search for: lookaside

...empty-zones-enable no; > allow-query { 127.0.0.1; 192.168.0.0/24; }; > allow-recursion { 192.168.0.0/24; 127.0.0.1/32; }; > forwarders { 8.8.8.8; 8.8.4.4; }; > allow-transfer { none; }; > dnssec-validation no; > dnssec-enable no; > dnssec-lookaside no; > listen-on-v6 { none; }; > listen-on port 53 { 192.168.0.6; 127.0.0.1; }; > > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > }; > > I think you should be able to see the differences, especially the last > line ;-) I took your lin...

...d/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; # just example forwarders { 8.8.8.8; }; dnssec-enable no; dnssec-validation no; dnssec-lookaside auto; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; }; zone "." IN { type hint; file "named.ca"; }; include...

I have two CentOS6 boxes, both running Bind as a local resolver, with what appears to me to be the same configuration as each other. I have a problem on one but not the other, to do with DNSSEC Lookaside Validation. On the box with the problem, if I do: host www.bbc.co.uk 127.0.0.1 (for example), it sits there for a while, then gives me a timeout error. I did some tests while running a tcpdump packet capture on udp port 53, and I discovered that bind was fetching the correct answer normally, and t...

...N.RO"; > > forwarders { > 213.154.124.1; > 193.231.252.1; > }; > > dnssec-enable yes; > dnssec-validation yes; I have this instead: dnssec-validation no; dnssec-enable no; dnssec-lookaside no; > > auth-nxdomain no; # conform to RFC1035 > listen-on-v6 { none; }; > }; > > /etc/bind/named.conf.default-zones: Nothing wrong there > > > /var/lib/samba/private/named.conf: Nothing wrong there Is Apparmor running or is a firewall running...

...notify no; empty-zones-enable no; auth-nxdomain yes; forwarders { 8.8.8.8; 8.8.4.4; }; allow-transfer { none; }; listen-on-v6 { none; }; listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; }; dnssec-validation no; dnssec-enable no; dnssec-lookaside no; minimal-responses yes; allow-query { 127.0.0.1; 192.168.59.0/24; }; allow-query-cache { 127.0.0.1; 192.168.59.0/24; }; recursion yes; allow-recursion { 127.0.0.1; 192.168.59.0/24; }; tkey-gssapi...

.../named/data/named_mem_stats.txt"; auth-nxdomain yes; directory "/var/named"; notify no; empty-zones-enable no; tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; minimal-responses yes; dnssec-validation no; dnssec-enable no; dnssec-lookaside no; listen-on port 53 { <Server IP>; 127.0.0.1; }; recursive-clients 4000; tcp-clients 400; clients-per-query 30; max-clients-per-query 50; # IP addresses and network ranges allowed to query the DNS server: allow-query { any; }; allow-query-cache { any; };...

...;      allow-query { 127.0.0.1; 192.168.0.0/24; }; > >      allow-recursion {  192.168.0.0/24; 127.0.0.1/32; }; > >      forwarders { 8.8.8.8; 8.8.4.4; }; > >      allow-transfer { none; }; > >      dnssec-validation no; > >      dnssec-enable no; > >      dnssec-lookaside no; > >      listen-on-v6 { none; }; > >      listen-on port 53 { 192.168.0.6; 127.0.0.1; }; > > > >      tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > > }; > > > > I think you should be able to see the differences, especially the las...

...notify no; ??? empty-zones-enable no; ??? auth-nxdomain yes; ??? allow-query { 127.0.0.1; 192.168.0.0/24; }; ??? allow-recursion { 192.168.0.0/24; 127.0.0.1/32; }; ??? forwarders { 8.8.8.8; 8.8.4.4; }; ??? allow-transfer { none; }; ??? dnssec-validation no; ??? dnssec-enable no; ??? dnssec-lookaside no; ??? listen-on-v6 { none; }; ??? listen-on port 53 { 192.168.0.6; 127.0.0.1; }; ??? tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; }; /etc/bind/named.conf.local include "/var/lib/samba/bind-dns/named.conf"; /etc/bind/named.conf.default-zones is unchanged from...

...tatistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 10.0.0.1/24; 10.0.0.254/24; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic;...

...timate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type...

