Web lists-archives.com

Re: [Samba] Samba 4.6.8 (Non packaged version) dns update issue




On 24 October 2017 at 14:33, Rowland Penny via samba
<samba@xxxxxxxxxxxxxxx> wrote:
> On Tue, 24 Oct 2017 13:51:27 +0200
> Ian Coetzee <samba@xxxxxxxxxxxxxxxxx> wrote:
>
>> Hi Rowland,
>>
>> Sure, I have pastebinned the configs (and done some public ip masking)
>> DC1 - bind config
>> https://www.jacklin.co.za/privatebin/?be125b7e578c53d4#q9nGwU3f9Tz7wtHLTf3UIcFhz/GIJjryq6/cN2rip1k=
>> DC2 - bind config
>> https://www.jacklin.co.za/privatebin/?c1c921a4289a4e91#URHcPgK0B1fgeoTCeWXL6QDKdUxR6YpHZ1dcwXR44Iw=
>>
>> DC1 - Samba Config
>> https://www.jacklin.co.za/privatebin/?ed9cb025a144be44#NA4HNPN/ms8wZfxWI9FaPN4TZpGA7DhB/d/VCXakR4E=
>> DC2 - Samba Config
>> https://www.jacklin.co.za/privatebin/?ab6a4260f9c0dc5e#ogp+o+xRmd4tMJYNaHZFEZPcvqqzyDPIJARe2W6FnDI=
>>
>
> There isn't much wrong there, except:
>
> What is in '/etc/named/zones/internal.zones' ?
>
> do you really need 'response-policy { zone "zone-overrides"; };' ?
>
> I would try removing 'allow-update { none; };'
>
> This is from my named conf files:
>
> options {
>         directory "/var/cache/bind";
>         version "0.0.7";
>         notify no;
>         empty-zones-enable no;
>         allow-query { 127.0.0.1; 192.168.0.0/24; };
>         allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
>         forwarders { 8.8.8.8; };
>         allow-transfer { none; };
>         dnssec-validation no;
>         dnssec-enable no;
>
>         listen-on-v6 { none; };
>         listen-on port 53 { 192.168.0.2; 127.0.0.1; };
>         tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> };
>
> Rowland

Hi Rowland,

Firstly, I would like to apologise to you and the list for my top post
and the reply to all, I seemed to have forgotten my ML etiquette.

The configs I inherited from my predecessor, there probably was a good
reason for the response-policy directive.

I will disable the "allow-update { none; };" and see if that makes a
difference. Thank you.

The contents of /etc/named/zones/internal.zones contains legacy static
zones as well as some override zones to make web filtering easier. I
can post the config if you want.

Kind regards

>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba