[Samba] Bind DLZ Crash named.conf

Fri Jun 3 14:07:17 UTC 2022

options {

        # The directory statement defines the name server's working 
directory

        directory "/var/lib/named";

        # enable DNSSEC validation
        #
        # If BIND logs error messages about the root key being expired, you
        # will need to update your keys. See https://www.isc.org/bind-keys
        #
        # The dnssec-enable option has been obsoleted and no longer has 
any effect.
        # DNSSEC responses are always enabled if signatures and other 
DNSSEC data are present.

        # dnssec-validation yes (default), indicates that a resolver
        # (a caching or caching-only name server) will attempt to validate
        # replies from DNSSEC enabled (signed) zones. To perform this task
        # the server also needs either a valid trusted-keys clause
        # (containing one or more trusted-anchors) or a managed-keys 
clause.
        # If you have problems with forwarders not returning signed 
responses,
        # set this to "no", but be aware that this may create security 
issues
        # so better switch to a forwarder which supports DNSSEC!

        #dnssec-validation auto;
        managed-keys-directory "/var/lib/named/dyn/";

        # Write dump and statistics file to the log subdirectory.  The
        # pathenames are relative to the chroot jail.

        dump-file "/var/log/named_dump.db";
        statistics-file "/var/log/named.stats";

        # The forwarders record contains a list of servers to which queries
        # should be forwarded.  Enable this line and modify the IP 
address to
        # your provider's name server.  Up to three servers may be listed.

        #forwarders { 192.0.2.1; 192.0.2.2; };

        # Enable the next entry to prefer usage of the name server 
declared in
        # the forwarders section.

        #forward first;

        # The listen-on record contains a list of local network 
interfaces to
        # listen on.  Optionally the port can be specified.  Default is to
        # listen on all interfaces found on your system.  The default 
port is
        # 53.

        #listen-on port 53 { 127.0.0.1; };

        # The listen-on-v6 record enables or disables listening on IPv6
        # interfaces.  Allowed values are 'any' and 'none' or a list of
        # addresses.

        listen-on-v6 { any; };

        # The next three statements may be needed if a firewall stands 
between
        # the local server and the internet.

        #query-source address * port 53;
        #transfer-source * port 53;
        #notify-source * port 53;

        # The allow-query record contains a list of networks or IP 
addresses
        # to accept and deny queries from. The default is to allow queries
        # from all hosts.

        #allow-query { 127.0.0.1; };

        # If notify is set to yes (default), notify messages are sent to 
other
        # name servers when the the zone data is changed.  Instead of 
setting
        # a global 'notify' statement in the 'options' section, a separate
        # 'notify' can be added to each zone definition.

        notify no;

        disable-empty-zone 
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
        include "/etc/named.d/forwarders.conf";
        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
        minimal-responses yes;

};

# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
#       # Log queries to a file limited to a size of 100 MB.
#       channel query_logging {
#               file "/var/log/named_querylog"
#                       versions 3 size 100M;
#               print-time yes;                 // timestamp log entries
#       };
#       category queries {
#               query_logging;
#       };
#
#       # Or log this kind alternatively to syslog.
#       channel syslog_queries {
#               syslog user;
#               severity info;
#       };
#       category queries { syslog_queries; };
#
#       # Log general name server errors to syslog.
#       channel syslog_errors {
#               syslog user;
#               severity error;
#       };
#       category default { syslog_errors;  };
#
#       # Don't log lame server messages.
#       category lame-servers { null; };
#};

# The following zone definitions don't need any modification.  The first 
one
# is the definition of the root name servers.  The second one defines
# localhost while the third defines the reverse lookup for localhost.

zone "." in {
        type hint;
        file "root.hint";
};

zone "localhost" in {
        type master;
        file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "127.0.0.zone";
};

zone 
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" 
in {
        type master;
        file "127.0.0.zone";
};

# Include the meta include file generated by createNamedConfInclude.  This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named

include "/etc/named.conf.include";
logging {
        category default { log_syslog; };
        channel log_syslog { syslog; };
};
zone "pukey" in {
        allow-transfer { any; localnets; };
        masters { 192.168.0.4; };
        file "slave/pukey";
        type slave;
};

# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.
# dlz "AD DNS Zone" {
#    # For BIND 9.16.x
#    database "dlopen /usr/lib64/samba/bind9/dlz_bind9_16.so";
# };
s