[Samba] Samba AD + adblocking in bind9

Kenneth Westelinck kenneth.westelinck at gmail.com
Tue Jun 30 12:41:02 UTC 2020


All,

I am running samba as an AD on a Debian buster:






*ii  python-samba                      2:4.9.5+dfsg-5+deb10u1       armel
     Python bindings for Sambaii  samba
2:4.9.5+dfsg-5+deb10u1       armel        SMB/CIFS file, print, and login
server for Unixii  samba-common                      2:4.9.5+dfsg-5+deb10u1
      all          common files used by both the Samba server and clientii
 samba-common-bin                  2:4.9.5+dfsg-5+deb10u1       armel
 Samba common files used by both the server and the clientii
 samba-dsdb-modules:armel          2:4.9.5+dfsg-5+deb10u1       armel
 Samba Directory Services Databaseii  samba-libs:armel
 2:4.9.5+dfsg-5+deb10u1       armel        Samba core librariesii
 samba-vfs-modules:armel           2:4.9.5+dfsg-5+deb10u1       armel
 Samba Virtual FileSystem plugins*

I am using bind9 as a DNS backend:
*ii  bind9                             1:9.11.5.P4+dfsg-5.1+deb10u1 armel
     Internet Domain Name Server*

Provisioning went smooth and all is working. I can login to the domain on
the windows boxes and the DNS verification described in
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
works as it should.

I am trying to use this machine as an adblocker as well, so I have read
https://www.it-dan.com/blog/block-ads-linux-and-bind9 and added this to my
configuration.

I have an named.conf.ads containing all sites I want blocked; example:
*zone "secure.flashtalking.com <http://secure.flashtalking.com>" { type
master; notify no; file "/etc/bind/db.ads"; };*

I have a db.ads that looks like this:













*; File: db.ads; Last modified: 23/02/2014$TTL    86400   ; one day@
IN      SOA     ns.home.sweet.home. admin.home.sweet.home. (
        2005071005 ; serial number YYYYMMDDNN                        28800
     ; refresh  8 hours                        7200       ; retry    2
hours                        864000     ; expire  10 days
      86400 )    ; min ttl  1 day                NS
 ns.home.sweet.home.                A       127.0.0.1*               IN
 A       127.0.0.1*

And I include the named.conf.ads in my named.conf.local:

*include "/etc/bind/named.conf.ads";include
"/var/lib/samba/bind-dns/named.conf";*

This works. When I try to click on an ad, I get redirected to localhost,
which is fine. Samba, complains however:

Jun 30 06:37:34 bubba-b3-two systemd[1]: Started Samba AD Daemon.
Jun 30 06:37:34 bubba-b3-two winbindd[3237]: [2020/06/30 06:37:34.807028,
 0] ../lib/util/become_daemon.c:138(daemon_ready)
Jun 30 06:37:34 bubba-b3-two winbindd[3237]:   daemon_ready: STATUS=daemon
'winbindd' finished starting up and ready to serve connections
Jun 30 06:37:35 bubba-b3-two smbd[3227]: [2020/06/30 06:37:35.111599,  0]
../lib/util/become_daemon.c:138(daemon_ready)
Jun 30 06:37:35 bubba-b3-two smbd[3227]:   daemon_ready: STATUS=daemon
'smbd' finished starting up and ready to serve connections



*Jun 30 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
[2020/06/30 06:37:41.132173,  0]
../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)Jun 30
06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code
110Jun 30 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
[2020/06/30 06:37:41.231985,  0]
../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)Jun 30
06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error code
110*

I guess this is normal, since samba cannot "update" the db.ads file, where
we are master for. So, any ideas how I can combine this? So make DNS
updates work in Samba and have the adblocker as well?


Many thanks in advance.


regards,

Kenneth


More information about the samba mailing list