Hai,> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: dinsdag 22 januari 2019 14:12 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba_dns_question > > On Tue, 22 Jan 2019 13:54:00 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > I really suggest that you change this. > > > > Disable : > > > include "/etc/bind/named.conf.default-zones"; > > I have this and have never had the OP's problem > > > And this supports it : > > > empty-zones-enable no; > > Again, I have this.Then you are using a zone that is not in the default zone. The problem occurs only when you bind-DLZ is trying to load a zone defined in the default. Same for the empty-zones-enable> > > > > These to my cause your problem. > > Might load zones that bind9_DLZ is trying to load also. > > > > Set to yes: > > > auth-nxdomain no; # conform to RFC1035 > > The AD is the AUTHORITIVE Server. > > For that you need : auth-nxdomain yes; > > Sorry, but no you don't, well I don't > > rowland at Computer4:~$ nslookup > > set querytype=soa > > samdom.example.com > Server: 192.168.0.6 > Address: 192.168.0.6#53 > > samdom.example.com > origin = dc4.samdom.example.com > mail addr = hostmaster.samdom.example.com > serial = 2533 > refresh = 900 > retry = 600 > expire = 86400 > minimum = 3600Yes, lookups work fine, but ddns updates wont work now. https://en.wikipedia.org/wiki/Name_server#Authoritative_name_server Greetz, Louis
On Tue, 22 Jan 2019 14:27:12 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Rowland Penny via samba > > Verzonden: dinsdag 22 januari 2019 14:12 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] samba_dns_question > > > > On Tue, 22 Jan 2019 13:54:00 +0100 > > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > > > I really suggest that you change this. > > > > > > Disable : > > > > include "/etc/bind/named.conf.default-zones"; > > > > I have this and have never had the OP's problem > > > > > And this supports it : > > > > empty-zones-enable no; > > > > Again, I have this. > > Then you are using a zone that is not in the default zone. > The problem occurs only when you bind-DLZ is trying to load a zone > defined in the default. Same for the empty-zones-enableWhen I install Bind9, the only files I have to modify are, named.conf.options and named.conf.local (the latter by adding path to the Samba named.conf) I have never had any problems> > > > > > > > > These to my cause your problem. > > > Might load zones that bind9_DLZ is trying to load also. > > > > > > Set to yes: > > > > auth-nxdomain no; # conform to RFC1035 > > > The AD is the AUTHORITIVE Server. > > > For that you need : auth-nxdomain yes; > > > > Sorry, but no you don't, well I don't > > > > rowland at Computer4:~$ nslookup > > > set querytype=soa > > > samdom.example.com > > Server: 192.168.0.6 > > Address: 192.168.0.6#53 > > > > samdom.example.com > > origin = dc4.samdom.example.com > > mail addr = hostmaster.samdom.example.com > > serial = 2533 > > refresh = 900 > > retry = 600 > > expire = 86400 > > minimum = 3600 > > Yes, lookups work fine, but ddns updates wont work now. > https://en.wikipedia.org/wiki/Name_server#Authoritative_name_serverYou could be correct, I wouldn't know ;-) I use DHCP to update the dns records. Rowland
Hai Rowland, Yes, if you dont use the pc's them self to update dns records you might not notice this. The network im running here. Atm i use a external DHCP server, outside the samba domain. I have Win7 and Win 10 pc's (x64 mostly) ( and 1-2 xp pc's. ) Some pc's have static ip, some get DHCP ip. All pc's are updating there own A and PTR records. ( static and dhcp ip's ) And if i enable the isc-dhcp server on the samba DC's, then nothing changes for me. Keeps working as it did before. Greetz, Louis GPG-ID: EB7A89CF
On Tue, 22 Jan 2019 14:27:12 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> Hai, > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Rowland Penny via samba > > Verzonden: dinsdag 22 januari 2019 14:12 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] samba_dns_question > > > > On Tue, 22 Jan 2019 13:54:00 +0100 > > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > > > I really suggest that you change this. > > > > > > Disable : > > > > include "/etc/bind/named.conf.default-zones"; > > > > I have this and have never had the OP's problem > > > > > And this supports it : > > > > empty-zones-enable no; > > > > Again, I have this. > > Then you are using a zone that is not in the default zone. > The problem occurs only