[Samba] Samba AD + adblocking in bind9

Kenneth Westelinck kenneth.westelinck at gmail.com
Wed Jul 1 08:51:35 UTC 2020 

Thanks for the update. Indeed pi-hole might be a better alternative here,
no need to fiddle with bind then ;) I will look into it.

On Tue, Jun 30, 2020 at 2:51 PM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:

> I suggest, setup squid for that or you need to for
> if you want a config, im happy to share it.
>
> I use squid with ssl (also in one of my repo's).
>
> But if you really want it in bind9, well forward the dns request and setup
> Just look here : https://pi-hole.net/  ;-)
>
> Im running about the same as that pi-hole.
>
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Kenneth Westelinck via samba
> > Verzonden: dinsdag 30 juni 2020 14:41
> > Aan: samba at lists.samba.org
> > Onderwerp: [Samba] Samba AD + adblocking in bind9
> >
> > All,
> >
> > I am running samba as an AD on a Debian buster:
> >
> >
> >
> >
> >
> >
> > *ii  python-samba                      2:4.9.5+dfsg-5+deb10u1
> >       armel
> >      Python bindings for Sambaii  samba
> > 2:4.9.5+dfsg-5+deb10u1       armel        SMB/CIFS file,
> > print, and login
> > server for Unixii  samba-common
> > 2:4.9.5+dfsg-5+deb10u1
> >       all          common files used by both the Samba server
> > and clientii
> >  samba-common-bin                  2:4.9.5+dfsg-5+deb10u1       armel
> >  Samba common files used by both the server and the clientii
> >  samba-dsdb-modules:armel          2:4.9.5+dfsg-5+deb10u1       armel
> >  Samba Directory Services Databaseii  samba-libs:armel
> >  2:4.9.5+dfsg-5+deb10u1       armel        Samba core librariesii
> >  samba-vfs-modules:armel           2:4.9.5+dfsg-5+deb10u1       armel
> >  Samba Virtual FileSystem plugins*
> >
> > I am using bind9 as a DNS backend:
> > *ii  bind9
> > 1:9.11.5.P4+dfsg-5.1+deb10u1 armel
> >      Internet Domain Name Server*
> >
> > Provisioning went smooth and all is working. I can login to
> > the domain on
> > the windows boxes and the DNS verification described in
> > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active
> > _Directory_Domain_Controller
> > works as it should.
> >
> > I am trying to use this machine as an adblocker as well, so I
> > have read
> > https://www.it-dan.com/blog/block-ads-linux-and-bind9 and
> > added this to my
> > configuration.
> >
> > I have an named.conf.ads containing all sites I want blocked; example:
> > *zone "secure.flashtalking.com
> > <http://secure.flashtalking.com>" { type
> > master; notify no; file "/etc/bind/db.ads"; };*
> >
> > I have a db.ads that looks like this:
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > *; File: db.ads; Last modified: 23/02/2014$TTL    86400   ; one day@
> > IN      SOA     ns.home.sweet.home. admin.home.sweet.home. (
> >         2005071005 ; serial number YYYYMMDDNN
> >        28800
> >      ; refresh  8 hours                        7200       ; retry    2
> > hours                        864000     ; expire  10 days
> >       86400 )    ; min ttl  1 day                NS
> >  ns.home.sweet.home.                A       127.0.0.1*
> >        IN
> >  A       127.0.0.1*
> >
> > And I include the named.conf.ads in my named.conf.local:
> >
> > *include "/etc/bind/named.conf.ads";include
> > "/var/lib/samba/bind-dns/named.conf";*
> >
> > This works. When I try to click on an ad, I get redirected to
> > localhost,
> > which is fine. Samba, complains however:
> >
> > Jun 30 06:37:34 bubba-b3-two systemd[1]: Started Samba AD Daemon.
> > Jun 30 06:37:34 bubba-b3-two winbindd[3237]: [2020/06/30
> > 06:37:34.807028,
> >  0] ../lib/util/become_daemon.c:138(daemon_ready)
> > Jun 30 06:37:34 bubba-b3-two winbindd[3237]:   daemon_ready:
> > STATUS=daemon
> > 'winbindd' finished starting up and ready to serve connections
> > Jun 30 06:37:35 bubba-b3-two smbd[3227]: [2020/06/30
> > 06:37:35.111599,  0]
> > ../lib/util/become_daemon.c:138(daemon_ready)
> > Jun 30 06:37:35 bubba-b3-two smbd[3227]:   daemon_ready: STATUS=daemon
> > 'smbd' finished starting up and ready to serve connections
> >
> >
> >
> > *Jun 30 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> > [2020/06/30 06:37:41.132173,  0]
> > ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)Jun 30
> > 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> > ../source4/dsdb/dns/dns_update.c:330: Failed DNS update -
> > with error code
> > 110Jun 30 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> > [2020/06/30 06:37:41.231985,  0]
> > ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)Jun 30
> > 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> > ../source4/dsdb/dns/dns_update.c:353: Failed SPN update -
> > with error code
> > 110*
> >
> > I guess this is normal, since samba cannot "update" the
> > db.ads file, where
> > we are master for. So, any ideas how I can combine this? So make DNS
> > updates work in Samba and have the adblocker as well?
> >
> >
> > Many thanks in advance.
> >
> >
> > regards,
> >
> > Kenneth
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list