thr3ads.net - samba - [Samba] DNS database question [Oct 2017]

If this information is useful, please help other people find it:
Share via:

Giuseppe Arvati

2017-Oct-24 07:01 UTC

[Samba] DNS database question

Hello,

I was checking my configuration regarding DNS
while I was reading
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#New_DNS_Entries_Are_Not_Resolvable

and I found that private/sam.ldb.d/ and private/dns/sam.ldb.d/
are different

# ls -lai /usr/local/samba/private/sam.ldb.d/
2760569 -rw-------. 1 root root  16400384 Oct 24 08:28 
CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
2760570 -rw-------. 1 root root  10391552 Oct 24 08:28 
CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
2760568 -rw-------. 1 root root   6647808 Oct 24 08:28 
DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
2760571 -rw-rw----. 2 root named  4251648 Oct 24 08:28 
DC%3DDOMAINDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
2760572 -rw-rw----. 2 root named  4251648 Oct 24 08:28 
DC%3DFORESTDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
2760567 -rw-rw----. 2 root named   421888 Oct 24 08:28 metadata.tdb
# ls -lai /usr/local/samba/private/dns/sam.ldb.d/
2763729 -rw-rw----  1 root named 8384512 Feb  6  2017 
CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
2763732 -rw-rw----  1 root named 9236480 Feb  6  2017 
CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
2763665 -rw-rw----  1 root named 1286144 Feb  6  2017 
DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
2760571 -rw-rw----. 2 root named 4251648 Oct 24 08:28 
DC%3DDOMAINDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
2760572 -rw-rw----. 2 root named 4251648 Oct 24 08:28 
DC%3DFORESTDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
2760567 -rw-rw----. 2 root named  421888 Oct 24 08:28 metadata.tdb

I noticed:
1) file file starting with CN are different in the 2 folder
2) file file starting with CN in private/sam.ldb.d/ are owned by 
root:root in private/dns/sam.ldb.d/ are owned by root:named

I was starting to check dns configuration because I had a NOAUTH problem 
when samba tried to update dlz on bind.
I solved with a "service named restart" and now the dns entry are
up to date but these files aren't compliant to the documentation
so is this a problem ?
If yes what kind of problem can I have ?


CentOS Linux 2.6.32-642.13.1.el6.x86_64
Samba version 4.5.6
bind version  32:9.8.2-0.62.rc1.el6_9.4

Thank you

giuseppe

Rowland Penny

2017-Oct-24 08:28 UTC

head link

[Samba] DNS database question

On Tue, 24 Oct 2017 09:01:16 +0200
Giuseppe Arvati via samba <samba at lists.samba.org> wrote:
> Hello,
> 
> I was checking my configuration regarding DNS
> while I was reading
>
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#New_DNS_Entries_Are_Not_Resolvable
> 
> and I found that private/sam.ldb.d/ and private/dns/sam.ldb.d/
> are different
> 
> # ls -lai /usr/local/samba/private/sam.ldb.d/
> 2760569 -rw-------. 1 root root  16400384 Oct 24 08:28 
> CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760570 -rw-------. 1 root root  10391552 Oct 24 08:28 
> CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760568 -rw-------. 1 root root   6647808 Oct 24 08:28 
> DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760571 -rw-rw----. 2 root named  4251648 Oct 24 08:28 
> DC%3DDOMAINDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760572 -rw-rw----. 2 root named  4251648 Oct 24 08:28 
> DC%3DFORESTDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760567 -rw-rw----. 2 root named   421888 Oct 24 08:28 metadata.tdb
> # ls -lai /usr/local/samba/private/dns/sam.ldb.d/
> 2763729 -rw-rw----  1 root named 8384512 Feb  6  2017 
> CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2763732 -rw-rw----  1 root named 9236480 Feb  6  2017 
> CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2763665 -rw-rw----  1 root named 1286144 Feb  6  2017 
> DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760571 -rw-rw----. 2 root named 4251648 Oct 24 08:28 
> DC%3DDOMAINDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760572 -rw-rw----. 2 root named 4251648 Oct 24 08:28 
> DC%3DFORESTDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
> 2760567 -rw-rw----. 2 root named  421888 Oct 24 08:28 metadata.tdb
> 
> I noticed:
> 1) file file starting with CN are different in the 2 folder
> 2) file file starting with CN in private/sam.ldb.d/ are owned by 
> root:root in private/dns/sam.ldb.d/ are owned by root:named
They should both be 'root:named'

ls -lad /usr/local/samba/private/sam.ldb.d/
drwxr-x--- 2 root bind 4096 Nov 23  2016 /usr/local/samba/private/sam.ldb.d/
ls -lad /usr/local/samba/private/dns/sam.ldb.d/
drwxrwx--- 2 root bind 4096 Nov 23
2016 /usr/local/samba/private/dns/sam.ldb.d/

