[Samba] Samba and DNS backend question

Miguel Angel Coa M. miguelcoam at gmail.com
Fri May 15 13:33:29 UTC 2020 

Hi Rowland,
1. Thanks for you clarification ;)
2. About, my old DLZ configuration is:

Versions: bind-9.11 -  S.O Centos 7.8

This was the sambadc04 with the old bind dlz backend .

[..........]
[root at sambadc04 ~]# cat /etc/sysconfig/named |grep -v '^#'
NAMED_RUN_CHROOTED="no"
OPTIONS="-4"
[..........]

The /etc/named.conf
[..........]
acl "trusted" {
    192.168.0.0/16;
    10.0.0.0/8;
    localhost;
};

options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file  "/var/named/data/named.recursing";
secroots-file   "/var/named/data/named.secroots";

dnssec-enable no;
dnssec-validation no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
minimal-responses yes;
session-keyfile "/run/named/session.key";
forwarders { 10.13.252.150; 10.13.252.152; };
recursion yes;
allow-recursion { trusted; };
allow-query-cache { trusted; };
allow-transfer { trusted; };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
//Enable Log
channel querylog{
             file "/var/log/named/querylog";
             severity debug 10;
             print-category yes;
             print-time yes;
             print-severity yes;
             };
     category queries { querylog;};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/usr/local/samba/private/named.conf";
[..........]

The content "/usr/local/samba/private/named.conf"

[..........]
[root at sambadc01 ~]# cat /usr/local/samba/private/named.conf |egrep -v '^#|
  #'
dlz "AD DNS Zone" {
     database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_11.so";
};
[..........]


The server sambadc01 (works with bind dlz backend)

[..........]
[root at sambadc01 ~]# cat /etc/named.conf

acl "trusted" {
    192.168.0.0/16;
    10.0.0.0/8;
    localhost;
};

options {
listen-on port 53 { any; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file  "/var/named/data/named.recursing";
secroots-file   "/var/named/data/named.secroots";

dnssec-enable no;
dnssec-validation no;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
minimal-responses yes;
session-keyfile "/run/named/session.key";
forwarders { 10.13.252.150; 10.13.252.152; };
recursion yes;
allow-recursion { trusted; };
    allow-query-cache { trusted; };
allow-transfer { trusted; };
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };

channel querylog{
             file "/var/log/named/querylog";
             severity debug 10;
             print-category yes;
             print-time yes;
             print-severity yes;
             };
     category queries { querylog;};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
include "/usr/local/samba/private/named.conf";

[..........]


I dont have selinux and firewall active

Thanks.
Saludos.
---
Miguel Coa M.


El vie., 15 may. 2020 a las 8:43, Rowland penny via samba (<
samba at lists.samba.org>) escribió:

> On 15/05/2020 13:37, Miguel Angel Coa M. via samba wrote:
> > I had configured Samba AD's with Bind9_DLZ in all DC. But for some reason
> > (i couldn't determine) three (sambadc02,03,04) AD's responded very slowly
> > . So change to Samba_Internal backend into the servers with problem and
> > works fine.
> >
> > sambadc01 -> with FSMO roles - Bind9_DLZ
> > sambadc02 -> Samba_Internal
> > sambadc03 -> Samba_Internal
> > sambadc04 -> Samba_Internal
> >
> > My question is: ¿The DNS backend can be different between Ad's? ¿can
> affect
> > the performance?
> >
> > Saludos.
> > ---
> > Miguel Coa M.
>
> It shouldn't matter what dns backend you use, they both work on the same
> records in AD. Whilst Bind9 might be slightly slower (milliseconds), it
> shouldn't  be noticeable, perhaps if you post your named.conf files and
> tell us your OS, we may be able to help.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list