ubuntu, then Debian and finally on Devuan, without problems. All I can 
> suggest  is that you check it again for typos's etc.

I did a copy and paste.  Some how what looked like spaces were *not*.
I replaced all spaces and bind now starts.  I will check it out
now and let you know.

Thank you,

Durwin
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



This email message and any attachments are for the sole use of the 
intended recipient(s) and may contain proprietary and/or confidential 
information which may be privileged or otherwise protected from 
disclosure. Any unauthorized review, use, disclosure or distribution is 
prohibited. If you are not the intended recipient(s), please contact the 
sender by reply email and destroy the original message and any copies of 
the message as well as any attachments to the original message.

More information about the samba mailing list