On 10/9/2017 3:03 PM, Tom Diehl via samba wrote:> Hi,
>
> I have 2 samba AD Dc's running 4.7.0 with bind_DLZ on both servers.
> For the most part things seem to be working as expected. I have created
> reverse zones as per
> https://wiki.samba.org/index.php/DNS_Administration#Creating_a_new_zone.
>
> I have noticed 2 things that seem odd. when I use the windows dns manager
> to add an A record. If I check the box that says to update the reverse
> zone
> and then click add. I get a response that says the record was created
> but if I look at the reverse zone the ptr never gets created. I then have
> to add the ptr by hand.
>
> Is this expected behavior? If it is not expected, how do I
> troubleshoot it?
>
> The other thing I have noticed is that if I join a machine to the domain
> sometimes the forward DNS records get created and other times they do
> not.
> The reverse zones never get updated.
>
> Name resolution and replication between the 2 DC's work as advertised.
>
> Does anyone know how i can go about troubleshooting this problem?
>
> My bind config is as follows:
>
> options {
> listen-on port 53 { any; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> allow-query { localhost; internal; };
>
> recursion yes;
>
> /*
> dnssec-enable yes;
> dnssec-validation yes;
> dnssec-lookaside auto;
> */
>
> /* Path to ISC DLV key */
> bindkeys-file "/etc/named.iscdlv.key";
>
> managed-keys-directory "/var/named/dynamic";
>
> pid-file "/var/run/named/named.pid";
> session-keyfile "/var/run/named/session.key";
>
> forwarders { 172.20.0.14; 172.20.0.11; 10.224.135.11; };
>
> // Added for Samba-4.x.
> tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> };
>
> acl "internal" { 10.224.135.0/24; 172.20.0.0/23; 172.20.10.0/24;
> 172.30.0.0/23; 172.30.10.0/24; 192.168.100.0/24; 192.168.101.0/24;
> 192.168.102.0/24; 192.168.103.0/24; 127.0.0.1; };
>
> logging {
> channel default_debug {
> file "data/named.run"
> versions 10
> size 10M;
> severity dynamic;
> print-time yes;
> print-severity yes;
> print-category yes;
> };
> };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
> # added below for bind DLZ.
> include "/usr/local/samba/private/named.conf";
>
> The smb.conf is as follows:
>
> [global]
> netbios name = VDC1
> realm = SAMDOM.MYDOMAIN.COM
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
> workgroup = SAMDOM
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
>
> log file = /var/log/samba/%m.log
> max log size = 5000
> log level = 2
>
> idmap config SAMDOM:unix_nss_info = yes
>
> template shell = /bin/bash
> template homedir = /home/samba/users/%U
>
> deadtime = 5
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/samdom.mydomain.com/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> Regards,
>
The PTR issue is a bug. See https://bugzilla.samba.org/show_bug.cgi?id=12186
--
--
James