Is it possible to have Samba4 internal DNS listen only on specific IP address(es)? We have 2 IP addresses on our DC and don't want the Samba4 DNS listening on one of them as it is to be used for an independent BIND DNS service. For those who may be wondering why, it's because Samba4's DNS doesn't do everything we want or need and using BIND_DLZ really isn't any better for us and I don't care to get into a discussion of that. regards, John
Hello On 07.10.15 23:35, John Gardeniers wrote:> Is it possible to have Samba4 internal DNS listen only on specific IP > address(es)? We have 2 IP addresses on our DC and don't want the > Samba4 DNS listening on one of them as it is to be used for an > independent BIND DNS service. For those who may be wondering why, it's > because Samba4's DNS doesn't do everything we want or need and using > BIND_DLZ really isn't any better for us and I don't care to get into a > discussion of that.You should try "hosts allow" inside a share configuration. This let's samba ignore other IP-Adresses. You even can setup one or more IP-ranges with "hosts allow = 192.168.15., 192.168.16., 127". Don't forget the point "." at the end. "127" is for "localhost" one can also use. Sometime the syntax is supposed to be somthing like "hosts allow = 192.168.1. 192.168.255. 127". Difference is now decimal point, just a space. You can try this out with testparm. I wish you luck Alex
Hi Alex, Sorry but I'm confused by your response. You refer to a share definition but my question is about the DNS service. regards, John On 08/10/15 08:55, Alex Winzer wrote:> Hello > > On 07.10.15 23:35, John Gardeniers wrote: >> Is it possible to have Samba4 internal DNS listen only on specific IP >> address(es)? We have 2 IP addresses on our DC and don't want the >> Samba4 DNS listening on one of them as it is to be used for an >> independent BIND DNS service. For those who may be wondering why, >> it's because Samba4's DNS doesn't do everything we want or need and >> using BIND_DLZ really isn't any better for us and I don't care to get >> into a discussion of that. > > You should try "hosts allow" inside a share configuration. > This let's samba ignore other IP-Adresses. You even can setup one or > more IP-ranges with "hosts allow = 192.168.15., 192.168.16., 127". > Don't forget the point "." at the end. "127" is for "localhost" one > can also use. Sometime the syntax is supposed to be somthing like > "hosts allow = 192.168.1. 192.168.255. 127". Difference is now decimal > point, just a space. You can try this out with testparm. > > I wish you luck > Alex >
Am 07.10.2015 um 23:55 schrieb Alex Winzer:> On 07.10.15 23:35, John Gardeniers wrote: >> Is it possible to have Samba4 internal DNS listen only on specific IP >> address(es)? We have 2 IP addresses on our DC and don't want the >> Samba4 DNS listening on one of them as it is to be used for an >> independent BIND DNS service. For those who may be wondering why, it's >> because Samba4's DNS doesn't do everything we want or need and using >> BIND_DLZ really isn't any better for us and I don't care to get into a >> discussion of that. > > You should try "hosts allow" inside a share configuration. > This let's samba ignore other IP-Adresseswhy should that change anything on which interface it#s listening? especially based on a share? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20151008/e0d3902b/signature.sig>
Using Google, I found the solution in a 5 year old message to this list.
By adding two lines to the global section of smb.conf it restricts which
IPs Samba4 binds to:
interfaces = eno1 lo
bind interfaces only = yes
en01 is the Centos 7 name for what most people know as eth0. This leaves
eno3 (AKA eno1:1) free for BIND.
regards,
John
On 08/10/15 08:35, John Gardeniers wrote:> Is it possible to have Samba4 internal DNS listen only on specific IP
> address(es)? We have 2 IP addresses on our DC and don't want the
> Samba4 DNS listening on one of them as it is to be used for an
> independent BIND DNS service. For those who may be wondering why, it's
> because Samba4's DNS doesn't do everything we want or need and
using
> BIND_DLZ really isn't any better for us and I don't care to get
into a
> discussion of that.
>
> regards,
> John
>
>