Web lists-archives.com

Re: [Samba] Switching from Internal DNS to Bind9_DLZ




On 1/2/2018 4:05 PM, Rowland Penny wrote:
On Tue, 2 Jan 2018 15:52:57 -0500
lingpanda101 <lingpanda101@xxxxxxxxx> wrote:

On 1/2/2018 3:37 PM, Rowland Penny wrote:
On Tue, 2 Jan 2018 15:23:18 -0500
lingpanda101 <lingpanda101@xxxxxxxxx> wrote:


Actually it looks as if Bind isn't running. Though I could've sworn
it did at one point.

service bind9 restart
    * Stopping domain name service... bind9
                 rndc: connect failed: 127.0.0.1#953: connection
refused [ OK ]
    * Starting domain name service... bind9 [fail]

Log shows;

Jan  2 15:20:51 ddc2 named[2793]:
----------------------------------------------------
Jan  2 15:20:51 ddc2 named[2793]: BIND 9 is maintained by Internet
Systems Consortium,
Jan  2 15:20:51 ddc2 named[2793]: Inc. (ISC), a non-profit
501(c)(3) public-benefit
Jan  2 15:20:51 ddc2 named[2793]: corporation.  Support and
training for BIND 9 are
Jan  2 15:20:51 ddc2 named[2793]: available at
https://www.isc.org/support Jan  2 15:20:51 ddc2 named[2793]:
----------------------------------------------------
Jan  2 15:20:51 ddc2 named[2793]: adjusted limit on open files from
4096 to 1048576
Jan  2 15:20:51 ddc2 named[2793]: found 2 CPUs, using 2 worker
threads Jan  2 15:20:51 ddc2 named[2793]: using 2 UDP listeners
per interface Jan  2 15:20:51 ddc2 named[2793]: using up to 4096
sockets Jan  2 15:20:51 ddc2 named[2793]: loading configuration
from '/etc/bind/named.conf'
Jan  2 15:20:51 ddc2 named[2793]: /etc/bind/named.conf:15:
'options' redefined near 'options'
Jan  2 15:20:51 ddc2 named[2793]: loading configuration: already
exists Jan  2 15:20:51 ddc2 named[2793]: exiting (due to fatal
error)

It seems to stem from the issue I had before
"/etc/bind/named.conf:15: 'options' redefined near 'options'"

I reread your earlier post and noticed something I missed earlier,
do you normally use red-hat ?
I ask this because you have this line in /etc/bind/named.conf:

include "/etc/bind/named.conf.options";

Followed by:
# Global Configuration Options
options {
.........
......



If this is all in the one file (ala red-hat), then this is your
problem, debian splits up Bind9 into separate conf files and you
will have two 'options'

Rowland
I do not. Ubuntu but I do have two CentOS systems.

The config file was auto-generated when I installed via. apt-get.
This is what it originally contained before I made any modifications.

// This is the primary configuration file for the BIND DNS server
named. //
// Please read /usr/share/doc/bind9/README.Debian.gz for information
on the // structure of BIND configuration files in Debian, *BEFORE*
you customize // this configuration file.
//
// If you are just adding zones, please do that in
/etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

If I comment out these include files, Bind9 starts. However I do
still get

rndc: connect failed: 127.0.0.1#953: connection refused

However I'm still getting the TSIG errors.

These are my named.conf files (with any comments stripped out), they
have worked for me for the last 5 years ;-)

/etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

/etc/bind/named.conf.options

options {
         directory "/var/cache/bind";
         version "0.0.7";
         notify no;
         empty-zones-enable no;
         allow-query { 127.0.0.1; 192.168.0.0/24; };
         allow-recursion { 192.168.0.0/24;  127.0.0.1/32; };
         forwarders { 8.8.8.8; 8.8.4.4; };
         allow-transfer { none; };
         dnssec-validation no;
         dnssec-enable no;
         listen-on-v6 { none; };
         listen-on port 53 { 192.168.0.7; 127.0.0.1; };

         tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

/etc/bind/named.conf.local

include "/usr/local/samba/private/named.conf";


/etc/bind/named.conf.default-zones

zone "." {
         type hint;
         file "/etc/bind/db.root";
};

zone "localhost" {
         type master;
         file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
         type master;
         file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
         type master;
         file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
         type master;
         file "/etc/bind/db.255";
};

Rowland

Splitting up the config files per your template works for me. Bind starts without any errors. Now it's just the TSIG issue now as far as I can tell. Thank you.

--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba