Re: [Samba] Switching from Internal DNS to Bind9_DLZ

On 1/2/2018 12:25 PM, Rowland Penny wrote:
On Tue, 2 Jan 2018 12:09:33 -0500
lingpanda101 via samba <samba@xxxxxxxxxxxxxxx> wrote:


      Installing bind9 on my Ubuntu 14.04 via. apt-get displays the
following options.

   #named -V
BIND 9.9.5-3ubuntu0.16-Ubuntu (Extended Support Version)
<id:f9b8a50e> built by make with '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
'--enable-largefile' '--with-libtool' '--enable-shared'
'--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6'
'--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing

The Samba wiki states I should see;

named -V
BIND 9.x.y built with ... '--with-dlopen=yes' '--with-gssapi=yes' ...

As you can see I have;

'--with-gssapi=/usr' and *NO* '--with-dlopen=yes'

Is it possible to enable '--with-dlopen=yes' without compiling?

No, but funnily enough, you won't be able enable it by compiling it
either ;-)

It is now built into the standard compiled Bind9, so I suppose the real
answer to your question is that you can use the standard Bind9 package
on 14.04 with Samba.

I will update the wiki page.


A few other observations while attempting to switch.

 * I do not have a dns.keytab file. Should I or is created after
   attempting to switch?
 * running 'named-checkconf' throws an error.

/etc/bind/named.conf:15: 'options' redefined near 'options'

My 'named.conf' is the following

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/usr/local/samba/private/named.conf";

# Global Configuration Options
options {

    auth-nxdomain yes;
    directory "/var/named";
    notify no;
    empty-zones-enable no;
    tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";

    # IP addresses and network ranges allowed to query the DNS server:
    allow-query {;;

    # IP addresses and network ranges allowed to run recursive queries:
    # (Zones not served by this DNS server)
    allow-recursion {;;

    # Forward queries that can not be answered from own zones
    # to these DNS servers:
    forwarders {;;

    # Disable zone transfers
    allow-transfer {

# Root Servers
# (Required for recursive DNS queries)
zone "." {
   type hint;
   file "named.root";

# localhost zone
zone "localhost" {
    type master;
    file "master/localhost.zone";

# 127.0.0. zone.
zone "0.0.127.in-addr.arpa" {
    type master;
    file "master/0.0.127.zone";


