[Samba] Samba AD + adblocking in bind9
L.P.H. van Belle
belle at bazuin.nl
Tue Jun 30 12:50:23 UTC 2020
I suggest, setup squid for that or you need to for
if you want a config, im happy to share it.
I use squid with ssl (also in one of my repo's).
But if you really want it in bind9, well forward the dns request and setup
Just look here : https://pi-hole.net/ ;-)
Im running about the same as that pi-hole.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Kenneth Westelinck via samba
> Verzonden: dinsdag 30 juni 2020 14:41
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Samba AD + adblocking in bind9
>
> All,
>
> I am running samba as an AD on a Debian buster:
>
>
>
>
>
>
> *ii python-samba 2:4.9.5+dfsg-5+deb10u1
> armel
> Python bindings for Sambaii samba
> 2:4.9.5+dfsg-5+deb10u1 armel SMB/CIFS file,
> print, and login
> server for Unixii samba-common
> 2:4.9.5+dfsg-5+deb10u1
> all common files used by both the Samba server
> and clientii
> samba-common-bin 2:4.9.5+dfsg-5+deb10u1 armel
> Samba common files used by both the server and the clientii
> samba-dsdb-modules:armel 2:4.9.5+dfsg-5+deb10u1 armel
> Samba Directory Services Databaseii samba-libs:armel
> 2:4.9.5+dfsg-5+deb10u1 armel Samba core librariesii
> samba-vfs-modules:armel 2:4.9.5+dfsg-5+deb10u1 armel
> Samba Virtual FileSystem plugins*
>
> I am using bind9 as a DNS backend:
> *ii bind9
> 1:9.11.5.P4+dfsg-5.1+deb10u1 armel
> Internet Domain Name Server*
>
> Provisioning went smooth and all is working. I can login to
> the domain on
> the windows boxes and the DNS verification described in
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active
> _Directory_Domain_Controller
> works as it should.
>
> I am trying to use this machine as an adblocker as well, so I
> have read
> https://www.it-dan.com/blog/block-ads-linux-and-bind9 and
> added this to my
> configuration.
>
> I have an named.conf.ads containing all sites I want blocked; example:
> *zone "secure.flashtalking.com
> <http://secure.flashtalking.com>" { type
> master; notify no; file "/etc/bind/db.ads"; };*
>
> I have a db.ads that looks like this:
>
>
>
>
>
>
>
>
>
>
>
>
>
> *; File: db.ads; Last modified: 23/02/2014$TTL 86400 ; one day@
> IN SOA ns.home.sweet.home. admin.home.sweet.home. (
> 2005071005 ; serial number YYYYMMDDNN
> 28800
> ; refresh 8 hours 7200 ; retry 2
> hours 864000 ; expire 10 days
> 86400 ) ; min ttl 1 day NS
> ns.home.sweet.home. A 127.0.0.1*
> IN
> A 127.0.0.1*
>
> And I include the named.conf.ads in my named.conf.local:
>
> *include "/etc/bind/named.conf.ads";include
> "/var/lib/samba/bind-dns/named.conf";*
>
> This works. When I try to click on an ad, I get redirected to
> localhost,
> which is fine. Samba, complains however:
>
> Jun 30 06:37:34 bubba-b3-two systemd[1]: Started Samba AD Daemon.
> Jun 30 06:37:34 bubba-b3-two winbindd[3237]: [2020/06/30
> 06:37:34.807028,
> 0] ../lib/util/become_daemon.c:138(daemon_ready)
> Jun 30 06:37:34 bubba-b3-two winbindd[3237]: daemon_ready:
> STATUS=daemon
> 'winbindd' finished starting up and ready to serve connections
> Jun 30 06:37:35 bubba-b3-two smbd[3227]: [2020/06/30
> 06:37:35.111599, 0]
> ../lib/util/become_daemon.c:138(daemon_ready)
> Jun 30 06:37:35 bubba-b3-two smbd[3227]: daemon_ready: STATUS=daemon
> 'smbd' finished starting up and ready to serve connections
>
>
>
> *Jun 30 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> [2020/06/30 06:37:41.132173, 0]
> ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)Jun 30
> 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> ../source4/dsdb/dns/dns_update.c:330: Failed DNS update -
> with error code
> 110Jun 30 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> [2020/06/30 06:37:41.231985, 0]
> ../source4/dsdb/dns/dns_update.c:353(dnsupdate_spnupdate_done)Jun 30
> 06:37:41 bubba-b3-two samba[3238]: task[dnsupdate][3238]:
> ../source4/dsdb/dns/dns_update.c:353: Failed SPN update -
> with error code
> 110*
>
> I guess this is normal, since samba cannot "update" the
> db.ads file, where
> we are master for. So, any ideas how I can combine this? So make DNS
> updates work in Samba and have the adblocker as well?
>
>
> Many thanks in advance.
>
>
> regards,
>
> Kenneth
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list