Ralf Spenneberg
2023-Dec-13 11:37 UTC
[Samba] Samba Internal DNS not forwarding some zones
Hi Rowland, thanks for the response. I guess, I did not clarify enough. Of Course I do have a the AD zone setup and managed by the DCs. I am talking about additional external zones not governed by the AD. So I do have ad.domain.toplevel setup and managed by samba I was talking about an additional actually external zone, that I did setup first as an additional manual zone in the internal dns using the Windows mmc, but later removed because I wanted to make use of an upstream forwarder. Forwarding for all external zones is configured in smb.conf. Am 13.12.23 um 11:17 schrieb Rowland Penny via samba:> I take it by 'forwarder DNS', you mean an external (to the AD dns > domain) DNS server, if so, I suggest you stop doing this.Yes. And I think this is a usual setup for resolving zones on the internet. I assume a misunderstanding of my message on your side.> You shouldn't search anything in the 'sam.ldb.d' directory, only > search in '/var/lib/samba/private/sam.ldb'As I mentioned, this was just for debugging purposes. I know that direct write access to these files breaks the replication, etc.> >> >> But still. Anything for xyz.net is forwarded but myzone.net is not >> forwarded to the forwarder. Samba apparently still thinks it is >> responsible for the zone. > > It is.It should not be responsible, because it is not the AD zone, as mentioned abouve but an additional external zone.>Do you have any additional hints? Kind regards, RAlf -- OpenSource Security GmbH https://os-s.de Am Bahnhof 3 48565 Steinfurt Germany Fon: +49 25 52 927009-0 Fax: +49 25 52 927009-9 Registergericht: Amtsgericht Steinfurt, HRB 12044 Gesch?ftsf?hrer: Ralf Spenneberg, Hendrik Schwartke Umsatzsteuer-Identifikationsnummer gem. ?27a UStG: DE815773501
Ralf Spenneberg
2023-Dec-13 19:00 UTC
[Samba] Solved Re: Samba Internal DNS not forwarding some zones
Hi, the problem was resolved. The smbd daemon required a restart to completely forget the zone. Kind regards, Ralf Am 13.12.23 um 12:37 schrieb Ralf Spenneberg via samba:> Hi Rowland, > > thanks for the response. I guess, I did not clarify enough. > Of Course I do have a the AD zone setup and managed by the DCs. I am > talking about additional external zones not governed by the AD. > > So I do have > ad.domain.toplevel > setup and managed by samba > > I was talking about an additional actually external zone, that I did > setup first as an additional manual zone in the internal dns using the > Windows mmc, but later removed because I wanted to make use of an > upstream forwarder. Forwarding for all external zones is configured in > smb.conf. > Am 13.12.23 um 11:17 schrieb Rowland Penny via samba: >> I take it by 'forwarder DNS', you mean an external (to the AD dns >> domain) DNS server, if so, I suggest you stop doing this. > Yes. And I think this is a usual setup for resolving zones on the > internet. I assume a misunderstanding of my message on your side. > >> You shouldn't search anything in the 'sam.ldb.d' directory, only >> search in '/var/lib/samba/private/sam.ldb' > As I mentioned, this was just for debugging purposes. I know that direct > write access to these files breaks the replication, etc. >> >>> >>> But still. Anything for xyz.net is forwarded but myzone.net is not >>> forwarded to the forwarder. Samba apparently still thinks it is >>> responsible for the zone. >> >> It is. > It should not be responsible, because it is not the AD zone, as > mentioned abouve but an additional external zone. >> > > Do you have any additional hints? > > Kind regards, > RAlf > >-- OpenSource Security GmbH https://os-s.de Am Bahnhof 3 48565 Steinfurt Germany Fon: +49 25 52 927009-0 Fax: +49 25 52 927009-9 Registergericht: Amtsgericht Steinfurt, HRB 12044 Gesch?ftsf?hrer: Ralf Spenneberg, Hendrik Schwartke Umsatzsteuer-Identifikationsnummer gem. ?27a UStG: DE815773501