Web lists-archives.com

Re: [Samba] Samba 4.6.8 (Non packaged version) dns update issue




On Tue, 24 Oct 2017 13:51:27 +0200
Ian Coetzee <samba@xxxxxxxxxxxxxxxxx> wrote:

> Hi Rowland,
> 
> Sure, I have pastebinned the configs (and done some public ip masking)
> DC1 - bind config
> https://www.jacklin.co.za/privatebin/?be125b7e578c53d4#q9nGwU3f9Tz7wtHLTf3UIcFhz/GIJjryq6/cN2rip1k=
> DC2 - bind config
> https://www.jacklin.co.za/privatebin/?c1c921a4289a4e91#URHcPgK0B1fgeoTCeWXL6QDKdUxR6YpHZ1dcwXR44Iw=
> 
> DC1 - Samba Config
> https://www.jacklin.co.za/privatebin/?ed9cb025a144be44#NA4HNPN/ms8wZfxWI9FaPN4TZpGA7DhB/d/VCXakR4E=
> DC2 - Samba Config
> https://www.jacklin.co.za/privatebin/?ab6a4260f9c0dc5e#ogp+o+xRmd4tMJYNaHZFEZPcvqqzyDPIJARe2W6FnDI=
> 

There isn't much wrong there, except:

What is in '/etc/named/zones/internal.zones' ?

do you really need 'response-policy { zone "zone-overrides"; };' ?

I would try removing 'allow-update { none; };'

This is from my named conf files:

options {
        directory "/var/cache/bind";
        version "0.0.7";
        notify no;
        empty-zones-enable no;
        allow-query { 127.0.0.1; 192.168.0.0/24; };
        allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
        forwarders { 8.8.8.8; };
        allow-transfer { none; };
        dnssec-validation no;
        dnssec-enable no;

        listen-on-v6 { none; };
        listen-on port 53 { 192.168.0.2; 127.0.0.1; };
        tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba