Rowland, To answer you first, my "example.com" registered host is a wildcat " *. example.com". Everything example.com returns my external ip address. Both bind9 and samba are running. Might add your "options" but for now, solving my problem, first. Louis, your answer in a few minutes. On Wed, Sep 30, 2020 at 8:09 AM Rowland penny via samba < samba at lists.samba.org> wrote:> On 30/09/2020 13:22, Robert Wooden via samba wrote: > > Yesterday I had an issue with Samba v 4.13.0. > > > > I cannot figure out why bind9 will not "host -t SRV _ldap._ > > tcp.ad.dtntwk.work." or "host -t SRV _kerberos._udp.ad.dtntwk.work." > > > > root at dc1:~# host -t SRV _ldap._tcp.subdom.example.com. > Hmm, is 'subdom.example.com' really 'ad.dtntwk.work' ? > >> dc1.subdom.example.com has address 164.98.xxx.xxx > >> > > This ip address is my external ip provided from the ISP. It should be a > > local ip (192.168.0.xx) > How is your internal device getting an external IP ? > > > > root at dc1:~# cat /etc/bind/named.conf > > Your bind files are the same as mine, except I have these in 'options' : > > dnssec-enable no; > dnssec-lookaside no; > allow-transfer { none; }; > > >> // rndc.key is installed by default on debian. Just a matter of > >> enableing it. > >> include "/etc/bind/rndc.key"; > >> controls { > >> inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; > >> // inet ::1 allow { ::1; } keys { rndc-key; }; > >> }; > I also do not have the rndc lines, they are not required. > > > And "dpkg-reconfigure krb5-user" will not reconfigure. > Strange. > > > > root at dc1:~# kinit administrator > >> kinit: Cannot find KDC for realm "SUBDOM.EXAMPLE.COM" while getting > >> initial credentials > Are Samba and Bind9 running ? > > Is 'subdom.example.com' a registered domain, or is 'example.com' the > registered domain ? > > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Louis, (Un-sanitized) root at dtdc1:~# systemctl status bind9> ? bind9.service - BIND Domain Name Server > Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor > preset: enabled) > Active: active (running) since Wed 2020-09-30 07:19:21 CDT; 2h 26min ago > Docs: man:named(8) > Process: 375 ExecStart=/usr/sbin/named $OPTIONS (code=exited, > status=0/SUCCESS) > Main PID: 395 (named) > Tasks: 5 (limit: 2249) > Memory: 27.7M > CGroup: /system.slice/bind9.service > ??395 /usr/sbin/named -u bind > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53 > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53 > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53 > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53 > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53 > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53 > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53 > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53 > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53 > Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete >Add the log from this morning> Sep 30 07:19:21 dtdc1 named[395]: starting BIND > 9.11.5-P4-5.1+deb10u2-Debian (Extended Support Version) <id:998753c> > > Sep 30 07:19:21 dtdc1 named[395]: running on Linux x86_64 4.19.0-11-amd64 > #1 SMP Debian 4.19.146-1 (2020-09-17) > > Sep 30 07:19:21 dtdc1 named[395]: built with '--build=x86_64-linux-gnu' > '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' > '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' > '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' > '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' > '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' > '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' > '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' > '--enable-static' '--with-gost=no' '--with-openssl=/usr' > '--with-gssapi=/usr' '--with-libidn2' '--with-libjson=/usr' > '--with-lmdb=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' > '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' > '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so' > '--with-randomdev=/dev/urandom' '--enable-dnstap' > 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 > -fdebug-prefix-map=/build/bind9-pbRECD/bind9-9.11.5.P4+dfsg=. > -fstack-protector-strong -Wformat -Werror=format-security > -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE > -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time > -D_FORTIFY_SOURCE=2' > > Sep 30 07:19:21 dtdc1 named[395]: running as: named -u bind > > Sep 30 07:19:21 dtdc1 named[395]: compiled by GCC 8.3.0 > > Sep 30 07:19:21 dtdc1 named[395]: compiled with OpenSSL version: OpenSSL > 1.1.1d 10 Sep 2019 > > Sep 30 07:19:21 dtdc1 named[395]: linked to OpenSSL version: OpenSSL > 1.1.1d 10 Sep 2019 > > Sep 30 07:19:21 dtdc1 named[395]: compiled with libxml2 version: 2.9.4 > > Sep 30 07:19:21 dtdc1 named[395]: linked to libxml2 version: 20904 > > Sep 30 07:19:21 dtdc1 named[395]: compiled with libjson-c version: 0.12.1 > > Sep 30 07:19:21 dtdc1 named[395]: linked to libjson-c version: 0.12.1 > > Sep 30 07:19:21 dtdc1 named[395]: threads support is enabled > > Sep 30 07:19:21 dtdc1 named[395]: > ---------------------------------------------------- > > Sep 30 07:19:21 dtdc1 named[395]: BIND 9 is maintained by Internet Systems > Consortium, > > Sep 30 07:19:21 dtdc1 named[395]: Inc. (ISC), a non-profit 501(c)(3) > public-benefit > > Sep 30 07:19:21 dtdc1 named[395]: corporation. Support and training for > BIND 9 are > > Sep 30 07:19:21 dtdc1 named[395]: available at https://www.isc.org/support > > Sep 30 07:19:21 dtdc1 named[395]: > ---------------------------------------------------- > > Sep 30 07:19:21 dtdc1 named[395]: adjusted limit on open files from 524288 > to 1048576 > > Sep 30 07:19:21 dtdc1 named[395]: found 2 CPUs, using 2 worker threads > > Sep 30 07:19:21 dtdc1 named[395]: using 1 UDP listener per interface > > Sep 30 07:19:21 dtdc1 named[395]: using up to 4096 sockets > > Sep 30 07:19:21 dtdc1 named[395]: loading configuration from > '/etc/bind/named.conf' > > Sep 30 07:19:21 dtdc1 named[395]: reading built-in trust anchors from file > '/etc/bind/bind.keys' > > Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP Country (IPv4) (type > 1) DB > > Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build > > Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP Country (IPv6) (type > 12) DB > > Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 2) DB not > available > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 6) DB not > available > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 30) DB not > available > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 31) DB not > available > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 3) DB not available > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 7) DB not available > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP ISP (type 4) DB not available > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Org (type 5) DB not available > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP AS (type 9) DB not available > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Domain (type 11) DB not available > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP NetSpeed (type 10) DB not available > > Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv4 port range: > [32768, 60999] > > Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv6 port range: > [32768, 60999] > > Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4 interface lo, > 127.0.0.1#53 > > Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4 interface enp1s0, > 192.168.16.41#53 > > Sep 30 07:19:21 dtdc1 named[395]: generating session key for dynamic DNS > > Sep 30 07:19:21 dtdc1 named[395]: sizing zone task pool based on 5 zones > > Sep 30 07:19:21 dtdc1 named[395]: set up managed keys zone for view > _default, file 'managed-keys.bind' > > Sep 30 07:19:21 dtdc1 named[395]: command channel listening on > 127.0.0.1#953 > > Sep 30 07:19:21 dtdc1 named[395]: managed-keys-zone: loaded serial 7 > > Sep 30 07:19:21 dtdc1 named[395]: zone 0.in-addr.arpa/IN: loaded serial 1 > > Sep 30 07:19:21 dtdc1 named[395]: zone 127.in-addr.arpa/IN: loaded serial 1 > > Sep 30 07:19:21 dtdc1 named[395]: zone 255.in-addr.arpa/IN: loaded serial 1 > > Sep 30 07:19:21 dtdc1 named[395]: zone localhost/IN: loaded serial 2 > > Sep 30 07:19:21 dtdc1 named[395]: all zones loaded > > Sep 30 07:19:21 dtdc1 named[395]: running > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:7fe::53#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:7fe::53#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:500:1::53#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:500:1::53#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:503:ba3e::2:30#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:500:a8::e#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:500:2f::f#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:503:ba3e::2:30#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:500:a8::e#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:500:2f::f#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:503:c27::2:30#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:500:2d::d#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:500:9f::42#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:500:200::b#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:503:c27::2:30#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:7fd::1#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:7fe::53#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:500:2d::d#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:500:1::53#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:500:9f::42#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:503:ba3e::2:30#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:500:200::b#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:500:a8::e#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:7fd::1#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2f::f#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:500:2::c#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:503:c27::2:30#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:dc3::35#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:500:2::c#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2d::d#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:dc3::35#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving './NS/IN': > 2001:500:12::d0d#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/A/IN': 2001:500:12::d0d#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:500:9f::42#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:500:200::b#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:7fd::1#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2::c#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:dc3::35#53 > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > 0.us.pool.ntp.org/AAAA/IN': 2001:500:12::d0d#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:7fe::53#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:1::53#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:503:ba3e::2:30#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:a8::e#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53 > > Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete > > (END >Anyones thoughts?? On Wed, Sep 30, 2020 at 9:43 AM Robert Wooden <wdn2420systm at gmail.com> wrote:> Rowland, > To answer you first, my "example.com" registered host is a wildcat " *. > example.com". Everything example.com returns my external ip address. > > Both bind9 and samba are running. > > Might add your "options" but for now, solving my problem, first. > > Louis, your answer in a few minutes. > > On Wed, Sep 30, 2020 at 8:09 AM Rowland penny via samba < > samba at lists.samba.org> wrote: > >> On 30/09/2020 13:22, Robert Wooden via samba wrote: >> > Yesterday I had an issue with Samba v 4.13.0. >> > >> > I cannot figure out why bind9 will not "host -t SRV _ldap._ >> > tcp.ad.dtntwk.work." or "host -t SRV _kerberos._udp.ad.dtntwk.work." >> > >> > root at dc1:~# host -t SRV _ldap._tcp.subdom.example.com. >> Hmm, is 'subdom.example.com' really 'ad.dtntwk.work' ? >> >> dc1.subdom.example.com has address 164.98.xxx.xxx >> >> >> > This ip address is my external ip provided from the ISP. It should be a >> > local ip (192.168.0.xx) >> How is your internal device getting an external IP ? >> > >> > root at dc1:~# cat /etc/bind/named.conf >> >> Your bind files are the same as mine, except I have these in 'options' : >> >> dnssec-enable no; >> dnssec-lookaside no; >> allow-transfer { none; }; >> >> >> // rndc.key is installed by default on debian. Just a matter >> of >> >> enableing it. >> >> include "/etc/bind/rndc.key"; >> >> controls { >> >> inet 127.0.0.1 allow { localhost; } keys { rndc-key; }; >> >> // inet ::1 allow { ::1; } keys { rndc-key; }; >> >> }; >> I also do not have the rndc lines, they are not required. >> >> > And "dpkg-reconfigure krb5-user" will not reconfigure. >> Strange. >> > >> > root at dc1:~# kinit administrator >> >> kinit: Cannot find KDC for realm "SUBDOM.EXAMPLE.COM" while getting >> >> initial credentials >> Are Samba and Bind9 running ? >> >> Is 'subdom.example.com' a registered domain, or is 'example.com' the >> registered domain ? >> >> Rowland >> >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >
Bind_DLZ is not loaded Which makes sence if we see the errors.. Verify if this is loaded.. I have it in named.conf.local // adding the dlopen ( Bind DLZ ) module for samba, beware, if you using bind9.9 then you need to change this manualy include "/var/lib/samba/bind-dns/named.conf";> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Robert Wooden via samba > Verzonden: woensdag 30 september 2020 16:55 > CC: SAMBA MailList > Onderwerp: Re: [Samba] Bind9 issue > > Louis, > > (Un-sanitized) > > root at dtdc1:~# systemctl status bind9 > > ??? bind9.service - BIND Domain Name Server > > Loaded: loaded (/lib/systemd/system/bind9.service; > enabled; vendor > > preset: enabled) > > Active: active (running) since Wed 2020-09-30 07:19:21 > CDT; 2h 26min ago > > Docs: man:named(8) > > Process: 375 ExecStart=/usr/sbin/named $OPTIONS (code=exited, > > status=0/SUCCESS) > > Main PID: 395 (named) > > Tasks: 5 (limit: 2249) > > Memory: 27.7M > > CGroup: /system.slice/bind9.service > > ??????395 /usr/sbin/named -u bind > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53 > > Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete > > > > Add the log from this morning > > > Sep 30 07:19:21 dtdc1 named[395]: starting BIND > > 9.11.5-P4-5.1+deb10u2-Debian (Extended Support Version) <id:998753c> > > > > Sep 30 07:19:21 dtdc1 named[395]: running on Linux x86_64 > 4.19.0-11-amd64 > > #1 SMP Debian 4.19.146-1 (2020-09-17) > > > > Sep 30 07:19:21 dtdc1 named[395]: built with > '--build=x86_64-linux-gnu' > > '--prefix=/usr' '--includedir=/usr/include' > '--mandir=/usr/share/man' > > '--infodir=/usr/share/info' '--sysconfdir=/etc' > '--localstatedir=/var' > > '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' > > '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' > > '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' > > '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' > > '--enable-threads' '--enable-largefile' '--with-libtool' > '--enable-shared' > > '--enable-static' '--with-gost=no' '--with-openssl=/usr' > > '--with-gssapi=/usr' '--with-libidn2' '--with-libjson=/usr' > > '--with-lmdb=/usr' '--with-gnu-ld' '--with-geoip=/usr' > '--with-atf=no' > > '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' > > '--enable-native-pkcs11' > '--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so' > > '--with-randomdev=/dev/urandom' '--enable-dnstap' > > 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 > > -fdebug-prefix-map=/build/bind9-pbRECD/bind9-9.11.5.P4+dfsg=. > > -fstack-protector-strong -Wformat -Werror=format-security > > -fno-strict-aliasing -fno-delete-null-pointer-checks > -DNO_VERSION_DATE > > -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' > 'CPPFLAGS=-Wdate-time > > -D_FORTIFY_SOURCE=2' > > > > Sep 30 07:19:21 dtdc1 named[395]: running as: named -u bind > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled by GCC 8.3.0 > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled with OpenSSL > version: OpenSSL > > 1.1.1d 10 Sep 2019 > > > > Sep 30 07:19:21 dtdc1 named[395]: linked to OpenSSL version: OpenSSL > > 1.1.1d 10 Sep 2019 > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled with libxml2 > version: 2.9.4 > > > > Sep 30 07:19:21 dtdc1 named[395]: linked to libxml2 version: 20904 > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled with libjson-c > version: 0.12.1 > > > > Sep 30 07:19:21 dtdc1 named[395]: linked to libjson-c > version: 0.12.1 > > > > Sep 30 07:19:21 dtdc1 named[395]: threads support is enabled > > > > Sep 30 07:19:21 dtdc1 named[395]: > > ---------------------------------------------------- > > > > Sep 30 07:19:21 dtdc1 named[395]: BIND 9 is maintained by > Internet Systems > > Consortium, > > > > Sep 30 07:19:21 dtdc1 named[395]: Inc. (ISC), a non-profit 501(c)(3) > > public-benefit > > > > Sep 30 07:19:21 dtdc1 named[395]: corporation. Support and > training for > > BIND 9 are > > > > Sep 30 07:19:21 dtdc1 named[395]: available at > https://www.isc.org/support > > > > Sep 30 07:19:21 dtdc1 named[395]: > > ---------------------------------------------------- > > > > Sep 30 07:19:21 dtdc1 named[395]: adjusted limit on open > files from 524288 > > to 1048576 > > > > Sep 30 07:19:21 dtdc1 named[395]: found 2 CPUs, using 2 > worker threads > > > > Sep 30 07:19:21 dtdc1 named[395]: using 1 UDP listener per interface > > > > Sep 30 07:19:21 dtdc1 named[395]: using up to 4096 sockets > > > > Sep 30 07:19:21 dtdc1 named[395]: loading configuration from > > '/etc/bind/named.conf' > > > > Sep 30 07:19:21 dtdc1 named[395]: reading built-in trust > anchors from file > > '/etc/bind/bind.keys' > > > > Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP > Country (IPv4) (type > > 1) DB > > > > Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build > > > > Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP > Country (IPv6) (type > > 12) DB > > > > Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 2) DB not > > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 6) DB not > > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 30) DB not > > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 31) DB not > > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 3) DB > not available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 7) DB > not available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP ISP (type 4) DB not > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Org (type 5) DB not > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP AS (type 9) DB not available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Domain (type 11) DB > not available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP NetSpeed (type 10) > DB not available > > > > Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv4 port range: > > [32768, 60999] > > > > Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv6 port range: > > [32768, 60999] > > > > Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4 interface lo, > > 127.0.0.1#53 > > > > Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4 > interface enp1s0, > > 192.168.16.41#53 > > > > Sep 30 07:19:21 dtdc1 named[395]: generating session key > for dynamic DNS > > > > Sep 30 07:19:21 dtdc1 named[395]: sizing zone task pool > based on 5 zones > > > > Sep 30 07:19:21 dtdc1 named[395]: set up managed keys zone for view > > _default, file 'managed-keys.bind' > > > > Sep 30 07:19:21 dtdc1 named[395]: command channel listening on > > 127.0.0.1#953 > > > > Sep 30 07:19:21 dtdc1 named[395]: managed-keys-zone: loaded serial 7 > > > > Sep 30 07:19:21 dtdc1 named[395]: zone 0.in-addr.arpa/IN: > loaded serial 1 > > > > Sep 30 07:19:21 dtdc1 named[395]: zone 127.in-addr.arpa/IN: > loaded serial 1 > > > > Sep 30 07:19:21 dtdc1 named[395]: zone 255.in-addr.arpa/IN: > loaded serial 1 > > > > Sep 30 07:19:21 dtdc1 named[395]: zone localhost/IN: loaded serial 2 > > > > Sep 30 07:19:21 dtdc1 named[395]: all zones loaded > > > > Sep 30 07:19:21 dtdc1 named[395]: running > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:7fe::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:7fe::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:1::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:1::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:503:ba3e::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:a8::e#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:2f::f#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:503:ba3e::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:a8::e#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:2f::f#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:503:c27::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:2d::d#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:9f::42#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:200::b#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:503:c27::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:7fd::1#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:7fe::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:2d::d#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:1::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:9f::42#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:503:ba3e::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:200::b#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:a8::e#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:7fd::1#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2f::f#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:2::c#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:503:c27::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:dc3::35#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:2::c#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2d::d#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:dc3::35#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:12::d0d#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:12::d0d#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:9f::42#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:200::b#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:7fd::1#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2::c#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:dc3::35#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:12::d0d#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:7fe::53#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:1::53#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:503:ba3e::2:30#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:a8::e#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53 > > > > Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete > > > > (END > > > > Anyones thoughts?? > > > On Wed, Sep 30, 2020 at 9:43 AM Robert Wooden <wdn2420systm at gmail.com> > wrote: > > > Rowland, > > To answer you first, my "example.com" registered host is a > wildcat " *. > > example.com". Everything example.com returns my external ip address. > > > > Both bind9 and samba are running. > > > > Might add your "options" but for now, solving my problem, first. > > > > Louis, your answer in a few minutes. > > > > On Wed, Sep 30, 2020 at 8:09 AM Rowland penny via samba < > > samba at lists.samba.org> wrote: > > > >> On 30/09/2020 13:22, Robert Wooden via samba wrote: > >> > Yesterday I had an issue with Samba v 4.13.0. > >> > > >> > I cannot figure out why bind9 will not "host -t SRV _ldap._ > >> > tcp.ad.dtntwk.work." or "host -t SRV > _kerberos._udp.ad.dtntwk.work." > >> > > >> > root at dc1:~# host -t SRV _ldap._tcp.subdom.example.com. > >> Hmm, is 'subdom.example.com' really 'ad.dtntwk.work' ? > >> >> dc1.subdom.example.com has address 164.98.xxx.xxx > >> >> > >> > This ip address is my external ip provided from the ISP. > It should be a > >> > local ip (192.168.0.xx) > >> How is your internal device getting an external IP ? > >> > > >> > root at dc1:~# cat /etc/bind/named.conf > >> > >> Your bind files are the same as mine, except I have these > in 'options' : > >> > >> dnssec-enable no; > >> dnssec-lookaside no; > >> allow-transfer { none; }; > >> > >> >> // rndc.key is installed by default on debian. > Just a matter > >> of > >> >> enableing it. > >> >> include "/etc/bind/rndc.key"; > >> >> controls { > >> >> inet 127.0.0.1 allow { localhost; } keys > { rndc-key; }; > >> >> // inet ::1 allow { ::1; } keys { rndc-key; }; > >> >> }; > >> I also do not have the rndc lines, they are not required. > >> > >> > And "dpkg-reconfigure krb5-user" will not reconfigure. > >> Strange. > >> > > >> > root at dc1:~# kinit administrator > >> >> kinit: Cannot find KDC for realm "SUBDOM.EXAMPLE.COM" > while getting > >> >> initial credentials > >> Are Samba and Bind9 running ? > >> > >> Is 'subdom.example.com' a registered domain, or is > 'example.com' the > >> registered domain ? > >> > >> Rowland > >> > >> > >> > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
It appears to be loading: root at dtdc1:~# cat /etc/bind/named.conf.local> // > // Do any local configuration here > // > > // Consider adding the 1918 zones here, if they are not used in your > // organization > //include "/etc/bind/zones.rfc1918"; > > // adding the dlopen ( Bind DLZ ) module for samba. > // at install debian already sets the correct bind9.XX version in this > file below. > *include "/var/lib/samba/bind-dns/named.conf"*; >I did find that there were issues with file permissions for some of the bind9 files. I may have missed one. Still stumped as to why I cannot "dpkg-reconfiure krb5.conf" ??? And "init administrator" will not connect to kerberos? On Wed, Sep 30, 2020 at 10:02 AM L.P.H. van Belle <belle at bazuin.nl> wrote:> Bind_DLZ is not loaded > Which makes sence if we see the errors.. > > Verify if this is loaded.. > > I have it in named.conf.local > > // adding the dlopen ( Bind DLZ ) module for samba, beware, if you using > bind9.9 then you need to change this manualy > include "/var/lib/samba/bind-dns/named.conf"; > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Robert Wooden via samba > > Verzonden: woensdag 30 september 2020 16:55 > > CC: SAMBA MailList > > Onderwerp: Re: [Samba] Bind9 issue > > > > Louis, > > > > (Un-sanitized) > > > > root at dtdc1:~# systemctl status bind9 > > > ??? bind9.service - BIND Domain Name Server > > > Loaded: loaded (/lib/systemd/system/bind9.service; > > enabled; vendor > > > preset: enabled) > > > Active: active (running) since Wed 2020-09-30 07:19:21 > > CDT; 2h 26min ago > > > Docs: man:named(8) > > > Process: 375 ExecStart=/usr/sbin/named $OPTIONS (code=exited, > > > status=0/SUCCESS) > > > Main PID: 395 (named) > > > Tasks: 5 (limit: 2249) > > > Memory: 27.7M > > > CGroup: /system.slice/bind9.service > > > ??????395 /usr/sbin/named -u bind > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53 > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53 > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53 > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53 > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53 > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53 > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53 > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53 > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53 > > > Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete > > > > > > > Add the log from this morning > > > > > Sep 30 07:19:21 dtdc1 named[395]: starting BIND > > > 9.11.5-P4-5.1+deb10u2-Debian (Extended Support Version) <id:998753c> > > > > > > Sep 30 07:19:21 dtdc1 named[395]: running on Linux x86_64 > > 4.19.0-11-amd64 > > > #1 SMP Debian 4.19.146-1 (2020-09-17) > > > > > > Sep 30 07:19:21 dtdc1 named[395]: built with > > '--build=x86_64-linux-gnu' > > > '--prefix=/usr' '--includedir=/usr/include' > > '--mandir=/usr/share/man' > > > '--infodir=/usr/share/info' '--sysconfdir=/etc' > > '--localstatedir=/var' > > > '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' > > > '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' > > > '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' > > > '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' > > > '--enable-threads' '--enable-largefile' '--with-libtool' > > '--enable-shared' > > > '--enable-static' '--with-gost=no' '--with-openssl=/usr' > > > '--with-gssapi=/usr' '--with-libidn2' '--with-libjson=/usr' > > > '--with-lmdb=/usr' '--with-gnu-ld' '--with-geoip=/usr' > > '--with-atf=no' > > > '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' > > > '--enable-native-pkcs11' > > '--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so' > > > '--with-randomdev=/dev/urandom' '--enable-dnstap' > > > 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 > > > -fdebug-prefix-map=/build/bind9-pbRECD/bind9-9.11.5.P4+dfsg=. > > > -fstack-protector-strong -Wformat -Werror=format-security > > > -fno-strict-aliasing -fno-delete-null-pointer-checks > > -DNO_VERSION_DATE > > > -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' > > 'CPPFLAGS=-Wdate-time > > > -D_FORTIFY_SOURCE=2' > > > > > > Sep 30 07:19:21 dtdc1 named[395]: running as: named -u bind > > > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled by GCC 8.3.0 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled with OpenSSL > > version: OpenSSL > > > 1.1.1d 10 Sep 2019 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: linked to OpenSSL version: OpenSSL > > > 1.1.1d 10 Sep 2019 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled with libxml2 > > version: 2.9.4 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: linked to libxml2 version: 20904 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled with libjson-c > > version: 0.12.1 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: linked to libjson-c > > version: 0.12.1 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: threads support is enabled > > > > > > Sep 30 07:19:21 dtdc1 named[395]: > > > ---------------------------------------------------- > > > > > > Sep 30 07:19:21 dtdc1 named[395]: BIND 9 is maintained by > > Internet Systems > > > Consortium, > > > > > > Sep 30 07:19:21 dtdc1 named[395]: Inc. (ISC), a non-profit 501(c)(3) > > > public-benefit > > > > > > Sep 30 07:19:21 dtdc1 named[395]: corporation. Support and > > training for > > > BIND 9 are > > > > > > Sep 30 07:19:21 dtdc1 named[395]: available at > > https://www.isc.org/support > > > > > > Sep 30 07:19:21 dtdc1 named[395]: > > > ---------------------------------------------------- > > > > > > Sep 30 07:19:21 dtdc1 named[395]: adjusted limit on open > > files from 524288 > > > to 1048576 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: found 2 CPUs, using 2 > > worker threads > > > > > > Sep 30 07:19:21 dtdc1 named[395]: using 1 UDP listener per interface > > > > > > Sep 30 07:19:21 dtdc1 named[395]: using up to 4096 sockets > > > > > > Sep 30 07:19:21 dtdc1 named[395]: loading configuration from > > > '/etc/bind/named.conf' > > > > > > Sep 30 07:19:21 dtdc1 named[395]: reading built-in trust > > anchors from file > > > '/etc/bind/bind.keys' > > > > > > Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP > > Country (IPv4) (type > > > 1) DB > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build > > > > > > Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP > > Country (IPv6) (type > > > 12) DB > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 2) DB not > > > available > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 6) DB not > > > available > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 30) DB not > > > available > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 31) DB not > > > available > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 3) DB > > not available > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 7) DB > > not available > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP ISP (type 4) DB not > > available > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Org (type 5) DB not > > available > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP AS (type 9) DB not available > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Domain (type 11) DB > > not available > > > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP NetSpeed (type 10) > > DB not available > > > > > > Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv4 port range: > > > [32768, 60999] > > > > > > Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv6 port range: > > > [32768, 60999] > > > > > > Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4 interface lo, > > > 127.0.0.1#53 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4 > > interface enp1s0, > > > 192.168.16.41#53 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: generating session key > > for dynamic DNS > > > > > > Sep 30 07:19:21 dtdc1 named[395]: sizing zone task pool > > based on 5 zones > > > > > > Sep 30 07:19:21 dtdc1 named[395]: set up managed keys zone for view > > > _default, file 'managed-keys.bind' > > > > > > Sep 30 07:19:21 dtdc1 named[395]: command channel listening on > > > 127.0.0.1#953 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: managed-keys-zone: loaded serial 7 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: zone 0.in-addr.arpa/IN: > > loaded serial 1 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: zone 127.in-addr.arpa/IN: > > loaded serial 1 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: zone 255.in-addr.arpa/IN: > > loaded serial 1 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: zone localhost/IN: loaded serial 2 > > > > > > Sep 30 07:19:21 dtdc1 named[395]: all zones loaded > > > > > > Sep 30 07:19:21 dtdc1 named[395]: running > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:7fe::53#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:7fe::53#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:500:1::53#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:500:1::53#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:503:ba3e::2:30#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:500:a8::e#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:500:2f::f#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:503:ba3e::2:30#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:500:a8::e#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:500:2f::f#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:503:c27::2:30#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:500:2d::d#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:500:9f::42#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:500:200::b#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:503:c27::2:30#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:7fd::1#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:7fe::53#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:500:2d::d#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:1::53#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:500:9f::42#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:503:ba3e::2:30#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:500:200::b#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:a8::e#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:7fd::1#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2f::f#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:500:2::c#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:503:c27::2:30#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:dc3::35#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:500:2::c#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2d::d#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:dc3::35#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > > resolving './NS/IN': > > > 2001:500:12::d0d#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/A/IN': 2001:500:12::d0d#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:9f::42#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:200::b#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:7fd::1#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2::c#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:dc3::35#53 > > > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:12::d0d#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:7fe::53#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:1::53#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:503:ba3e::2:30#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:a8::e#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53 > > > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53 > > > > > > Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete > > > > > > (END > > > > > > > Anyones thoughts?? > > > > > > On Wed, Sep 30, 2020 at 9:43 AM Robert Wooden <wdn2420systm at gmail.com> > > wrote: > > > > > Rowland, > > > To answer you first, my "example.com" registered host is a > > wildcat " *. > > > example.com". Everything example.com returns my external ip address. > > > > > > Both bind9 and samba are running. > > > > > > Might add your "options" but for now, solving my problem, first. > > > > > > Louis, your answer in a few minutes. > > > > > > On Wed, Sep 30, 2020 at 8:09 AM Rowland penny via samba < > > > samba at lists.samba.org> wrote: > > > > > >> On 30/09/2020 13:22, Robert Wooden via samba wrote: > > >> > Yesterday I had an issue with Samba v 4.13.0. > > >> > > > >> > I cannot figure out why bind9 will not "host -t SRV _ldap._ > > >> > tcp.ad.dtntwk.work." or "host -t SRV > > _kerberos._udp.ad.dtntwk.work." > > >> > > > >> > root at dc1:~# host -t SRV _ldap._tcp.subdom.example.com. > > >> Hmm, is 'subdom.example.com' really 'ad.dtntwk.work' ? > > >> >> dc1.subdom.example.com has address 164.98.xxx.xxx > > >> >> > > >> > This ip address is my external ip provided from the ISP. > > It should be a > > >> > local ip (192.168.0.xx) > > >> How is your internal device getting an external IP ? > > >> > > > >> > root at dc1:~# cat /etc/bind/named.conf > > >> > > >> Your bind files are the same as mine, except I have these > > in 'options' : > > >> > > >> dnssec-enable no; > > >> dnssec-lookaside no; > > >> allow-transfer { none; }; > > >> > > >> >> // rndc.key is installed by default on debian. > > Just a matter > > >> of > > >> >> enableing it. > > >> >> include "/etc/bind/rndc.key"; > > >> >> controls { > > >> >> inet 127.0.0.1 allow { localhost; } keys > > { rndc-key; }; > > >> >> // inet ::1 allow { ::1; } keys { rndc-key; }; > > >> >> }; > > >> I also do not have the rndc lines, they are not required. > > >> > > >> > And "dpkg-reconfigure krb5-user" will not reconfigure. > > >> Strange. > > >> > > > >> > root at dc1:~# kinit administrator > > >> >> kinit: Cannot find KDC for realm "SUBDOM.EXAMPLE.COM" > > while getting > > >> >> initial credentials > > >> Are Samba and Bind9 running ? > > >> > > >> Is 'subdom.example.com' a registered domain, or is > > 'example.com' the > > >> registered domain ? > > >> > > >> Rowland > > >> > > >> > > >> > > >> > > >> -- > > >> To unsubscribe from this list go to the following URL and read the > > >> instructions: https://lists.samba.org/mailman/options/samba > > >> > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > >
On 30/09/2020 15:43, Robert Wooden wrote:> Rowland, > To answer you first, my "example.com <http://example.com>" registered > host is a wildcat " *.example.com <http://example.com>". Everything > example.com <http://example.com> returns my external ip address. >If you had asked about this before you set up your domain, I would have advised you to use something like 'this.is. not.connected.to.the.internet.in anyway.com' for your Samba AD domain, bit late now. Rowland
Sorry, link did not work? On Wed, Sep 30, 2020 at 11:02 AM Rowland penny via samba < samba at lists.samba.org> wrote:> On 30/09/2020 15:43, Robert Wooden wrote: > > Rowland, > > To answer you first, my "example.com <http://example.com>" registered > > host is a wildcat " *.example.com <http://example.com>". Everything > > example.com <http://example.com> returns my external ip address. > > > If you had asked about this before you set up your domain, I would have > advised you to use something like 'this.is. > not.connected.to.the.internet.in anyway.com' for your Samba AD domain, > bit late now. