Web lists-archives.com

Re: [Samba] Samba 4.6.8 (Non packaged version) dns update issue




On 24 October 2017 at 14:33, Rowland Penny via samba
<samba@xxxxxxxxxxxxxxx> wrote:
> On Tue, 24 Oct 2017 13:51:27 +0200
> Ian Coetzee <samba@xxxxxxxxxxxxxxxxx> wrote:
>
>> Hi Rowland,
>>
>> Sure, I have pastebinned the configs (and done some public ip masking)
>> DC1 - bind config
>> https://www.jacklin.co.za/privatebin/?be125b7e578c53d4#q9nGwU3f9Tz7wtHLTf3UIcFhz/GIJjryq6/cN2rip1k=
>> DC2 - bind config
>> https://www.jacklin.co.za/privatebin/?c1c921a4289a4e91#URHcPgK0B1fgeoTCeWXL6QDKdUxR6YpHZ1dcwXR44Iw=
>>
>> DC1 - Samba Config
>> https://www.jacklin.co.za/privatebin/?ed9cb025a144be44#NA4HNPN/ms8wZfxWI9FaPN4TZpGA7DhB/d/VCXakR4E=
>> DC2 - Samba Config
>> https://www.jacklin.co.za/privatebin/?ab6a4260f9c0dc5e#ogp+o+xRmd4tMJYNaHZFEZPcvqqzyDPIJARe2W6FnDI=
>>
>
> There isn't much wrong there, except:
>
> What is in '/etc/named/zones/internal.zones' ?
>
> do you really need 'response-policy { zone "zone-overrides"; };' ?
>
> I would try removing 'allow-update { none; };'
>
> This is from my named conf files:
>
> options {
>         directory "/var/cache/bind";
>         version "0.0.7";
>         notify no;
>         empty-zones-enable no;
>         allow-query { 127.0.0.1; 192.168.0.0/24; };
>         allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
>         forwarders { 8.8.8.8; };
>         allow-transfer { none; };
>         dnssec-validation no;
>         dnssec-enable no;
>
>         listen-on-v6 { none; };
>         listen-on port 53 { 192.168.0.2; 127.0.0.1; };
>         tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> };
>
> Rowland

Hi Rowland,

I just noticed while I was removing the "allow-update {none; };"
directive, that the directive is only present on dc1. Yet as luck
would have it, the server in my example was trying to push the update
to dc2.

Contents of /etc/named/zones/internal.zones
https://www.jacklin.co.za/privatebin/?39cb9c2d39a5a6cb#BRBE/5LatQ4mcXd/qXa0QBWODbMA9rLjizTJM1slqiA=

Kind regards

>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba