Web lists-archives.com

Re: [Samba] Samba AD DC dns issue




On 10/9/2017 3:03 PM, Tom Diehl via samba wrote:
Hi,

I have 2 samba AD Dc's running 4.7.0 with bind_DLZ on both servers.
For the most part things seem to be working as expected. I have created
reverse zones as per https://wiki.samba.org/index.php/DNS_Administration#Creating_a_new_zone.

I have noticed 2 things that seem odd. when I use the windows dns manager
to add an A record. If I check the box that says to update the reverse zone
and then click add. I get a response that says the record was created
but if I look at the reverse zone the ptr never gets created. I then have
to add the ptr by hand.

Is this expected behavior? If it is not expected, how do I troubleshoot it?

The other thing I have noticed is that if I join a machine to the domain
sometimes the forward DNS records get created and other times they do not.
The reverse zones never get updated.

Name resolution and replication between the 2 DC's work as advertised.

Does anyone know how i can go about troubleshooting this problem?

My bind config is as follows:

options {
    listen-on port 53 { any; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; internal; };

    recursion yes;

    /*
    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;
    */

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/var/run/named/named.pid";
    session-keyfile "/var/run/named/session.key";

    forwarders { 172.20.0.14; 172.20.0.11; 10.224.135.11; };

    // Added for Samba-4.x.
    tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

acl "internal" { 10.224.135.0/24; 172.20.0.0/23; 172.20.10.0/24; 172.30.0.0/23; 172.30.10.0/24; 192.168.100.0/24; 192.168.101.0/24; 192.168.102.0/24; 192.168.103.0/24; 127.0.0.1; };

logging {
        channel default_debug {
            file "data/named.run"
                versions 10
                size 10M;
            severity dynamic;
            print-time yes;
            print-severity yes;
            print-category yes;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
# added below for bind DLZ.
include "/usr/local/samba/private/named.conf";

The smb.conf is as follows:

[global]
    netbios name = VDC1
    realm = SAMDOM.MYDOMAIN.COM
    server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
    workgroup = SAMDOM
    server role = active directory domain controller
    idmap_ldb:use rfc2307 = yes

    log file = /var/log/samba/%m.log
    max log size = 5000
    log level = 2

    idmap config SAMDOM:unix_nss_info = yes

    template shell = /bin/bash
    template homedir = /home/samba/users/%U

    deadtime = 5

[netlogon]
    path = /usr/local/samba/var/locks/sysvol/samdom.mydomain.com/scripts
    read only = No

[sysvol]
    path = /usr/local/samba/var/locks/sysvol
    read only = No

Regards,

The PTR issue is a bug. See https://bugzilla.samba.org/show_bug.cgi?id=12186


--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba