Thomas Glanzmann
2018-Jul-21 07:32 UTC
[Samba] Samba internal DNS limit recursive queries to certain ip address ranges
Hello, I noticed that samba internal dns allows recursive queries from everywhere. I wonder if it is possible to limit recursive queries to certain IPv4 and IPv6 network ranges? Cheers, Thomas
Rowland Penny
2018-Jul-21 07:44 UTC
[Samba] Samba internal DNS limit recursive queries to certain ip address ranges
On Sat, 21 Jul 2018 09:32:22 +0200 Thomas Glanzmann via samba <samba at lists.samba.org> wrote:> Hello, > I noticed that samba internal dns allows recursive queries from > everywhere. I wonder if it is possible to limit recursive queries to > certain IPv4 and IPv6 network ranges? > > Cheers, > Thomas >No, you will have to use Bind9 for that Rowland
mj
2018-Jul-21 14:27 UTC
[Samba] Samba internal DNS limit recursive queries to certain ip address ranges
Hi, On 07/21/2018 09:32 AM, Thomas Glanzmann via samba wrote:> Hello, > I noticed that samba internal dns allows recursive queries from > everywhere. I wonder if it is possible to limit recursive queries to > certain IPv4 and IPv6 network ranges?Perhaps use iptables for that..? Simply drop unwanted queries. (or migrate to bind) MJ
Thomas Glanzmann
2018-Jul-21 20:17 UTC
[Samba] Samba internal DNS limit recursive queries to certain ip address ranges
Hello MJ,> Perhaps use iptables for that..? Simply drop unwanted queries. (or migrate > to bind)yes, I did that. At the moment I'm having trouble with samba IPv6 and domain joins using sysprep, so I disabled it again for now until I figured out what the issue is. Manual works, sysprep fails, still no idea why. With iptables you can also do a deep packet inspection which looks for the recursive bit. I once did that for a customer. Cheers, Thomas
Possibly Parallel Threads
- Samba AD with internal DNS on IPv4/IPv6 but only announcing IPv4 address
- Samba AD with internal DNS on IPv4/IPv6 but only announcing IPv4 address
- Sysprep AD Join fails on Dual Stack
- Sysprep joins fail on Samba >= 4.2.0
- ntp_signd/socket multiple samba dcs on a single box