On Mon, 25 Dec 2023 21:12:55 +0100 Peter Milesson via samba <samba at lists.samba.org> wrote:> > > On 25.12.2023 19:36, Sonic via samba wrote: > > On Mon, Dec 25, 2023 at 1:20?PM Peter Milesson via samba > > <samba at lists.samba.org> wrote: > >> Couldn't you setup a completely new Debian VM with the latest > >> Samba from backports, sync with the old one, transfer the FSMO > >> roles, and then demote the old one? > > Wasn't sure I could do that with such a big jump. > > But it's worth a try. I always have my original as I'm working with > > lxc containers and can easily make copies. > > > > Thanks and Merry Christmas, > > Chris > > > Hi Chris, > > I'm not the right person to assess this, but I'm convinced that > Rowland Penny or Jeremy Allison could chime in here. >I did reply and asked to see the OP's named conf files, but they appear to be super secret, so I suggest he runs 'named-checkconf /etc/bind/named.conf' instead. The systemd error messages can mask the real error. Rowland
On Tue, Dec 26, 2023 at 3:57?AM Rowland Penny via samba <samba at lists.samba.org> wrote:> I did reply and asked to see the OP's named conf files, but they appear > to be super secret, so I suggest he runs 'named-checkconf > /etc/bind/named.conf' instead. The systemd error messages can mask the > real error.My apologies, I didn't realize you were asking to see those files. Here they are. named.conf ====================include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; ==================== named.conf.options ====================acl internals { 127.0.0.0/8; 172.26.62.0/23; }; acl externals { 10.67.71.0/29; }; options { auth-nxdomain yes; directory "/var/cache/bind"; version "Go Away 0.0.7"; tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; recursion no; notify no; empty-zones-enable no; listen-on port 53 { localhost; 172.26.62.31; }; listen-on-v6 { none; }; minimal-responses yes; allow-query { "internals"; "externals"; }; allow-recursion { "internals"; }; allow-transfer { none; }; /* forwarders { 172.26.62.1; }; dnssec-validation auto; }; ==================== named.conf.local ====================include "/usr/local/samba/private/named.conf"; ==================== When changing to the internal backend the DNS worked but no authentication. When changing back to the BIND backend the path to dns.keytab and Samnba's named.conf was updated and making these changes in the Bind configs did not ameliorate the problem. Thank you, Chris