search for: _signed_dns_updates

Alright, I'm taking the plunge: We're switching our three AD DCs from Samba internal to BIND_DLZ back end. I needed a version of BIND with DLZ, as it appears support for that is not so ubiquitous. I went here first: https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates We use Ubuntu 14.04 here, and the Debian/Ubuntu instructions fail on apt-get installing "libpcap2-dev". And, unsurprisingly, the "dget -x http://ftp.de.debian.org/debian/pool/main/b/bind9/bind9_9.9.5.dfsg-7.dsc" command is out of date, so I went into that FTP server to find the...

...9;--disable-isc-spnego' > Good catch Louis, that rang a bell and the answer is because you cannot run a Samba AD DC on red-hat with distro packages, so they stop updates (Don't ask why, I don't know) see here: https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates So in answer to the OP, sorry, but I missed/forgot this and the answer to your problem is, you will have to rebuild the Bind9 rpm. Rowland

Hello, The error described in the email title happens in version 9.10 of the bind that I have installed in our main DC. In face of that, I found the samba wiki article that talks about this problem. https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates I made a new installation via source with the suggested options: root at dc3:~# fakeroot ./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var --enable-threads --enable-largefile --with-libtool --enable-shared --enable-static --wit...

...#39; > > I take it you have built Samba yourself as there are no RHEL7 packages > that provision as a DC, so you know how to build things. > > I think you know what is coming ;-) > > Read this: > > > https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates > > And this: > > https://github.com/hvenzke/CentOS-Bind-DLZ > > And then build Bind9 yourself, removing the thing that is stopping it > working for you '--disable-isc-spnego' > > Rowland > > -- > To unsubscribe from this list go to the following URL and...

...> Hello, > > The error described in the email title happens in version 9.10 of the > bind that I have installed in our main DC. In face of that, I found > the samba wiki article that talks about this problem. > https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates > > I made a new installation via source with the suggested options: > > root at dc3:~# fakeroot ./configure --prefix=/usr --mandir=/usr/share/man > --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var > --enable-threads --enable-largefile --with-libtool --enabl...

...distribution package) on CentOS 7 (tested od 7.5) work even with dynamic DNS updates without any additional fixes or need to recompile Bind package. I think it will work also on other RHEL 7 clones, so we should update Wiki page: https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates 2) There is something terribly wrong with our domain. Specifically dynamic DNS updates with Bind 9 DLZ. But I do not know when and if it ever worked in our environment. It passes every test I can found on wiki, but only Bind 9 DLZ dynamic updates (nsupdate driven) not. It looks like there are som...

...tions there is this '--disable-isc-spnego' I take it you have built Samba yourself as there are no RHEL7 packages that provision as a DC, so you know how to build things. I think you know what is coming ;-) Read this: https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates And this: https://github.com/hvenzke/CentOS-Bind-DLZ And then build Bind9 yourself, removing the thing that is stopping it working for you '--disable-isc-spnego' Rowland

...test environment is working 100% as is, same packages as prod. > OK, I do not use RHEL or Centos, I use Devuan and Bind9 on that OS isn't built with '--disable-isc-spnego', this combined with what it says here: https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates#RHEL_.2F_CENTOS_.2F_FC_.2B_clones_-_ReBuild_Distributed_ISC_Bind_RPM Led me to believe this is your problem. However, you say it works on one DC, but not with multiple DC's. You have mentioned that you demoted DC's, removed all data for the deleted DC from AD and then rejoined it again wi...

...distribution package) on CentOS 7 (tested od 7.5) work even with dynamic DNS updates without any additional fixes or need to recompile Bind package. I think it will work also on other RHEL 7 clones, so we should update Wiki page: https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates 2) There is something terribly wrong with our domain. Specifically dynamic DNS updates with Bind 9 DLZ. But I do not know when and if it ever worked in our environment. It passes every test I can found on wiki, but only Bind 9 DLZ dynamic updates (nsupdate driven) not. It looks like there are som...

Hello Rowland, I have already checked and the DN's are in AD, see attached. SOA: <domain>.corp. 3600 IN SOA psad102zadprh.<domain>.corp. . 9766 3600 600 86400 3600 See below NS, but the 1st NS (zatprdc001) doesn't exsit, and I cannot find it anywhere. NS: <domain>.corp. 3600 IN NS zatprdc001.<domain>.corp. <domain>.corp. 3600

...t; The error described in the email title happens in version 9.10 of the > > bind that I have installed in our main DC. In face of that, I found > > the samba wiki article that talks about this problem. > > > https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates > > > > I made a new installation via source with the suggested options: > > > > root at dc3:~# fakeroot ./configure --prefix=/usr --mandir=/usr/share/man > > --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var > > --enable-threads --enable-larg...

...Rowland: > Good catch Louis, that rang a bell and the answer is because you cannot > run a Samba AD DC on red-hat with distro packages, so they stop updates > (Don't ask why, I don't know) > see here: > https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates Oh my God. You are right, Rowland. I know that page, but I but I assumed it was solved in CentOS 7. I'm very sorry I've missed that wiki page. But it looks like not, notice "--disable-isc-spnego" in named -V: named -V BIND 9.9.4-RedHat-9.9.4-61.el7 (Extended Support Version) <...

...is, same packages as prod. > > > > OK, I do not use RHEL or Centos, I use Devuan and Bind9 on that OS > isn't built with '--disable-isc-spnego', this combined with what it says > here: > > > https://wiki.samba.org/index.php/Using_BIND_DLZ_backend_with_secured_/_signed_DNS_updates#RHEL_.2F_CENTOS_.2F_FC_.2B_clones_-_ReBuild_Distributed_ISC_Bind_RPM > > Led me to believe this is your problem. However, you say it works on > one DC, but not with multiple DC's. > > You have mentioned that you demoted DC's, removed all data for the > deleted DC from AD a...

I've been using bind9 and DHCP on Samba 4.1.0 thru 4.1.17 and Slackware 64 14.1 for many months now in a production environment and it works just fine. There are a few tweaks here and there to get bind/dhcp to play nicely with Samba ... Note, conf file locations are Slackware, but you'll know where the same thing goes in your distro. In the examples below, my Domain IP range is

> So you never read this: > https://wiki.samba.org/index.php/Changing_the_DNS_Back_End_of_a_Samba_AD_DC > Which means that you probably never ran the aptly named > 'samba_upgradedns'Of course I ran this. Many times. I'm not stupid, Rowland. At least I can read:D If I've seen that Bind doesn't work, I had to change backend to internal DNS.I carefully read and made