when you bind-DLZ is trying to load a zone > defined in the default. Same for the empty-zones-enable > > > > > > > > > These to my cause your problem. > > > Might load zones that bind9_DLZ is trying to load also. > > > > > > Set to yes: > > > > auth-nxdomain no; # conform to RFC1035 > > > The AD is the AUTHORITIVE Server. > > > For that you need : auth-nxdomain yes; > > > > Sorry, but no you don't, well I don't > >I seemed to remember there was a reason why I didn't have 'auth-nxdomain = yes;' set, so I have been searching my records and found it! All that setting 'auth-nxdomain = yes' does, it sets the nameserver to be authoritative for non existing domains, it has nothing to do with being authoritative for a dns domain. It used to default to 'yes' for compatibility with Bind8, it now defaults to no. Rowland
Hai Rowland, I think you are mixing a few settings. http://www.zytrax.com/books/dns/ch7/queries.html#additional-from-auth additional-from-auth yes | no ; additional-from-cache yes | no ; And www.zytrax.com/books/dns/ch7/queries.html#auth-nxdomain auth-nxdomain yes | no; If auth-nxdomain is 'yes' allows the server to answer authoritatively (the AA bit is set) when returning NXDOMAIN (domain does not exist) answers, if 'no' (the default) the server will not answer authoritatively. And http://www.zytrax.com/books/dns/ch7/queries.html#empty-zones-enable empty-zones-enable yes | no ; By default empty-zones-enable is set to yes which means that reverse queries for IPv4 and IPv6 addresses covered by RFCs 1918, 4193, 5737 and 6598 (as well as IPv6 local address (locally assigned), IPv6 link local addresses, the IPv6 loopback address and the IPv6 unknown address) but which is not not covered by a locally defined zone clause will automatically return an NXDOMAIN response from the local name server. This prevents reverse map queries to such addresses escaping to the DNS hierarchy where they are simply noise and increase the already high level of query pollution caused by mis-configuration. auth-nxdomain yes; empty-zones-enable no; additional-from-auth yes ; additional-from-cache no ; Would be my settings, if i did read above correctly. ( for the DC's ) If i forward this to my other 2 bind servers, then they would have. auth-nxdomain no; empty-zones-enable yes; additional-from-auth yes ; additional-from-cache yes ; If the zone you are using in samba and is in the same as the empty-zones. And an empty zone contains only an SOA and a single NS RR. What will happen... But i'll read this again in dutch.. Maybe reading things wrong, dont think so but possible. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: dinsdag 22 januari 2019 15:24 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba_dns_question > > On Tue, 22 Jan 2019 14:27:12 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > Hai, > > > > > -----Oorspronkelijk bericht----- > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > > Rowland Penny via samba > > > Verzonden: dinsdag 22 januari 2019 14:12 > > > Aan: samba at lists.samba.org > > > Onderwerp: Re: [Samba] samba_dns_question > > > > > > On Tue, 22 Jan 2019 13:54:00 +0100 > > > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > > > > > > > I really suggest that you change this. > > > > > > > > Disable : > > > > > include "/etc/bind/named.conf.default-zones"; > > > > > > I have this and have never had the OP's problem > > > > > > > And this supports it : > > > > > empty-zones-enable no; > > > > > > Again, I have this. > > > > Then you are using a zone that is not in the default zone. > > The problem occurs only when you bind-DLZ is trying to load a zone > > defined in the default. Same for the empty-zones-enable > > > > > > > > > > > > > These to my cause your problem. > > > > Might load zones that bind9_DLZ is trying to load also. > > > > > > > > Set to yes: > > > > > auth-nxdomain no; # conform to RFC1035 > > > > The AD is the AUTHORITIVE Server. > > > > For that you need : auth-nxdomain yes; > > > > > > Sorry, but no you don't, well I don't > > > > > I seemed to remember there was a reason why I didn't have > 'auth-nxdomain = yes;' set, so I have been searching my records and > found it! > > All that setting 'auth-nxdomain = yes' does, it sets the nameserver to > be authoritative for non existing domains, it has nothing to do with > being authoritative for a dns domain. > It used to default to 'yes' for compatibility with Bind8, it now > defaults to no. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >