Web lists-archives.com

Re: [Samba] DNS not resolving particular host from queries from particular subnet




True that! Sorry

smb.conf


>         [global]
>         netbios name = AD
>         realm = XXXX.CO.UK
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
>         workgroup = XXXX
>         idmap config XXXX:unix_nss_info = yes
>         idmap_ldb:use rfc2307 = yes
>         log file = /var/log/samba/samba.log
>         log level = 3



named.conf

include "/usr/local/samba/private/named.conf";
> options {
>         listen-on port 53 { 127.0.0.1; 192.168.26.2; };
> //      listen-on-v6 port 53 { ::1; };
>         directory       "/var/named";
>         dump-file       "/var/named/data/cache_dump.db";
>         statistics-file "/var/named/data/named_stats.txt";
>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>         allow-query     { any; };
>         /*
>          - If you are building an AUTHORITATIVE DNS server, do NOT enable
> recursion.
>          - If you are building a RECURSIVE (caching) DNS server, you need
> to enable
>            recursion.
>          - If your recursive DNS server has a public IP address, you MUST
> enable access
>            control to limit queries to your legitimate users. Failing to
> do so will
>            cause your server to become part of large scale DNS
> amplification
>            attacks. Implementing BCP38 within your network would greatly
>            reduce such attack surface
>         */
>         allow-recursion {
>         127.0.0.1;
>         192.168.26.0/24;
>         192.168.27.0/24;
>         };
>
>
>         //recursion yes;
>         tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
>         dnssec-enable yes;
>         dnssec-validation yes;
>         /* Path to ISC DLV key */
>         bindkeys-file "/etc/named.iscdlv.key";
>         managed-keys-directory "/var/named/dynamic";
>         pid-file "/run/named/named.pid";
>         session-keyfile "/run/named/session.key";
> };
> logging {
>         channel default_debug {
>                 file "data/named.run";
>                 severity dynamic;
>         };
> };
> zone "." IN {
>         type hint;
>         file "named.ca";
> };
> //include "/etc/named.rfc1912.zones";
> //include "/etc/named.root.key";



On Fri, Jun 1, 2018 at 11:48 AM, Rowland Penny via samba <
samba@xxxxxxxxxxxxxxx> wrote:

> On Fri, 1 Jun 2018 11:39:33 +0100
> Zdravko Zdravkov via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> > Hi all.
> >
> > Our setup is samba+dlz AD DC. Since last week the DNS doesn't resolve
> > the delegated record for our storage *storage.domain.ltd*
> > (192.168.26.xx) when being queried from clients in 192.168.29.0 which
> > is our openvpn designated network. The OpenVPN is configured to push
> > the DNS of our network, and also successfully resolves other hosts in
> > the 192.168.26.0 subnet. I have no memory of changing anything. Last
> > friday just some of our remote clients reported that the access to
> > the storage has been lost.
> >
> > Any ideas will be appreciated!
>
> Might be a good idea to post your smb.conf and bind9 conf files.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba