Web lists-archives.com

Re: [Samba] Secondary Nameserver not working




On Tue, 31 Oct 2017 02:51:00 -0400
Mark Foley via samba <samba@xxxxxxxxxxxxxxx> wrote:

> I've configured a secondary slave nameserver based on what I consider
> rather expert advice, but it's not working as expected. I'm trying to
> determine if I've done something wrong with basic configuration or if
> there are AD/DC nuances afoot.
> 
> The main nameserver is the domain Active Directory/Domain Controller
> running Samba 4.4.16 on Slackware64 14.2. This has been running for a
> few years w/o problem. It's domain IP is 192.168.0.2.
> 
> I've attempted to configure a DNS slave on another Linux Slackware64
> 14.2 system, IP 192.168.0.3. This host is on the domain LAN, but is
> not a domain member.
> 
> When bind is running on the slave, the zone files are updated as
> expected. Both Windows and Linux domain members show both 192.168.0.2
> and 192.168.0.3 as nameservers. However, when 192.168.0.2 goes
> offline, the domain members can no longer access the Internet. That
> condition persists until 192.168.0.2 comes back on line. So, the
> slave DNS server is not working correctly.
> 
> In 192.168.0.2 has "allow-transfer { 192.168.0.3; };" set in
> named.conf options, and in zone and reverse zone files.
> 
> Below is the named.conf on the slave. Am I doing something wrong
> AD/DC-wise?
> 
> options {
>         directory "/var/named";
> 
>         forwarders {            // These are the ISP provided name
> servers 209.18.47.61;
>            209.18.47.62;
>         };
> 
>         allow-query { any; };
>         allow-recursion {192.168.0.0/24;};
> };
> 
> logging{
>   channel marks_log {
>     syslog local7;
>     severity info;
>   };
>   category default {
>     marks_log;
>   };
> };
> 
> zone "hprs.local" IN {
>         type slave;
>         masters { 192.168.0.2; };
>         file "/var/named/db.hprs.local";
> };
> 
> zone "0.168.192.in-addr.arpa" IN {
>     type slave;
>     masters { 192.168.0.2; };
>     file "/var/named/db.192.168.0";
> };
> 
> 

Yes, you are doing two things incorrectly ;-)

One) you have put the zones into the named.conf files, you just turned
off bind_dlz.

Two) you don't run Bind as a slave, all AD DC dns servers have to
be authoritative. Just set the Bind dns server up as you did the first.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba