[Samba] Samba AD + adblocking in bind9

L.P.H. van Belle belle at bazuin.nl
Tue Jun 30 12:50:23 UTC 2020


I suggest, setup squid for that or you need to for
if you want a config, im happy to share it. 

I use squid with ssl (also in one of my repo's). 

But if you really want it in bind9, well forward the dns request and setup 
Just look here : https://pi-hole.net/  ;-) 

Im running about the same as that pi-hole. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Kenneth Westelinck via samba
> Verzonden: dinsdag 30 juni 2020 14:41
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba AD + adblocking in bind9
> 
> All,
> 
> I am running samba as an AD on a Debian buster:
> 
> 
> 
> 
> 
> 
> *ii  python-samba                      2:4.9.5+dfsg-5+deb10u1 
>       armel
>      Python bindings for Sambaii  samba
> 2:4.9.5+dfsg-5+deb10u1       armel        SMB/CIFS file, 
> print, and login
> server for Unixii  samba-common                      
> 2:4.9.5+dfsg-5+deb10u1
>       all          common files used by both the Samba server 
> and clientii
>  samba-common-bin                  2:4.9.5+dfsg-5+deb10u1       armel
>  Samba common files used by both the server and the clientii
>  samba-dsdb-modules:armel          2:4.9.5+dfsg-5+deb10u1       armel
>  Samba Directory Services Databaseii  samba-libs:armel
>  2:4.9.5+dfsg-5+deb10u1       armel        Samba core librariesii
>  samba-vfs-modules:armel           2:4.9.5+dfsg-5+deb10u1       armel
>  Samba Virtual FileSystem plugins*
> 
> I am using bind9 as a DNS backend:
> *ii  bind9                             
> 1:9.11.5.P4+dfsg-5.1+deb10u1 armel
>      Internet Domain Name Server*
> 
> Provisioning went smooth and all is working. I can login to 
> the domain on
> the windows boxes and the DNS verification described in
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active
> _Directory_Domain_Controller
> works as it should.
> 
> I am trying to use this machine as an adblocker as well, so I 
> have read
> https://www.it-dan.com/blog/block-ads-linux-and-bind9 and 
> added this to my
> configuration.
> 
> I have an named.conf.ads containing all sites I want blocked; example:
> *zone "secure.flashtalking.com 
> <http://secure.flashtalking.com>" { type
> master; notify no; file "/etc/bind/db.ads"; };*
> 
> I have a db.ads that looks like this:
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> *; File: db.ads; Last modified: 23/02/2014$TTL    86400   ; one day@
> IN      SOA     ns.home.sweet.home. admin.home.sweet.home. (
>         2005071005 ; serial number YYYYMMDDNN                 
>        28800
>      ; refresh  8 hours                        7200       ; retry    2
> hours                        864000     ; expire  10 days
>       86400 )    ; min ttl  1 day                NS
>  ns.home.sweet.home.                A       127.0.0.1*        
>        IN
>  A       127.0.0.1*
> 
> And I include the named.conf.ads in my named.conf.local:
> 
> *include "/etc/bind/named.conf.ads";include
> "/var/lib/samba/bind-dns/named.conf";*
> 
> This works. When I try to click on an ad, I get redirected to 
> localhost,
> which is fine. Samba, complains however:
> 
> Jun 30 06:37:34 bubba-b3-two systemd[1]: Started Samba AD Daemon.
> Jun 30 06:37:34 bubba-b3-two winbindd[3237]: [2020/06/30 
> 06:37:34.807028,
>  0] ../lib/util/become_daemon.c:138(daemon_ready)
> Jun 30 06:37:34 bubba-b3-two winbindd[3237]:   daemon_ready: 
> STATUS=daemon
> 'winbindd' finished starting up and ready to serve connections
> Jun 30 06:37:35 bubba-b3-two smbd[3227]: [2020/06/30 
> 06:37:35.111599,  0]
> ../lib/util/become_daemon.c:138(daemon_ready)
> Jun 30 06:37:35 bubba-b3-two smbd[3227]:   daemon_ready: STATUS=daemon
> 'smbd' finished starting up and ready to serve connections
> 
> 
> 
> *Jun 30 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> [2020/06/30 06:37:41.132173,  0]
> ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)Jun 30
> 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> ../source4/dsdb/dns/dns_update.c:330: Failed DNS update - 
> with error code
> 110Jun 30 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> [2020/06/30 06:37:41.231985,  0]
> ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)Jun 30
> 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> ../source4/dsdb/dns/dns_update.c:353: Failed SPN update - 
> with error code
> 110*
> 
> I guess this is normal, since samba cannot "update" the 
> db.ads file, where
> we are master for. So, any ideas how I can combine this? So make DNS
> updates work in Samba and have the adblocker as well?
> 
> 
> Many thanks in advance.
> 
> 
> regards,
> 
> Kenneth
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list