Web lists-archives.com

Re: [Samba] Workstations cannot update DNS




On 15/05/2019 21:03, durwin@xxxxxxxxxxxxxxx wrote:
*named.conf.options*
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
        // 172.23.93.3 is master dns for mycompany.com

        forwarders {
  172.23.93.3; 8.8.8.8;
        };

//========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
//========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        //listen-on-v6 { any; };
        listen-on { any; };
        notify no;

        empty-zones-enable no;
        // DNS dynamic updates via Kerberos /var/lib/samba/private/dns.keytab;
        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};


OK, everything looks okay, except for /etc/bind/named.conf.options, this is mine (which as worked since 2012):

options {
    directory "/var/cache/bind";
    version "0.0.7";
    notify no;
    empty-zones-enable no;
    allow-query { 127.0.0.1; 192.168.0.0/24; };
    allow-recursion {  192.168.0.0/24; 127.0.0.1/32; };
    forwarders { 8.8.8.8; 8.8.4.4; };
    allow-transfer { none; };
    dnssec-validation no;
    dnssec-enable no;
    dnssec-lookaside no;
    listen-on-v6 { none; };
    listen-on port 53 { 192.168.0.6; 127.0.0.1; };

    tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
};

I think you should be able to see the differences, especially the last line ;-)

Rowland


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba