Web lists-archives.com

Re: [Samba] Problems with replication and dns




On Wed, 15 Mar 2017 10:03:59 -0500
Santiago Londoño Mejía <santiago.londono@xxxxxxxxxxxxx> wrote:

> Hello,
> Thank you very much for your reply.
> I have configured bind using the dlz backend and these are the
> results.
> 
> named log:
> 
> Mar 15 09:39:41 neptuno named[13166]: sizing zone task pool based on
> 6 zones Mar 15 09:39:41 neptuno named[13166]: Loading 'AD DNS Zone'
> using driver dlopen Mar 15 09:39:42 neptuno named[13166]: samba_dlz:
> started for DN DC=pragma,DC=com,DC=co
> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: starting configure
> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: configured writeable
> zone 'waspruebas.proteccion.com.co'
> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: configured writeable
> zone 'segdllo02.suranet.com'
> Mar 15 09:39:42 neptuno named[13166]: zone dbmed04.pragma.com.co/NONE:
> has no NS records
> Mar 15 09:39:42 neptuno named[13166]: samba_dlz: Failed to configure
> zone 'dbmed04.pragma.com.co'
> Mar 15 09:39:42 neptuno named[13166]: loading configuration: bad zone
> Mar 15 09:39:42 neptuno named[13166]: exiting (due to fatal error)
> 

You should only have the zone records for 'pragma.com.co' in AD and
Bind must be running on the DC.

I use Devuan and the Bind files are split into four files, these are
the files I have basically been using for the last 5 years without
problem:

cat /etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

cat /etc/bind/named.conf.options 

options {
        directory "/var/cache/bind";
        version "0.0.7";
        notify no;
        empty-zones-enable no;
        allow-query { 127.0.0.1; 192.168.0.0/24; };
        allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
        forwarders { 8.8.8.8; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;

        listen-on-v6 { none; };
        listen-on port 53 { 192.168.0.2; 127.0.0.1; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

 cat /etc/bind/named.conf.local 

include "/usr/local/samba/private/named.conf";

cat /etc/bind/named.conf.default-zones 
// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};

 


> 
> As you can see in the log, the zone dbmed04.pragma.com.co does not
> have ns records according to the database.

Hang on a minute, you posted that this is the smb.conf on your DC:

realm = PRAGMA.COM.CO

Your realm must be the same as your DNS domain, so where does
'dbmed04.pragma.com.co' come from ??

Try the command like this:

samba-tool dns zonedelete neptuno.pragma.com.co
waspruebas.proteccion.com.co -U Administrator

(just in case it has spilt over two lines, the above should be on one
line)

If that works, remove the other spurious domain and then try
'samba_upgradedns --dns-backend=BIND9_DLZ'

finally delete the last wrong zone 'dbmed04.pragma.com.co'

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba