Remove this part :
zone "pukey" in {
allow-transfer { any; localnets; };
masters { 192.168.0.4; };
file "slave/pukey";
type slave;
};
you cant use this in current setup. Not with the samba-ad-dc.
Members with bind as forwarder of slave, no problem.
> -----Oorspronkelijk bericht-----
> Van: samba <samba-bounces at lists.samba.org> Namens Zombie Ryushu
via
> samba
> Verzonden: vrijdag 3 juni 2022 16:07
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Bind DLZ Crash named.conf
>
> options {
>
> ???????# The directory statement defines the name server's working
directory
>
> ???????directory "/var/lib/named";
>
> ???????# enable DNSSEC validation
> ???????#
> ???????# If BIND logs error messages about the root key being expired, you
> ???????# will need to update your keys. See https://www.isc.org/bind-keys
> ???????#
> ???????# The dnssec-enable option has been obsoleted and no longer has any
> effect.
> ???????# DNSSEC responses are always enabled if signatures and other
DNSSEC
> data are present.
>
> ???????# dnssec-validation yes (default), indicates that a resolver
> ???????# (a caching or caching-only name server) will attempt to validate
> ???????# replies from DNSSEC enabled (signed) zones. To perform this task
> ???????# the server also needs either a valid trusted-keys clause
> ???????# (containing one or more trusted-anchors) or a managed-keys
clause.
> ???????# If you have problems with forwarders not returning signed
responses,
> ???????# set this to "no", but be aware that this may create
security issues
> ???????# so better switch to a forwarder which supports DNSSEC!
>
> ???????#dnssec-validation auto;
> ???????managed-keys-directory "/var/lib/named/dyn/";
>
> ???????# Write dump and statistics file to the log subdirectory. ?The
> ???????# pathenames are relative to the chroot jail.
>
> ???????dump-file "/var/log/named_dump.db";
> ???????statistics-file "/var/log/named.stats";
>
> ???????# The forwarders record contains a list of servers to which queries
> ???????# should be forwarded. ?Enable this line and modify the IP address
to
> ???????# your provider's name server. ?Up to three servers may be
listed.
>
> ???????#forwarders { 192.0.2.1; 192.0.2.2; };
>
> ???????# Enable the next entry to prefer usage of the name server declared
in
> ???????# the forwarders section.
>
> ???????#forward first;
>
> ???????# The listen-on record contains a list of local network interfaces
to
> ???????# listen on. ?Optionally the port can be specified. ?Default is to
> ???????# listen on all interfaces found on your system. ?The default port
is
> ???????# 53.
>
> ???????#listen-on port 53 { 127.0.0.1; };
>
> ???????# The listen-on-v6 record enables or disables listening on IPv6
> ???????# interfaces. ?Allowed values are 'any' and 'none'
or a list of
> ???????# addresses.
>
> ???????listen-on-v6 { any; };
>
> ???????# The next three statements may be needed if a firewall stands
between
> ???????# the local server and the internet.
>
> ???????#query-source address * port 53;
> ???????#transfer-source * port 53;
> ???????#notify-source * port 53;
>
> ???????# The allow-query record contains a list of networks or IP
addresses
> ???????# to accept and deny queries from. The default is to allow queries
> ???????# from all hosts.
>
> ???????#allow-query { 127.0.0.1; };
>
> ???????# If notify is set to yes (default), notify messages are sent to
other
> ???????# name servers when the the zone data is changed. ?Instead of
setting
> ???????# a global 'notify' statement in the 'options'
section, a separate
> ???????# 'notify' can be added to each zone definition.
>
> ???????notify no;
>
> ???????disable-empty-zone
>
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
> ???????include "/etc/named.d/forwarders.conf";
> ???????tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> ???????minimal-responses yes;
>
> };
>
> # To configure named's logging remove the leading '#'
characters of the #
> following examples.
> #logging {
> # ??????# Log queries to a file limited to a size of 100 MB.
> # ??????channel query_logging {
> # ??????????????file "/var/log/named_querylog"
> # ??????????????????????versions 3 size 100M; # ??????????????print-time
yes; ????????????????//
> timestamp log entries # ??????}; # ??????category queries { #
??????????????query_logging;
> # ??????}; # # ??????# Or log this kind alternatively to syslog.
> # ??????channel syslog_queries {
> # ??????????????syslog user;
> # ??????????????severity info;
> # ??????};
> # ??????category queries { syslog_queries; }; # # ??????# Log general name
server
> errors to syslog.
> # ??????channel syslog_errors {
> # ??????????????syslog user;
> # ??????????????severity error;
> # ??????};
> # ??????category default { syslog_errors; ?}; # # ??????# Don't log
lame server
> messages.
> # ??????category lame-servers { null; }; #};
>
> # The following zone definitions don't need any modification. ?The
first one #
> is the definition of the root name servers. ?The second one defines #
> localhost while the third defines the reverse lookup for localhost.
>
> zone "." in {
> ???????type hint;
> ???????file "root.hint";
> };
>
> zone "localhost" in {
> ???????type master;
> ???????file "localhost.zone";
> };
>
> zone "0.0.127.in-addr.arpa" in {
> ???????type master;
> ???????file "127.0.0.zone";
> };
>
> zone
>
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
> in {
> ???????type master;
> ???????file "127.0.0.zone";
> };
>
>
> # Include the meta include file generated by createNamedConfInclude. ?This
> # includes all files as configured in NAMED_CONF_INCLUDE_FILES from
> # /etc/sysconfig/named
>
> include "/etc/named.conf.include";
> logging {
> ???????category default { log_syslog; };
> ???????channel log_syslog { syslog; };
> };
> zone "pukey" in {
> ???????allow-transfer { any; localnets; };
> ???????masters { 192.168.0.4; };
> ???????file "slave/pukey";
> ???????type slave;
> };
>
> # You can insert further zone records for your own domains below or create
> # single files in /etc/named.d/ and add the file names to
> # NAMED_CONF_INCLUDE_FILES.
> # See /usr/share/doc/packages/bind/README.SUSE for more details.
> # dlz "AD DNS Zone" {
> # ???# For BIND 9.16.x
> # ???database "dlopen /usr/lib64/samba/bind9/dlz_bind9_16.so";
> # };
> s
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba