On 07/09/15 21:26, Robert Moskowitz wrote:> Is there some option on the slave to set the frequency of the AXFR? > Say every hour? > > On 09/07/2015 03:45 PM, Lars Hanke wrote: >> Hi Robert, >> >> yes it does work. But the DLZ bind will not notify any slaves, when >> the repository changes. This can be painful, especially for longer >> TTL values. >> >> Regards, >> - lars. >> >> Am 07.09.2015 um 20:16 schrieb Robert Moskowitz: >>> >>> >>> On 09/07/2015 12:52 PM, Robert Moskowitz wrote: >>>> I am looking at: https://wiki.samba.org/index.php/DNS_administration >>>> >>>> I am using bind 9.9 on all my DNS servers. >>>> >>>> To set up secondarying my Samba DNS zones to my other Bind servers. I >>>> come across the following: >>>> >>>> https://bugzilla.samba.org/show_bug.cgi?id=9634 >>>> >>>> Is it possible to transfer the DLZ zones now as dates on this bug are >>>> 2 years old? >>> >>> So I tried it anyway: >>> >>> In my main DNS server: >>> >>> zone "home.htt" { >>> type slave; >>> file "slaves/bak.home.htt"; >>> masters {192.168.192.2; }; >>> }; >>> >>> I reload and there I see: >>> >>> Sep 07 14:00:05 valeria.htt-consult.com systemd[1]: Reloaded Berkeley >>> Internet Name Domain (DNS). >>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: dns_master_load: >>> file format mismatch >>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone >>> home.htt/IN/internal: loading from master file slaves/bak.home.htt >>> failed: not implemented >>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: all zones loaded >>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: running >>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone >>> home.htt/IN/internal: Transfer started. >>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: transfer of >>> 'home.htt/IN/internal' from 192.168.192.2#53: connected using >>> 192.168.192.5#51888 >>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone >>> home.htt/IN/internal: transferred serial 3 >>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone >>> home.htt/IN/internal: transfer: could not set file modification time of >>> 'slaves/bak.home.htt': permission denied >>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: transfer of >>> 'home.htt/IN/internal' from 192.168.192.2#53: Transfer completed: 1 >>> messages, 23 records, 1000 bytes, 0.020 secs (50000 bytes/sec) >>> >>> And over on homebase: >>> >>> Sep 7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 >>> (home.htt): transfer of 'home.htt/IN': AXFR started >>> Sep 7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 >>> (home.htt): transfer of 'home.htt/IN': AXFR ended >>> >>> But no file /var/named/slaves/bak.home.htt >>> >>> And yet on my DNS server, I can resolve homebase.home.htt: >>> >>> # dig homebase.home.htt >>> >>> ; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> homebase.home.htt >>> ;; global options: +cmd >>> ;; Got answer: >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55142 >>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 >>> >>> ;; OPT PSEUDOSECTION: >>> ; EDNS: version: 0, flags:; udp: 4096 >>> ;; QUESTION SECTION: >>> ;homebase.home.htt. IN A >>> >>> ;; ANSWER SECTION: >>> homebase.home.htt. 900 IN A 192.168.192.2 >>> >>> ;; AUTHORITY SECTION: >>> home.htt. 900 IN NS homebase.home.htt. >>> >>> ;; Query time: 3 msec >>> ;; SERVER: 192.168.192.5#53(192.168.192.5) >>> ;; WHEN: Mon Sep 07 14:15:46 EDT 2015 >>> ;; MSG SIZE rcvd: 76 >>> >>> >>> >> >> > >You might want to have a look here: http://bind-dlz.sourceforge.net/best_practices.html Rowland
Robert Moskowitz
2015-Sep-07 21:13 UTC
[Samba] Maybe working - Re: BIND DLZ zone transfers
On 09/07/2015 04:56 PM, Rowland Penny wrote:> On 07/09/15 21:26, Robert Moskowitz wrote: >> Is there some option on the slave to set the frequency of the AXFR? >> Say every hour? >> >> On 09/07/2015 03:45 PM, Lars Hanke wrote: >>> Hi Robert, >>> >>> yes it does work. But the DLZ bind will not notify any slaves, when >>> the repository changes. This can be painful, especially for longer >>> TTL values. >>> >>> Regards, >>> - lars. >>> >>> Am 07.09.2015 um 20:16 schrieb Robert Moskowitz: >>>> >>>> >>>> On 09/07/2015 12:52 PM, Robert Moskowitz wrote: >>>>> I am looking at: https://wiki.samba.org/index.php/DNS_administration >>>>> >>>>> I am using bind 9.9 on all my DNS servers. >>>>> >>>>> To set up secondarying my Samba DNS zones to my other Bind servers. I >>>>> come across the following: >>>>> >>>>> https://bugzilla.samba.org/show_bug.cgi?id=9634 >>>>> >>>>> Is it possible to transfer the DLZ zones now as dates on this bug are >>>>> 2 years old? >>>> >>>> So I tried it anyway: >>>> >>>> In my main DNS server: >>>> >>>> zone "home.htt" { >>>> type slave; >>>> file "slaves/bak.home.htt"; >>>> masters {192.168.192.2; }; >>>> }; >>>> >>>> I reload and there I see: >>>> >>>> Sep 07 14:00:05 valeria.htt-consult.com systemd[1]: Reloaded Berkeley >>>> Internet Name Domain (DNS). >>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: dns_master_load: >>>> file format mismatch >>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone >>>> home.htt/IN/internal: loading from master file slaves/bak.home.htt >>>> failed: not implemented >>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: all zones loaded >>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: running >>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone >>>> home.htt/IN/internal: Transfer started. >>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: transfer of >>>> 'home.htt/IN/internal' from 192.168.192.2#53: connected using >>>> 192.168.192.5#51888 >>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone >>>> home.htt/IN/internal: transferred serial 3 >>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: zone >>>> home.htt/IN/internal: transfer: could not set file modification >>>> time of >>>> 'slaves/bak.home.htt': permission denied >>>> Sep 07 14:00:05 valeria.htt-consult.com named[2195]: transfer of >>>> 'home.htt/IN/internal' from 192.168.192.2#53: Transfer completed: 1 >>>> messages, 23 records, 1000 bytes, 0.020 secs (50000 bytes/sec) >>>> >>>> And over on homebase: >>>> >>>> Sep 7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 >>>> (home.htt): transfer of 'home.htt/IN': AXFR started >>>> Sep 7 14:00:05 homebase named[1133]: client 192.168.192.5#51888 >>>> (home.htt): transfer of 'home.htt/IN': AXFR ended >>>> >>>> But no file /var/named/slaves/bak.home.htt >>>> >>>> And yet on my DNS server, I can resolve homebase.home.htt: >>>> >>>> # dig homebase.home.htt >>>> >>>> ; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7 <<>> homebase.home.htt >>>> ;; global options: +cmd >>>> ;; Got answer: >>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55142 >>>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, >>>> ADDITIONAL: 1 >>>> >>>> ;; OPT PSEUDOSECTION: >>>> ; EDNS: version: 0, flags:; udp: 4096 >>>> ;; QUESTION SECTION: >>>> ;homebase.home.htt. IN A >>>> >>>> ;; ANSWER SECTION: >>>> homebase.home.htt. 900 IN A 192.168.192.2 >>>> >>>> ;; AUTHORITY SECTION: >>>> home.htt. 900 IN NS homebase.home.htt. >>>> >>>> ;; Query time: 3 msec >>>> ;; SERVER: 192.168.192.5#53(192.168.192.5) >>>> ;; WHEN: Mon Sep 07 14:15:46 EDT 2015 >>>> ;; MSG SIZE rcvd: 76 >>>> >>>> >>>> >>> >>> >> >> > > You might want to have a look here: > > http://bind-dlz.sourceforge.net/best_practices.htmlSo I would implement OpenLDAP replication on the AD and run 'native' LDAP on the master nameserver, using the same Bind LDAP interface. Hmmm.... ARGH!!! :)
On Mon, 7 Sep 2015, Robert Moskowitz wrote:>> http://bind-dlz.sourceforge.net/best_practices.html > > So I would implement OpenLDAP replication on the AD and run 'native' LDAP on > the master nameserver, using the same Bind LDAP interface.Unless you're doing something unsual, why not just run a second DC with it's own DNS server and let Samba handle it? You really should have more than one DC anyway.