Hi,
I have 2 samba AD Dc's running 4.7.0 with bind_DLZ on both servers.
For the most part things seem to be working as expected. I have created
reverse zones as per
https://wiki.samba.org/index.php/DNS_Administration#Creating_a_new_zone.
I have noticed 2 things that seem odd. when I use the windows dns manager
to add an A record. If I check the box that says to update the reverse zone
and then click add. I get a response that says the record was created
but if I look at the reverse zone the ptr never gets created. I then have
to add the ptr by hand.
Is this expected behavior? If it is not expected, how do I troubleshoot it?
The other thing I have noticed is that if I join a machine to the domain
sometimes the forward DNS records get created and other times they do not.
The reverse zones never get updated.
Name resolution and replication between the 2 DC's work as advertised.
Does anyone know how i can go about troubleshooting this problem?
My bind config is as follows:
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; internal; };
recursion yes;
/*
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
*/
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/var/run/named/named.pid";
session-keyfile "/var/run/named/session.key";
forwarders { 172.20.0.14; 172.20.0.11; 10.224.135.11; };
// Added for Samba-4.x.
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};
acl "internal" { 10.224.135.0/24; 172.20.0.0/23; 172.20.10.0/24;
172.30.0.0/23; 172.30.10.0/24; 192.168.100.0/24; 192.168.101.0/24;
192.168.102.0/24; 192.168.103.0/24; 127.0.0.1; };
logging {
channel default_debug {
file "data/named.run"
versions 10
size 10M;
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
# added below for bind DLZ.
include "/usr/local/samba/private/named.conf";
The smb.conf is as follows:
[global]
netbios name = VDC1
realm = SAMDOM.MYDOMAIN.COM
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
workgroup = SAMDOM
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
log file = /var/log/samba/%m.log
max log size = 5000
log level = 2
idmap config SAMDOM:unix_nss_info = yes
template shell = /bin/bash
template homedir = /home/samba/users/%U
deadtime = 5
[netlogon]
path = /usr/local/samba/var/locks/sysvol/samdom.mydomain.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
Regards,
--
Tom me at tdiehl.org
On 10/9/2017 3:03 PM, Tom Diehl via samba wrote:> Hi, > > I have 2 samba AD Dc's running 4.7.0 with bind_DLZ on both servers. > For the most part things seem to be working as expected. I have created > reverse zones as per > https://wiki.samba.org/index.php/DNS_Administration#Creating_a_new_zone. > > I have noticed 2 things that seem odd. when I use the windows dns manager > to add an A record. If I check the box that says to update the reverse > zone > and then click add. I get a response that says the record was created > but if I look at the reverse zone the ptr never gets created. I then have > to add the ptr by hand. > > Is this expected behavior? If it is not expected, how do I > troubleshoot it? > > The other thing I have noticed is that if I join a machine to the domain > sometimes the forward DNS records get created and other times they do > not. > The reverse zones never get updated. > > Name resolution and replication between the 2 DC's work as advertised. > > Does anyone know how i can go about troubleshooting this problem? > > My bind config is as follows: > > options { > listen-on port 53 { any; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > allow-query { localhost; internal; }; > > recursion yes; > > /* > dnssec-enable yes; > dnssec-validation yes; > dnssec-lookaside auto; > */ > > /* Path to ISC DLV key */ > bindkeys-file "/etc/named.iscdlv.key"; > > managed-keys-directory "/var/named/dynamic"; > > pid-file "/var/run/named/named.pid"; > session-keyfile "/var/run/named/session.key"; > > forwarders { 172.20.0.14; 172.20.0.11; 10.224.135.11; }; > > // Added for Samba-4.x. > tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; > }; > > acl "internal" { 10.224.135.0/24; 172.20.0.0/23; 172.20.10.0/24; > 172.30.0.0/23; 172.30.10.0/24; 192.168.100.0/24; 192.168.101.0/24; > 192.168.102.0/24; 192.168.103.0/24; 127.0.0.1; }; > > logging { > channel default_debug { > file "data/named.run" > versions 10 > size 10M; > severity dynamic; > print-time yes; > print-severity yes; > print-category yes; > }; > }; > > zone "." IN { > type hint; > file "named.ca"; > }; > > include "/etc/named.rfc1912.zones"; > include "/etc/named.root.key"; > # added below for bind DLZ. > include "/usr/local/samba/private/named.conf"; > > The smb.conf is as follows: > > [global] > netbios name = VDC1 > realm = SAMDOM.MYDOMAIN.COM > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate > workgroup = SAMDOM > server role = active directory domain controller > idmap_ldb:use rfc2307 = yes > > log file = /var/log/samba/%m.log > max log size = 5000 > log level = 2 > > idmap config SAMDOM:unix_nss_info = yes > > template shell = /bin/bash > template homedir = /home/samba/users/%U > > deadtime = 5 > > [netlogon] > path = /usr/local/samba/var/locks/sysvol/samdom.mydomain.com/scripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > Regards, >The PTR issue is a bug. See https://bugzilla.samba.org/show_bug.cgi?id=12186 -- -- James