samba - Aug 2019 - Problems with Internal DNS Samba 4

Hi,

I have updated my DC's to Samba 4.10.7, but I still can't add a new DC
to
the domain. I believe the problem is with Samba Internal DNS.

So I would like to convert my DNS from Internal DNS to  Bind9_DLZ of the
production DC's. Then I will join a new DC to the domain to see if it works.

I checked the tutorials:
https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server
https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC

But I found it a little complicated.

I'm in doubt if I have to configure all DNS zones manually (servers,
networks, ptr, records, A records, CNAMES and others) as a simple Bind or
if automatically configures it when do samba adjustments to turn it in
Bind9_DLZ (samba_upgradedns --dns-backend=BIND9_DLZ).

Could anybody help me?

Regards,

M?rcio Bacci

On 31/08/2019 04:28, Marcio Demetrio Bacci via samba
wrote:
> Hi,
>
> I have updated my DC's to Samba 4.10.7, but I still can't add a new
DC to
> the domain. I believe the problem is with Samba Internal DNS.
>
> So I would like to convert my DNS from Internal DNS to  Bind9_DLZ of the
> production DC's. Then I will join a new DC to the domain to see if it
works.
>
> I checked the tutorials:
> https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server
> https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC
>
> But I found it a little complicated.
>
> I'm in doubt if I have to configure all DNS zones manually (servers,
> networks, ptr, records, A records, CNAMES and others) as a simple Bind or
> if automatically configures it when do samba adjustments to turn it in
> Bind9_DLZ (samba_upgradedns --dns-backend=BIND9_DLZ).
>
> Could anybody help me?
>
> Regards,
>
> M?rcio Bacci
It is fairly simple ;-)

Read and follow:

https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server#Installing_.26_Configuring_BIND_on_Debian_based_distros

# Check and correct rights if required
# Check that the permissions on /var/lib/samba/bind-dns are 'drwxrwx---'
# If not:
chmod 770 /var/lib/samba/bind-dns

# Check that the 'bind' is the group for
/var/lib/samba/bind-dns/dns.keytab
# If not:
chown root:bind /usr/local/samba/private/dns.keytab
chmod 640 /usr/local/samba/private/dns.keytab

# Run the following command:

/usr/sbin/samba_upgradedns --dns-backend=BIND9_DLZ

# Alter smb.conf

# Change the "server services" parameter:

# If the line is there and contains 'dns', remove 'dns', if it
doesn't
contain 'dns' you do not need to do anything.

# If the line isn't there (more likely), add 'server services -dns'

# remove the forwarders line

service bind9 restart

service samba restart

Hi,

I'm folowing the tutorial:
https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End

But, the follows file there isn't in my DC, so can I to create it manually?

/usr/local/samba/bind-dns/named.conf file and uncomment the module for your
BIND version. For example:
dlz "AD DNS Zone" {
    # For BIND 9.10
    database "dlopen /usr/local/samba/lib/bind9/dlz_bind9_10.so";

My lib is in:

find / -name dlz_bind9_10.so
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so

Regards,

M?rcio Bacci

Em s?b, 31 de ago de 2019 ?s 04:09, Rowland penny via samba <
samba at lists.samba.org> escreveu:
> On 31/08/2019 04:28, Marcio Demetrio Bacci via samba wrote:
> > Hi,
> >
> > I have updated my DC's to Samba 4.10.7, but I still can't add
a new DC to
> > the domain. I believe the problem is with Samba Internal DNS.
> >
> > So I would like to convert my DNS from Internal DNS to  Bind9_DLZ of
the
> > production DC's. Then I will join a new DC to the domain to see if
it
> works.
> >
> > I checked the tutorials:
> > https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server
> >
> https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC
> >
> > But I found it a little complicated.
> >
> > I'm in doubt if I have to configure all DNS zones manually
(servers,
> > networks, ptr, records, A records, CNAMES and others) as a simple Bind
or
> > if automatically configures it when do samba adjustments to turn it in
> > Bind9_DLZ (samba_upgradedns --dns-backend=BIND9_DLZ).
> >
> > Could anybody help me?
> >
> > Regards,
> >
> > M?rcio Bacci
>
> It is fairly simple ;-)
>
> Read and follow:
>
>
>
https://wiki.samba.org/index.php/Setting_up_a_BIND_DNS_Server#Installing_.26_Configuring_BIND_on_Debian_based_distros
>
> # Check and correct rights if required
> # Check that the permissions on /var/lib/samba/bind-dns are
'drwxrwx---'
> # If not:
> chmod 770 /var/lib/samba/bind-dns
>
> # Check that the 'bind' is the group for
/var/lib/samba/bind-dns/dns.keytab
> # If not:
> chown root:bind /usr/local/samba/private/dns.keytab
> chmod 640 /usr/local/samba/private/dns.keytab
>
> # Run the following command:
>
> /usr/sbin/samba_upgradedns --dns-backend=BIND9_DLZ
>
> # Alter smb.conf
>
> # Change the "server services" parameter:
>
> # If the line is there and contains 'dns', remove 'dns', if
it doesn't
> contain 'dns' you do not need to do anything.
>
> # If the line isn't there (more likely), add 'server services
-dns'
>
> # remove the forwarders line
>
> service bind9 restart
>
> service samba restart
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>