[Samba] samba-tool computer delete does not work

Rowland Penny rpenny at samba.org
Wed Nov 20 19:24:28 UTC 2024


On Wed, 20 Nov 2024 17:24:32 +0000
Heinz Hölzl via samba <samba at lists.samba.org> wrote:

> 
> > Every Samba DC should use itself for its nameserver.
> We configured it like this
> 
> 
> bind9 on a DC:
> 

OK, this is my working /etc/bind/named.conf.options:

// Managing acls
acl internals { 127.0.0.0/8; 192.168.1.0/24; };

options {
	directory "/var/cache/bind";
	version "Go Away 0.0.7";
	notify no;
	empty-zones-enable no;
	auth-nxdomain yes;
	forwarders { 8.8.8.8; 8.8.4.4; };
	allow-transfer { none; };

	dnssec-validation no;

	// If you only use IPv4. 
	listen-on-v6 { none; };
	// listen on these ipnumbers. 
	listen-on port 53 { 192.168.1.7; 127.0.0.1; };

	minimal-responses yes;

	//  Add any subnets or hosts you want to allow to use this DNS server
	allow-query { "internals";  };
	allow-query-cache { "internals"; };

	//  Add any subnets or hosts you want to allow to use recursive queries
	recursion yes;
	allow-recursion {  "internals"; };

	tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";

};

The other bind files on the DC are okay.

Now comes the part that you are probably not going to like.

I cannot recommend running Bind9 on the clients in the way you are
doing now, I suggest you stop running Bind9 as a slave and either run
it as a caching nameserver or just do not run it at all and point the
clients directly at the DCs.

But it is your domain and you can and will run it as you see fit, I
just cannot recommend it.

Rowland



More information about the samba mailing list