Note: this is on Devuan where 'bind' = 'named'
> 
> I was starting to check dns configuration because I had a NOAUTH
> problem when samba tried to update dlz on bind.
> I solved with a "service named restart" and now the dns entry are
> up to date but these files aren't compliant to the documentation
> so is this a problem ?
> If yes what kind of problem can I have ?
Do not check anything in a 'sam.ldb.d' directory, check everything in
the sam.ldb file. As long as everything is okay here, then you do not
need to worry.
> 
> 
> CentOS Linux 2.6.32-642.13.1.el6.x86_64
> Samba version 4.5.6
> bind version  32:9.8.2-0.62.rc1.el6_9.4
Can I suggest you upgrade to Centos 7, this will get you a more up to
date Bind.

Rowland

Giuseppe Arvati

2017-Oct-24 09:30 UTC

head link

[Samba] DNS database question

Il 24/10/2017 10:28, Rowland Penny via samba ha scritto:> On Tue, 24 Oct 2017 09:01:16 +0200
> Giuseppe Arvati via samba <samba at lists.samba.org> wrote:
> 
>> Hello,
>>
>> I was checking my configuration regarding DNS
>> while I was reading
>>
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#New_DNS_Entries_Are_Not_Resolvable
>>
>> and I found that private/sam.ldb.d/ and private/dns/sam.ldb.d/
>> are different
>>
>> # ls -lai /usr/local/samba/private/sam.ldb.d/
>> 2760569 -rw-------. 1 root root  16400384 Oct 24 08:28
>> CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760570 -rw-------. 1 root root  10391552 Oct 24 08:28
>> CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760568 -rw-------. 1 root root   6647808 Oct 24 08:28
>> DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760571 -rw-rw----. 2 root named  4251648 Oct 24 08:28
>> DC%3DDOMAINDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760572 -rw-rw----. 2 root named  4251648 Oct 24 08:28
>> DC%3DFORESTDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760567 -rw-rw----. 2 root named   421888 Oct 24 08:28 metadata.tdb
>> # ls -lai /usr/local/samba/private/dns/sam.ldb.d/
>> 2763729 -rw-rw----  1 root named 8384512 Feb  6  2017
>> CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2763732 -rw-rw----  1 root named 9236480 Feb  6  2017
>> CN%3DSCHEMA,CN%3DCONFIGURATION,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2763665 -rw-rw----  1 root named 1286144 Feb  6  2017
>> DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760571 -rw-rw----. 2 root named 4251648 Oct 24 08:28
>> DC%3DDOMAINDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760572 -rw-rw----. 2 root named 4251648 Oct 24 08:28
>> DC%3DFORESTDNSZONES,DC%3DAPAM-AD,DC%3DAPAM,DC%3DIT.ldb
>> 2760567 -rw-rw----. 2 root named  421888 Oct 24 08:28 metadata.tdb
>>
>> I noticed:
>> 1) file file starting with CN are different in the 2 folder
>> 2) file file starting with CN in private/sam.ldb.d/ are owned by
>> root:root in private/dns/sam.ldb.d/ are owned by root:named
> 
> They should both be 'root:named'
> 
> ls -lad /usr/local/samba/private/sam.ldb.d/
> drwxr-x--- 2 root bind 4096 Nov 23  2016
/usr/local/samba/private/sam.ldb.d/
> ls -lad /usr/local/samba/private/dns/sam.ldb.d/
> drwxrwx--- 2 root bind 4096 Nov 23
> 2016 /usr/local/samba/private/dns/sam.ldb.d/
> 
> Note: this is on Devuan where 'bind' = 'named'
> 
>>
>> I was starting to check dns configuration because I had a NOAUTH
>> problem when samba tried to update dlz on bind.
>> I solved with a "service named restart" and now the dns entry
are
>> up to date but these files aren't compliant to the documentation
>> so is this a problem ?
>> If yes what kind of problem can I have ?
> 
> Do not check anything in a 'sam.ldb.d' directory, check everything
in
> the sam.ldb file. As long as everything is okay here, then you do not
> need to worry.
> 
>>
Good
>>
>> CentOS Linux 2.6.32-642.13.1.el6.x86_64
>> Samba version 4.5.6
>> bind version  32:9.8.2-0.62.rc1.el6_9.4
> 
> Can I suggest you upgrade to Centos 7, this will get you a more up to
> date Bind.
> 
I hope to switch to new server in the next mouths
> Rowland
>
Thank you very much
Giuseppe

Apparently Analagous Threads

Search for more possibly parallel threads

samba - Oct 2017 - DNS database question

[Samba] DNS database question

[Samba] DNS database question

[Samba] DNS database question

Apparently Analagous Threads