On Sun, 6 Nov 2016 17:56:00 +0100
Maximilian Kirchner via samba <samba at lists.samba.org> wrote:
> >
> > You are using Bind9 with flatfiles, this is NOT recommended.
> > If you are using the standard Ubuntu Bind9 package, you should be
> > using BIND9_DLZ and this stores the dns info in AD.
>
>
> > How did you provision the DC, was it with 'BIND9_FLATFILE' or
> > 'BIND9_DLZ' ?
> > If it was the later, just remove the 'wie' zone and its
reverse zone
> > from the bind conf file and restart bind9, if it was the former, you
> > will need to run 'samba_upgradedns' and remove the zones from
the
> > conf file.
> >
>
> So the BIND9_DLZ method only works if I am also using purely DLZ in
> bind9?
Yes, that's why it is called 'BIND(_DLZ' ;-)
>I set up the server with
> samba-tool domain provision --realm=smb.wie --domain=SMB
> --adminpass=Passw0rd --use-rfc2307 --server-role=dc
> --dns-backend=BIND9_DLZ
>
So you had provisioned with DLZ, you had just setup Bind9 incorrectly.
> I did as you said, the situation did not change but for the fact,
> that my other dns entries are not working anymore (as I expected from
> removing the wie zone).
If you have any other machines, that are not part of the AD domain, in
your dns domain, you will need to add these manually with samba-tool
> What I did:
> - comment out include "/etc/bind/named.conf.local";
> - service bind9 restart
> - samba_upgradedns --dns-backend=BIND9_DLZ (for good measure)
> - restart samba server
> The logs do not show any new errors
Your log (probably syslog) should show something like this after Bind
is restarted:
Nov 6 17:02:12 member1 named[24129]:
----------------------------------------------------
Nov 6 17:02:12 member1 named[24129]: BIND 9 is maintained by Internet Systems
Consortium,
Nov 6 17:02:12 member1 named[24129]: Inc. (ISC), a non-profit 501(c)(3)
public-benefit
Nov 6 17:02:12 member1 named[24129]: corporation. Support and training for
BIND 9 are
Nov 6 17:02:12 member1 named[24129]: available at https://www.isc.org/support
Nov 6 17:02:12 member1 named[24129]:
----------------------------------------------------
Nov 6 17:02:12 member1 named[24129]: adjusted limit on open files from 4096 to
1048576
Nov 6 17:02:12 member1 named[24129]: found 2 CPUs, using 2 worker threads
Nov 6 17:02:12 member1 named[24129]: using 2 UDP listeners per interface
Nov 6 17:02:12 member1 named[24129]: using up to 4096 sockets
Nov 6 17:02:12 member1 named[24129]: loading configuration from
'/etc/bind/named.conf'
Nov 6 17:02:12 member1 named[24129]: reading built-in trusted keys from file
'/etc/bind/bind.keys'
Nov 6 17:02:12 member1 named[24129]: using default UDP/IPv4 port range: [1024,
65535]
Nov 6 17:02:12 member1 named[24129]: using default UDP/IPv6 port range: [1024,
65535]
Nov 6 17:02:12 member1 named[24129]: no IPv6 interfaces found
Nov 6 17:02:12 member1 named[24129]: listening on IPv4 interface lo,
127.0.0.1#53
Nov 6 17:02:12 member1 named[24129]: listening on IPv4 interface eth0,
192.168.0.2#53
Nov 6 17:02:12 member1 named[24129]: generating session key for dynamic DNS
Nov 6 17:02:12 member1 named[24129]: sizing zone task pool based on 5 zones
Nov 6 17:02:12 member1 named[24129]: Loading 'AD DNS Zone' using driver
dlopen
Nov 6 17:02:12 member1 named[24129]: samba_dlz: started for DN
DC=samdom,DC=example,DC=com
Nov 6 17:02:12 member1 named[24129]: samba_dlz: starting configure
Nov 6 17:02:12 member1 named[24129]: samba_dlz: configured writeable zone
'0.168.192.in-addr.arpa'
Nov 6 17:02:12 member1 named[24129]: samba_dlz: configured writeable zone
'samdom.example.com'
Nov 6 17:02:12 member1 named[24129]: samba_dlz: configured writeable zone
'_msdcs.samdom.example.com'
Nov 6 17:02:12 member1 named[24129]: using built-in root key for view _default
Nov 6 17:02:12 member1 named[24129]: set up managed keys zone for view
_default, file 'managed-keys.bind'
Nov 6 17:02:12 member1 named[24129]: command channel listening on 127.0.0.1#953
Nov 6 17:02:12 member1 named[24129]: managed-keys-zone: journal file is out of
date: removing journal file
Nov 6 17:02:12 member1 named[24129]: managed-keys-zone: loaded serial 60
Nov 6 17:02:12 member1 named[24129]: zone 127.in-addr.arpa/IN: loaded serial 1
Nov 6 17:02:12 member1 named[24129]: zone 0.in-addr.arpa/IN: loaded serial 1
Nov 6 17:02:12 member1 named[24129]: zone 255.in-addr.arpa/IN: loaded serial 1
Nov 6 17:02:12 member1 named[24129]: zone localhost/IN: loaded serial 2
Nov 6 17:02:12 member1 named[24129]: all zones loaded
Nov 6 17:02:12 member1 named[24129]: running
Rowland