[Samba] Bind DLZ Crash named.conf
L.P.H. van Belle
belle at bazuin.nl
Fri Jun 3 14:45:53 UTC 2022
Remove this part :
zone "pukey" in {
allow-transfer { any; localnets; };
masters { 192.168.0.4; };
file "slave/pukey";
type slave;
};
you cant use this in current setup. Not with the samba-ad-dc.
Members with bind as forwarder of slave, no problem.
> -----Oorspronkelijk bericht-----
> Van: samba <samba-bounces at lists.samba.org> Namens Zombie Ryushu via
> samba
> Verzonden: vrijdag 3 juni 2022 16:07
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Bind DLZ Crash named.conf
>
> options {
>
> # The directory statement defines the name server's working directory
>
> directory "/var/lib/named";
>
> # enable DNSSEC validation
> #
> # If BIND logs error messages about the root key being expired, you
> # will need to update your keys. See https://www.isc.org/bind-keys
> #
> # The dnssec-enable option has been obsoleted and no longer has any
> effect.
> # DNSSEC responses are always enabled if signatures and other DNSSEC
> data are present.
>
> # dnssec-validation yes (default), indicates that a resolver
> # (a caching or caching-only name server) will attempt to validate
> # replies from DNSSEC enabled (signed) zones. To perform this task
> # the server also needs either a valid trusted-keys clause
> # (containing one or more trusted-anchors) or a managed-keys clause.
> # If you have problems with forwarders not returning signed responses,
> # set this to "no", but be aware that this may create security issues
> # so better switch to a forwarder which supports DNSSEC!
>
> #dnssec-validation auto;
> managed-keys-directory "/var/lib/named/dyn/";
>
> # Write dump and statistics file to the log subdirectory. The
> # pathenames are relative to the chroot jail.
>
> dump-file "/var/log/named_dump.db";
> statistics-file "/var/log/named.stats";
>
> # The forwarders record contains a list of servers to which queries
> # should be forwarded. Enable this line and modify the IP address to
> # your provider's name server. Up to three servers may be listed.
>
> #forwarders { 192.0.2.1; 192.0.2.2; };
>
> # Enable the next entry to prefer usage of the name server declared in
> # the forwarders section.
>
> #forward first;
>
> # The listen-on record contains a list of local network interfaces to
> # listen on. Optionally the port can be specified. Default is to
> # listen on all interfaces found on your system. The default port is
> # 53.
>
> #listen-on port 53 { 127.0.0.1; };
>
> # The listen-on-v6 record enables or disables listening on IPv6
> # interfaces. Allowed values are 'any' and 'none' or a list of
> # addresses.
>
> listen-on-v6 { any; };
>
> # The next three statements may be needed if a firewall stands between
> # the local server and the internet.
>
> #query-source address * port 53;
> #transfer-source * port 53;
> #notify-source * port 53;
>
> # The allow-query record contains a list of networks or IP addresses
> # to accept and deny queries from. The default is to allow queries
> # from all hosts.
>
> #allow-query { 127.0.0.1; };
>
> # If notify is set to yes (default), notify messages are sent to other
> # name servers when the the zone data is changed. Instead of setting
> # a global 'notify' statement in the 'options' section, a separate
> # 'notify' can be added to each zone definition.
>
> notify no;
>
> disable-empty-zone
> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
> include "/etc/named.d/forwarders.conf";
> tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> minimal-responses yes;
>
> };
>
> # To configure named's logging remove the leading '#' characters of the #
> following examples.
> #logging {
> # # Log queries to a file limited to a size of 100 MB.
> # channel query_logging {
> # file "/var/log/named_querylog"
> # versions 3 size 100M; # print-time yes; //
> timestamp log entries # }; # category queries { # query_logging;
> # }; # # # Or log this kind alternatively to syslog.
> # channel syslog_queries {
> # syslog user;
> # severity info;
> # };
> # category queries { syslog_queries; }; # # # Log general name server
> errors to syslog.
> # channel syslog_errors {
> # syslog user;
> # severity error;
> # };
> # category default { syslog_errors; }; # # # Don't log lame server
> messages.
> # category lame-servers { null; }; #};
>
> # The following zone definitions don't need any modification. The first one #
> is the definition of the root name servers. The second one defines #
> localhost while the third defines the reverse lookup for localhost.
>
> zone "." in {
> type hint;
> file "root.hint";
> };
>
> zone "localhost" in {
> type master;
> file "localhost.zone";
> };
>
> zone "0.0.127.in-addr.arpa" in {
> type master;
> file "127.0.0.zone";
> };
>
> zone
> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
> in {
> type master;
> file "127.0.0.zone";
> };
>
>
> # Include the meta include file generated by createNamedConfInclude. This
> # includes all files as configured in NAMED_CONF_INCLUDE_FILES from
> # /etc/sysconfig/named
>
> include "/etc/named.conf.include";
> logging {
> category default { log_syslog; };
> channel log_syslog { syslog; };
> };
> zone "pukey" in {
> allow-transfer { any; localnets; };
> masters { 192.168.0.4; };
> file "slave/pukey";
> type slave;
> };
>
> # You can insert further zone records for your own domains below or create
> # single files in /etc/named.d/ and add the file names to
> # NAMED_CONF_INCLUDE_FILES.
> # See /usr/share/doc/packages/bind/README.SUSE for more details.
> # dlz "AD DNS Zone" {
> # # For BIND 9.16.x
> # database "dlopen /usr/lib64/samba/bind9/dlz_bind9_16.so";
> # };
> s
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list