On Tue, 22 Jan 2019 13:18:40 +0200 Hajdu Szabolcs via samba <samba at lists.samba.org> wrote:> options { > directory "/var/cache/bind"; > > forwarders { > 208.67.222.222; 208.67.220.220; > }; > > dnssec-validation no; > > auth-nxdomain no; # conform to RFC1035 > listen-on-v6 { any; }; > notify no; > empty-zones-enable no; > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > }; >My name,conf.options file is a bit different to yours, but I don't think any of the differences would stop your problem. The 'CNF' is coming from something creating the records and then, very shortly afterwards, something else creates the same records. This could something on the same DC, but it is most likely to be replication. Whatever it is, the first record gets marked with 'CNF' and the second record is used. As your Samba and Bind files seem to be OK, I think we need to step back a bit. From what you posted, you installed Samba and then joined it as a DC to an existing AD domain, what is this AD domain composed of and did the DNS records already exist in AD ? You are having problems with reverse zones, these are not created automatically, are you creating these manually and if so, how ? Rowland
The AD is composed of an older servers Windows 2008 and a newer 2012 the domain functional level is Windows Server 2008 all the reverse zones and DNS records existed in the AD the reverse zones where created on the AD way back when they were installed. Since then we manage it with the remote manager. I'm looking trough every config file but there is nothing that indicates these zones are created locally by me. Szabolcs
On Tue, 22 Jan 2019 14:27:54 +0200 Hajdu Szabolcs via samba <samba at lists.samba.org> wrote:> The AD is composed of an older servers Windows 2008 and a newer 2012 > the domain functional level is Windows Server 2008 all the reverse > zones and DNS records existed in the AD the reverse zones where > created on the AD way back when they were installed. Since then we > manage it with the remote manager. I'm looking trough every config > file but there is nothing that indicates these zones are created > locally by me. > > Szabolcs > >When you run 'samba-tool domain join', the DNS records are replicated to the new DC, but it looks like something else is also trying to add (at least) the reverse zone records. How did you install Samba ? What packages did you install ? Did you follow a webpage ? If so, which ? Can you post the contents of the following files: /etc/hostname /etc/hosts /etc/resolv.conf /etc/krb5.conf Rowland