On Friday, January 11, 2019 12:04 PM, Rowland Penny via samba <samba at lists.samba.org> wrote:   > OK, you are now running my scripts as found on the Samba wiki, so it > should work. > > Lets check some things, can you post the contents of the following > files: > > /etc/resolv.conf search corp.<DOMAIN>.com# nameserver 172.20.10.131nameserver 172.20.10.130

...amba/smb.conf# cat /etc/named.conf ??????????????????????# Global Configuration Options options { ???auth-nxdomain yes; ???version "Parametro no soportado"; ???directory "/var/named"; ???notify no; ???empty-zones-enable no; ???dnssec-validation no; ???dnssec-enable no; ???dnssec-lookaside no; ???listen-on-v6 { none; }; ???listen-on port 53 { 192.168.41.18; 127.0.0.1; }; ???# IP addresses and network ranges allowed to query the DNS server: ???allow-query { ???????127.0.0.1; ???????192.168.41.0/24; ???}; ???allow-query-cache { ???????127.0.0.1; ???????192.168.41.0/24; ???}; ???# IP ad...

...; 192.168.0.0/24; }; > > > allow-recursion { 192.168.0.0/24; 127.0.0.1/32; }; > > > forwarders { 8.8.8.8; 8.8.4.4; }; > > > allow-transfer { none; }; > > > dnssec-validation no; > > > dnssec-enable no; > > > dnssec-lookaside no; > > > listen-on-v6 { none; }; > > > listen-on port 53 { 192.168.0.6; 127.0.0.1; }; > > > > > > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > > > }; > > > > > > I think you should be able to see...

...; notify no; empty-zones-enable no; allow-query { trusted;}; allow-recursion { trusted;}; forwarders { 172.23.93.3; }; allow-transfer { trusted;}; allow-update { trusted;}; dnssec-validation no; dnssec-enable no; dnssec-lookaside no; listen-on-v6 { none; }; listen-on port 53 { 172.23.93.25; 127.0.0.1; }; tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; }; named.conf.local include "/var/lib/samba/bind-dns/named.conf"; /var/lib/samba/bind-dns/named.conf dlz "AD DNS Z...

...?? ??? statistics-file "/var/named/data/named_stats.txt"; ??? ??? memstatistics-file "/var/named/data/named_mem_stats.txt"; ??? ??? allow-query???? { localhost; mynetworks; }; ??? ??? recursion yes; ??? ??? dnssec-enable yes; ??? ??? dnssec-validation auto; ??? ??? dnssec-lookaside auto; ??? ??? /* Path to ISC DLV key */ ??? ??? bindkeys-file "/etc/named.iscdlv.key"; ??? ??? managed-keys-directory "/var/named/dynamic"; ??? ??? pid-file "/run/named/named.pid"; ??? ??? session-keyfile "/run/named/session.key"; ??? ??? # samba BI...

Yesterday I had an issue with Samba v 4.13.0. Went to backup and discovered backup computer has a drive failure and backup is gone. Only resort is to rebuild the DC. I cannot figure out why bind9 will not "host -t SRV _ldap._ tcp.ad.dtntwk.work." or "host -t SRV _kerberos._udp.ad.dtntwk.work." root at dc1:~# host -t SRV _ldap._tcp.subdom.example.com. >

...ache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; internal; }; recursion yes; /* dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; */ /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/var/run/named/named.pid"; session-keyfile "/var/run/named/session.key"; forwarders { 172.2...

...tatistics-file "/var/named/data/named_mem_stats.txt"; ??? notify no; ??? empty-zones-enable no; ??? allow-query { any; }; ??? allow-query-cache { any; }; ??? forwarders { 8.8.8.8; 8.8.4.4; }; ??? allow-transfer { none; }; ??? dnssec-validation no; ??? dnssec-enable no; ??? dnssec-lookaside no; ??? listen-on port 53 { 172.27.28.1; 127.0.0.1; }; ??? listen-on-v6 port 53 { ::1;}; ??? tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; }; logging { ??? channel default_debug { ???????? file "data/named.run"; ???????? severity dynamic; ??? }; }; zone &quot...

> > > > > > https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration > > > > > > > > selinux is not installed. > > > > Firewall is not active. > > > > iptables is not active. > > > The problem appears to have something to do with Apparmor. > > > > > > > > From that page, >

...empty-zones-enable no; > allow-query { 127.0.0.1; 192.168.0.0/24; }; > allow-recursion { 127.0.0.1/32; 192.168.0.0/24; }; > forwarders { 8.8.8.8; 8.8.4.4; }; > allow-transfer { none; }; > dnssec-validation no; > dnssec-enable no; > dnssec-lookaside no; > listen-on port 53 { any; }; > listen-on-v6 port 53 { any; }; > pid-file "/run/named/named.pid"; > tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab"; > minimal-responses yes; > }; > > logging { > channel...