Web lists-archives.com

Re: [Samba] Workstations cannot update DNS

On 15/05/2019 21:03, durwin@xxxxxxxxxxxxxxx wrote:
options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
        // is master dns for mycompany.com

        forwarders {;;

        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        //listen-on-v6 { any; };
        listen-on { any; };
        notify no;

        empty-zones-enable no;
        // DNS dynamic updates via Kerberos /var/lib/samba/private/dns.keytab;
        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";

OK, everything looks okay, except for /etc/bind/named.conf.options, this is mine (which as worked since 2012):

options {
    directory "/var/cache/bind";
    version "0.0.7";
    notify no;
    empty-zones-enable no;
    allow-query {;; };
    allow-recursion {;; };
    forwarders {;; };
    allow-transfer { none; };
    dnssec-validation no;
    dnssec-enable no;
    dnssec-lookaside no;
    listen-on-v6 { none; };
    listen-on port 53 {;; };

    tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";

I think you should be able to see the differences, especially the last line ;-)


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba