Thanks Louis,
I'll test as suggested.
I have to say, after the few changes made already, my DNS is running much
smoother that before.
On Fri, Feb 28, 2020 at 1:22 PM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> So if this is done, is edns configure also ?
>
> in resolv.conf add:
> options edns0
>
> and, name.conf test these.
>
> // The forwarded zone to the AD-DC DNS use these also.
> //dnssec-must-be-secure internal.domain.tld no;
> //dnssec-must-be-secure 168.192.in-addr.arpa no;
>
> // listen-on-v6 { ::1; }; // test what works best, if not
> all ipv6 is disabled also enable this one. just the responce.
> listen-on-v6 { "none"; };
>
> listen-on port 53 { 127.0.0.1; 192.168.xxx.xxx; };
> version "Go Away 0.0.7"; // change bind version
>
> allow-query { "thisserverip"; 127.0.0.1; ::1; "mynetworks"; };
> allow-query-cache { "thisserverip"; 127.0.0.1; ::1; "mynetworks";
> };
> // make sure bind does not eat all the ram
> max-cache-size 32M;
>
>
>
>
>
> Van: Eben Victor [mailto:eben.victor at gmail.com]
> Verzonden: vrijdag 28 februari 2020 12:10
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba Bind DLZ Slow queries
>
>
>
> Thanks Louis, FW configured as below
>
>
> 53/tcp 88/tcp 135/tcp 139/tcp 389/tcp 445/tcp 464/tcp 636/tcp 3268/tcp
> 3269/tcp 49152-65535/tcp 123/udp 53/udp 88/udp 137/udp 138/udp 389/udp
> 464/udp 22/tcp
>
>
>
> On Fri, Feb 28, 2020 at 12:36 PM L.P.H. van Belle via samba <
> samba at lists.samba.org> wrote:
>
> Ow and i forgot..
>
> If the server is firewalled, make sure you allow udp AND tcp on port 53.
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Rowland penny via samba
> > Verzonden: vrijdag 28 februari 2020 10:39
> > Aan: sambalist
> > Onderwerp: Re: [Samba] Samba Bind DLZ Slow queries
> >
> > On 28/02/2020 09:21, Eben Victor wrote:
> > > Thanks Rowland, I have removed from options, and amended
> > the forwarders.
> > >
> > > [global]
> > > workgroup = <MYDOMAIN>
> > > realm = <MYDOMAIN>.CORP
> > > netbios name = <HOSTNAME>
> > > server role = active directory domain controller
> > > idmap_ldb:use rfc2307 = yes
> > > idmap config * : range = 3000-7999 ----------> If I
> > remove the
> > > portion I get errors -> idmap range not specified for domain '*'
> > Yes, I know, remove the line and ignore the error, it is
> > meaningless ;-)
> > > Also see below resolv.conf
> > >
> > > search mydomain.corp otherdomain.corp otherdomain.net
> > > <http://otherdomain.net> otherdomain.co.za
> > <http://otherdomain.co.za>
> > > mydomain.co.za <http://mydomain.co.za>
> > Remove all domains except for the AD dns domain
> > > nameserver DC2
> > > nameserver DC3
> > > nameserver DC1
> > > nameserver DC5
> > > nameserver DC6
> > > nameserver DC4
> > >
> > The DC should use itself as its nameserver, whether you have other
> > nameservers is debatable, if Samba crashes, do you want it contacting
> > another DC ?
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> --
> Eben Victor
>
> Cell: +27 82 759 5266
> Email: eben.victor at gmail.com
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Eben Victor
Cell: +27 82 759 5266
Email: eben.victor at gmail.com