Web lists-archives.com

Re: [Samba] Internal DNS migrate to Bind9_DLZ




On Wed, 31 Oct 2018 18:36:52 +0200
Eben Victor <eben.victor@xxxxxxxxx> wrote:

> Hello Rowland,
> 
> I have already checked and the DN's are in AD, see attached.
> 
> SOA:
> <domain>.corp.    3600    IN    SOA    psad102zadprh.<domain>.corp. .
> 9766 3600 600 86400 3600
> 
> See below NS, but the 1st NS (zatprdc001) doesn't exsit, and I cannot
> find it anywhere.
> NS:
> <domain>.corp.    3600    IN    NS    zatprdc001.<domain>.corp.
> <domain>.corp.    3600    IN    NS    psad102zadprh.<domain>.corp.
> <domain>.corp.    3600    IN    NS    prdc001zacprh.<domain>.corp.
> <domain>.corp.    3600    IN    NS    prdc001zafsrh.<domain>.corp.
> <domain>.corp.    3600    IN    NS    prdc001zatcrh.<domain>.corp.
> <domain>.corp.    3600    IN    NS    prdc002zacprh.<domain>.corp.
> <domain>.corp.    3600    IN    NS    prdc003zacprh.<domain>.corp.
> <domain>.corp.    3600    IN    NS    psad101zatcrh.<domain>.corp.
> 
> We did rebuild all our DC's to RHEL7.
> We demoted on the DC being rebuild, then removed any and all records
> we could find in AD/DNS. Rebuild the new server and rejoined.
> 

OK, after reading your 'named.log', there is the line that starts
(after the date) 'built with' and amongst all the build options there
is this '--disable-isc-spnego'

I take it you have built Samba yourself as there are no RHEL7 packages
that provision as a DC, so you know how to build things.

I think you know what is coming ;-)

Read this:

https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates

And this:

https://github.com/hvenzke/CentOS-Bind-DLZ

And then build Bind9 yourself, removing the thing that is stopping it
working for you '--disable-isc-spnego'

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba