Maik Holtkamp
2014-Aug-22 13:52 UTC
[Samba] Feedback: DNS workaround Samba 4 vs own zone files
Hi, just a few words on my s4 experiences, hoping they will be of assistance for someone - or bashed by anyone to make me reconsider my workaround ;). Because of ubuntu 14.04 I had a closer look into samba 4 last weeks/days. I am administrating some private home LANs mostly driven by one low cost/consuming servers ubuntu/debian (DHCP, DNS, LAMP and samba) for some of my friends. I prefer a setup incl.: - isc-dhcp with fixed MAC->IP for hardware fix belonging to the HOMELAN and a small (10 IPs) dyn. range for visitors - bind9 with manually maintained db. zone files - nothing fancy authorative for local net, caching or forwarding to ISP otherwise ... just some CNAME records to enable that the browser can sparate credentials for different services running on same hosts. I am neither an expert in DNS/DHCP nor do I know anything about kerberos or ldap :( - just the ordinary lazy "never change" guy ;). I started playing using BIN9_DLZ dns backend. After having everything in place I recognized that the module does not update the records in existing zones as expected. Instead it took the control of the complete zone itself and allows no other GODs (my db.* files for that zone): ---cut--- named[3013]: samba_dlz: started for DN DC=mydns,DC=domain named[3013]: samba_dlz: starting configure named[3013]: samba_dlz: Failed to configure zone 'mydns.domain' named[3013]: samba_dlz: shutting down named[3013]: loading configuration: already exists ---cut--- As I won't sacrifice the DNS db.* files grown within the last 10 years I found following workaround: Choose BIND9_FLATFILE as backend Added this on top of my zone file: $INCLUDE /var/lib/samba/private/dns/mydns.domain.zone (commented the original SOA record) followed by my existing A/AAAA/CNAME/MX records and didn't touch the file containing the matching PTR records at all. As the samba zonefile has hostnames containig underscores, I had to add: check-names master ignore; to named.conf.local.>From the present point of view it seems to work for the setups I ammaintaining. I can join the new Samba Domain, create users/machines using MS tools etc. However, if someone can seen major problems arising from such workaround in future, I would be pleased for comments. -- THX Maik
Possibly Parallel Threads
- DNS server with MySQL Backend
- SELinux errors on my CentOS 5.3 (32 bit) Desktop after upgrade from 5.2
- Authenticate Postfix through Dovecot with slightly different LDAP settings
- Workaround for bind9 reload bug : samba_dlz Ignoring duplicate zone
- Defining "trusted" hosts/nets on a single interface system