On Wed, 27 Dec 2023 10:49:17 -0500
Sonic <sonicsmith at gmail.com> wrote:
> On Tue, Dec 26, 2023 at 3:57?AM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> > I did reply and asked to see the OP's named conf files, but they
> > appear to be super secret, so I suggest he runs 'named-checkconf
> > /etc/bind/named.conf' instead. The systemd error messages can mask
> > the real error.
>
> My apologies, I didn't realize you were asking to see those files.
> Here they are.
>
> named.conf
> ====================> include "/etc/bind/named.conf.options";
> include "/etc/bind/named.conf.local";
> ====================>
What happened to 'include
"/etc/bind/named.conf.default-zones";' ?
> named.conf.options
> ====================> acl internals { 127.0.0.0/8; 172.26.62.0/23; };
> acl externals { 10.67.71.0/29; };
>
> options {
> auth-nxdomain yes;
> directory "/var/cache/bind";
> version "Go Away 0.0.7";
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
See below about the keytab.
> recursion no;
> notify no;
> empty-zones-enable no;
> listen-on port 53 { localhost; 172.26.62.31; };
> listen-on-v6 { none; };
>
> minimal-responses yes;
>
> allow-query { "internals"; "externals"; };
> allow-recursion { "internals"; };
> allow-transfer { none; };
>
> /* forwarders {
> 172.26.62.1;
> };
You need a valid forwarder
>
> dnssec-validation auto;
I would set 'dnssec-validation' to 'no', Samba AD doesn't do
DNSSEC.
> };
> ====================>
> named.conf.local
> ====================> include
"/usr/local/samba/private/named.conf";
> ====================
Are you actually building Samba yourself ?
If not the entire path is wrong, if you are, it just a little bit wrong.
The path was changed from /.../.../samba/private/ to /.../.../bind-dns/
where '/.../.../' is either '/usr/local/' or '/var/lib/'
depending on a
self compiled Samba or distro packages.
Rowland