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hi Bob, ? Ok, things are looking ok again? dpkg-reconfiure krb5.conf , doesnt do much expect installing and configuringing krb5.conf which basicly only sets the REALM.? "init administrator" will not connect to kerberos? If the DNS isnt running, its unable to resolv the servernames for the REALM. Resulting in, you not able to kinit. ? Greetz, ? Louis ? ? Van: Robert Wooden [mailto:wdn2420systm at gmail.com] Verzonden: woensdag 30 september 2020 17:21 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] Bind9 issue It appears to be loading: root at dtdc1:~# cat /etc/bind/named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; // adding the dlopen ( Bind DLZ ) module for samba. // at install debian already sets the correct bind9.XX version in this file below. include "/var/lib/samba/bind-dns/named.conf"; I did find that there were issues with file permissions for some of the bind9 files. I may have missed one. Still stumped as to why I cannot "dpkg-reconfiure krb5.conf" ??? And "init administrator" will not connect to kerberos? On Wed, Sep 30, 2020 at 10:02 AM L.P.H. van Belle <belle at bazuin.nl> wrote: Bind_DLZ is not loaded Which makes sence if we see the errors..? Verify if this is loaded.. I have it in named.conf.local // adding the dlopen ( Bind DLZ ) module for samba, beware, if you using bind9.9 then you need to change this manualy include "/var/lib/samba/bind-dns/named.conf";> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Robert Wooden via samba > Verzonden: woensdag 30 september 2020 16:55 > CC: SAMBA MailList > Onderwerp: Re: [Samba] Bind9 issue > > Louis, > > (Un-sanitized) > > root at dtdc1:~# systemctl status bind9 > > ??? bind9.service - BIND Domain Name Server > >? ? Loaded: loaded (/lib/systemd/system/bind9.service; > enabled; vendor > > preset: enabled) > >? ? Active: active (running) since Wed 2020-09-30 07:19:21 > CDT; 2h 26min ago > >? ? ? Docs: man:named(8) > >? ?Process: 375 ExecStart=/usr/sbin/named $OPTIONS (code=exited, > > status=0/SUCCESS) > >? Main PID: 395 (named) > >? ? ?Tasks: 5 (limit: 2249) > >? ? Memory: 27.7M > >? ? CGroup: /system.slice/bind9.service > >? ? ? ? ? ? ??????395 /usr/sbin/named -u bind > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53 > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53 > > Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete > > > > Add the log from this morning > > > Sep 30 07:19:21 dtdc1 named[395]: starting BIND > > 9.11.5-P4-5.1+deb10u2-Debian (Extended Support Version) <id:998753c> > > > > Sep 30 07:19:21 dtdc1 named[395]: running on Linux x86_64 > 4.19.0-11-amd64 > > #1 SMP Debian 4.19.146-1 (2020-09-17) > > > > Sep 30 07:19:21 dtdc1 named[395]: built with > '--build=x86_64-linux-gnu' > > '--prefix=/usr' '--includedir=/usr/include' > '--mandir=/usr/share/man' > > '--infodir=/usr/share/info' '--sysconfdir=/etc' > '--localstatedir=/var' > > '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' > > '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' > > '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' > > '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' > > '--enable-threads' '--enable-largefile' '--with-libtool' > '--enable-shared' > > '--enable-static' '--with-gost=no' '--with-openssl=/usr' > > '--with-gssapi=/usr' '--with-libidn2' '--with-libjson=/usr' > > '--with-lmdb=/usr' '--with-gnu-ld' '--with-geoip=/usr' > '--with-atf=no' > > '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' > > '--enable-native-pkcs11' > '--with-pkcs11=/usr/lib/softhsm/libsofthsm2.so' > > '--with-randomdev=/dev/urandom' '--enable-dnstap' > > 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 > > -fdebug-prefix-map=/build/bind9-pbRECD/bind9-9.11.5.P4+dfsg=. > > -fstack-protector-strong -Wformat -Werror=format-security > > -fno-strict-aliasing -fno-delete-null-pointer-checks > -DNO_VERSION_DATE > > -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' > 'CPPFLAGS=-Wdate-time > > -D_FORTIFY_SOURCE=2' > > > > Sep 30 07:19:21 dtdc1 named[395]: running as: named -u bind > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled by GCC 8.3.0 > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled with OpenSSL > version: OpenSSL > > 1.1.1d 10 Sep 2019 > > > > Sep 30 07:19:21 dtdc1 named[395]: linked to OpenSSL version: OpenSSL > > 1.1.1d 10 Sep 2019 > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled with libxml2 > version: 2.9.4 > > > > Sep 30 07:19:21 dtdc1 named[395]: linked to libxml2 version: 20904 > > > > Sep 30 07:19:21 dtdc1 named[395]: compiled with libjson-c > version: 0.12.1 > > > > Sep 30 07:19:21 dtdc1 named[395]: linked to libjson-c > version: 0.12.1 > > > > Sep 30 07:19:21 dtdc1 named[395]: threads support is enabled > > > > Sep 30 07:19:21 dtdc1 named[395]: > > ---------------------------------------------------- > > > > Sep 30 07:19:21 dtdc1 named[395]: BIND 9 is maintained by > Internet Systems > > Consortium, > > > > Sep 30 07:19:21 dtdc1 named[395]: Inc. (ISC), a non-profit 501(c)(3) > > public-benefit > > > > Sep 30 07:19:21 dtdc1 named[395]: corporation. Support and > training for > > BIND 9 are > > > > Sep 30 07:19:21 dtdc1 named[395]: available at > https://www.isc.org/support > > > > Sep 30 07:19:21 dtdc1 named[395]: > > ---------------------------------------------------- > > > > Sep 30 07:19:21 dtdc1 named[395]: adjusted limit on open > files from 524288 > > to 1048576 > > > > Sep 30 07:19:21 dtdc1 named[395]: found 2 CPUs, using 2 > worker threads > > > > Sep 30 07:19:21 dtdc1 named[395]: using 1 UDP listener per interface > > > > Sep 30 07:19:21 dtdc1 named[395]: using up to 4096 sockets > > > > Sep 30 07:19:21 dtdc1 named[395]: loading configuration from > > '/etc/bind/named.conf' > > > > Sep 30 07:19:21 dtdc1 named[395]: reading built-in trust > anchors from file > > '/etc/bind/bind.keys' > > > > Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP > Country (IPv4) (type > > 1) DB > > > > Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build > > > > Sep 30 07:19:21 dtdc1 named[395]: initializing GeoIP > Country (IPv6) (type > > 12) DB > > > > Sep 30 07:19:21 dtdc1 named[395]: GEO-106FREE 20181108 Build > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 2) DB not > > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv4) (type 6) DB not > > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 30) DB not > > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP City (IPv6) (type 31) DB not > > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 3) DB > not available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Region (type 7) DB > not available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP ISP (type 4) DB not > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Org (type 5) DB not > available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP AS (type 9) DB not available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP Domain (type 11) DB > not available > > > > Sep 30 07:19:21 dtdc1 named[395]: GeoIP NetSpeed (type 10) > DB not available > > > > Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv4 port range: > > [32768, 60999] > > > > Sep 30 07:19:21 dtdc1 named[395]: using default UDP/IPv6 port range: > > [32768, 60999] > > > > Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4 interface lo, > > 127.0.0.1#53 > > > > Sep 30 07:19:21 