[Samba] Samba AD + adblocking in bind9
Kenneth Westelinck
kenneth.westelinck at gmail.com
Tue Jun 30 12:41:02 UTC 2020
All,
I am running samba as an AD on a Debian buster:
*ii python-samba 2:4.9.5+dfsg-5+deb10u1 armel
Python bindings for Sambaii samba
2:4.9.5+dfsg-5+deb10u1 armel SMB/CIFS file, print, and login
server for Unixii samba-common 2:4.9.5+dfsg-5+deb10u1
all common files used by both the Samba server and clientii
samba-common-bin 2:4.9.5+dfsg-5+deb10u1 armel
Samba common files used by both the server and the clientii
samba-dsdb-modules:armel 2:4.9.5+dfsg-5+deb10u1 armel
Samba Directory Services Databaseii samba-libs:armel
2:4.9.5+dfsg-5+deb10u1 armel Samba core librariesii
samba-vfs-modules:armel 2:4.9.5+dfsg-5+deb10u1 armel
Samba Virtual FileSystem plugins*
I am using bind9 as a DNS backend:
*ii bind9 1:9.11.5.P4+dfsg-5.1+deb10u1 armel
Internet Domain Name Server*
Provisioning went smooth and all is working. I can login to the domain on
the windows boxes and the DNS verification described in
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
works as it should.
I am trying to use this machine as an adblocker as well, so I have read
https://www.it-dan.com/blog/block-ads-linux-and-bind9 and added this to my
configuration.
I have an named.conf.ads containing all sites I want blocked; example:
*zone "secure.flashtalking.com <http://secure.flashtalking.com>" { type
master; notify no; file "/etc/bind/db.ads"; };*
I have a db.ads that looks like this:
*; File: db.ads; Last modified: 23/02/2014$TTL 86400 ; one day@
IN SOA ns.home.sweet.home. admin.home.sweet.home. (
2005071005 ; serial number YYYYMMDDNN 28800
; refresh 8 hours 7200 ; retry 2
hours 864000 ; expire 10 days
86400 ) ; min ttl 1 day NS
ns.home.sweet.home. A 127.0.0.1* IN
A 127.0.0.1*
And I include the named.conf.ads in my named.conf.local:
*include "/etc/bind/named.conf.ads";include
"/var/lib/samba/bind-dns/named.conf";*
This works. When I try to click on an ad, I get redirected to localhost,
which is fine. Samba, complains however:
Jun 30 06:37:34 bubba-b3-two systemd[1]: Started Samba AD Daemon.
Jun 30 06:37:34 bubba-b3-two winbindd[3237]: [2020/06/30 06:37:34.807028,
0] ../lib/util/become_daemon.c:138(daemon_ready)
Jun 30 06:37:34 bubba-b3-two winbindd[3237]: daemon_ready: STATUS=daemon
'winbindd' finished starting up and ready to serve connections
Jun 30 06:37:35 bubba-b3-two smbd[3227]: [2020/06/30 06:37:35.111599, 0]
../lib/util/become_daemon.c:138(daemon_ready)
Jun 30 06:37:35 bubba-b3-two smbd[3227]: daemon_ready: STATUS=daemon
'smbd' finished starting up and ready to serve connections
*Jun 30 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
[2020/06/30 06:37:41.132173, 0]
../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)Jun 30
06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code
110Jun 30 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
[2020/06/30 06:37:41.231985, 0]
../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)Jun 30
06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
../source4/dsdb/dns/dns_update.c:353: Failed SPN update - with error code
110*
I guess this is normal, since samba cannot "update" the db.ads file, where
we are master for. So, any ideas how I can combine this? So make DNS
updates work in Samba and have the adblocker as well?
Many thanks in advance.
regards,
Kenneth
More information about the samba
mailing list