dtdc1 named[395]: listening on IPv4 > interface enp1s0, > > 192.168.16.41#53 > > > > Sep 30 07:19:21 dtdc1 named[395]: generating session key > for dynamic DNS > > > > Sep 30 07:19:21 dtdc1 named[395]: sizing zone task pool > based on 5 zones > > > > Sep 30 07:19:21 dtdc1 named[395]: set up managed keys zone for view > > _default, file 'managed-keys.bind' > > > > Sep 30 07:19:21 dtdc1 named[395]: command channel listening on > > 127.0.0.1#953 > > > > Sep 30 07:19:21 dtdc1 named[395]: managed-keys-zone: loaded serial 7 > > > > Sep 30 07:19:21 dtdc1 named[395]: zone 0.in-addr.arpa/IN: > loaded serial 1 > > > > Sep 30 07:19:21 dtdc1 named[395]: zone 127.in-addr.arpa/IN: > loaded serial 1 > > > > Sep 30 07:19:21 dtdc1 named[395]: zone 255.in-addr.arpa/IN: > loaded serial 1 > > > > Sep 30 07:19:21 dtdc1 named[395]: zone localhost/IN: loaded serial 2 > > > > Sep 30 07:19:21 dtdc1 named[395]: all zones loaded > > > > Sep 30 07:19:21 dtdc1 named[395]: running > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:7fe::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:7fe::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:1::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:1::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:503:ba3e::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:a8::e#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:2f::f#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:503:ba3e::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:a8::e#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:2f::f#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:503:c27::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:2d::d#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:9f::42#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:200::b#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:503:c27::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:7fd::1#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:7fe::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:2d::d#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:1::53#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:9f::42#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:503:ba3e::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:200::b#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:a8::e#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:7fd::1#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2f::f#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:2::c#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:503:c27::2:30#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:dc3::35#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:2::c#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2d::d#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:dc3::35#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable > resolving './NS/IN': > > 2001:500:12::d0d#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/A/IN': 2001:500:12::d0d#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:9f::42#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:200::b#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:7fd::1#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:2::c#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:dc3::35#53 > > > > Sep 30 07:19:25 dtdc1 named[395]: network unreachable resolving ' > > 0.us.pool.ntp.org/AAAA/IN': 2001:500:12::d0d#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:7fe::53#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:1::53#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:503:ba3e::2:30#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:a8::e#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2f::f#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:503:c27::2:30#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2d::d#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:9f::42#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:200::b#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:7fd::1#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:2::c#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:dc3::35#53 > > > > Sep 30 07:19:27 dtdc1 named[395]: network unreachable resolving ' > > dtdc1.ad.dtntwk.work/A/IN': 2001:500:12::d0d#53 > > > > Sep 30 07:19:28 dtdc1 named[395]: resolver priming query complete > > > > (END > > > >? Anyones thoughts?? > > > On Wed, Sep 30, 2020 at 9:43 AM Robert Wooden <wdn2420systm at gmail.com> > wrote: > > > Rowland, > > To answer you first, my "example.com" registered host is a > wildcat " *. > > example.com". Everything example.com returns my external ip address. > > > > Both bind9 and samba are running. > > > > Might add your "options" but for now, solving my problem, first. > > > > Louis, your answer in a few minutes. > > > > On Wed, Sep 30, 2020 at 8:09 AM Rowland penny via samba < > > samba at lists.samba.org> wrote: > > > >> On 30/09/2020 13:22, Robert Wooden via samba wrote: > >> > Yesterday I had an issue with Samba v 4.13.0. > >> > > >> > I cannot figure out why bind9 will not "host -t SRV _ldap._ > >> > tcp.ad.dtntwk.work." or "host -t SRV > _kerberos._udp.ad.dtntwk.work." > >> > > >> > root at dc1:~# host -t SRV _ldap._tcp.subdom.example.com. > >> Hmm, is 'subdom.example.com' really 'ad.dtntwk.work' ? > >> >> dc1.subdom.example.com has address 164.98.xxx.xxx > >> >> > >> > This ip address is my external ip provided from the ISP. > It should be a > >> > local ip (192.168.0.xx) > >> How is your internal device getting an external IP ? > >> > > >> > root at dc1:~# cat /etc/bind/named.conf > >> > >> Your bind files are the same as mine, except I have these > in 'options' : > >> > >> dnssec-enable no; > >> dnssec-lookaside no; > >> allow-transfer { none; }; > >> > >> >>? ? ? ? ? // rndc.key is installed by default on debian. > Just a matter > >> of > >> >> enableing it. > >> >>? ? ? ? ? include "/etc/bind/rndc.key"; > >> >>? ? ? ? ? ? ? controls { > >> >>? ? ? ? ? ? ? ?inet 127.0.0.1 allow { localhost; } keys > { rndc-key; }; > >> >>? ? ? ? ? //? ? ?inet ::1 allow { ::1; } keys { rndc-key; }; > >> >>? ? ? ? ? }; > >> I also do not have the rndc lines, they are not required. > >> > >> > And "dpkg-reconfigure krb5-user" will not reconfigure. > >> Strange. > >> > > >> > root at dc1:~# kinit administrator > >> >> kinit: Cannot find KDC for realm "SUBDOM.EXAMPLE.COM" > while getting > >> >> initial credentials > >> Are Samba and Bind9 running ? > >> > >> Is 'subdom.example.com' a registered domain, or is > 'example.com' the > >> registered domain ? > >> > >> Rowland > >> > >> > >> > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions:? https://lists.samba.org/mailman/options/samba > >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions:? https://lists.samba.org/mailman/options/samba > >