Displaying 20 results from an estimated 118 matches for "lookaside".
2019 May 15
2
Workstations cannot update DNS
...empty-zones-enable no;
> allow-query { 127.0.0.1; 192.168.0.0/24; };
> allow-recursion { 192.168.0.0/24; 127.0.0.1/32; };
> forwarders { 8.8.8.8; 8.8.4.4; };
> allow-transfer { none; };
> dnssec-validation no;
> dnssec-enable no;
> dnssec-lookaside no;
> listen-on-v6 { none; };
> listen-on port 53 { 192.168.0.6; 127.0.0.1; };
>
> tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> };
>
> I think you should be able to see the differences, especially the last
> line ;-)
I took your lin...
2014 Sep 08
1
Starting second DC makes named to freeze on primary DC
...d/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion yes;
# just example
forwarders { 8.8.8.8; };
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
zone "." IN {
type hint;
file "named.ca";
};
include...
2013 Aug 14
1
CentOS6 bind DLV problems
I have two CentOS6 boxes, both running Bind as a local resolver, with
what appears to me to be the same configuration as each other. I have
a problem on one but not the other, to do with DNSSEC Lookaside Validation.
On the box with the problem, if I do: host www.bbc.co.uk 127.0.0.1
(for example), it sits there for a while, then gives me a timeout error.
I did some tests while running a tcpdump packet capture on udp port 53,
and I discovered that bind was fetching the correct answer normally,
and t...
2018 Feb 26
2
smbclient //server/netlogon -k -c 'ls' fails with "NT_STATUS_LOGON_FAILURE"
...N.RO";
>
> forwarders {
> 213.154.124.1;
> 193.231.252.1;
> };
>
> dnssec-enable yes;
> dnssec-validation yes;
I have this instead:
dnssec-validation no;
dnssec-enable no;
dnssec-lookaside no;
>
> auth-nxdomain no; # conform to RFC1035
> listen-on-v6 { none; };
> };
>
> /etc/bind/named.conf.default-zones:
Nothing wrong there
>
>
> /var/lib/samba/private/named.conf:
Nothing wrong there
Is Apparmor running or is a firewall running...
2020 Sep 13
2
DNS problems when adding samba DC to win2008R2
...notify no;
empty-zones-enable no;
auth-nxdomain yes;
forwarders { 8.8.8.8; 8.8.4.4; };
allow-transfer { none; };
listen-on-v6 { none; };
listen-on port 53 { 192.168.59.112; 127.0.0.1; ::1; };
dnssec-validation no;
dnssec-enable no;
dnssec-lookaside no;
minimal-responses yes;
allow-query {
127.0.0.1;
192.168.59.0/24;
};
allow-query-cache {
127.0.0.1;
192.168.59.0/24;
};
recursion yes;
allow-recursion {
127.0.0.1;
192.168.59.0/24;
};
tkey-gssapi...
2020 Feb 28
4
Samba Bind DLZ Slow queries
.../named/data/named_mem_stats.txt";
auth-nxdomain yes;
directory "/var/named";
notify no;
empty-zones-enable no;
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
minimal-responses yes;
dnssec-validation no;
dnssec-enable no;
dnssec-lookaside no;
listen-on port 53 { <Server IP>; 127.0.0.1; };
recursive-clients 4000;
tcp-clients 400;
clients-per-query 30;
max-clients-per-query 50;
# IP addresses and network ranges allowed to query the DNS server:
allow-query { any; };
allow-query-cache { any; };...
2019 May 15
0
Workstations cannot update DNS
...; allow-query { 127.0.0.1; 192.168.0.0/24; };
> > allow-recursion { 192.168.0.0/24; 127.0.0.1/32; };
> > forwarders { 8.8.8.8; 8.8.4.4; };
> > allow-transfer { none; };
> > dnssec-validation no;
> > dnssec-enable no;
> > dnssec-lookaside no;
> > listen-on-v6 { none; };
> > listen-on port 53 { 192.168.0.6; 127.0.0.1; };
> >
> > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> > };
> >
> > I think you should be able to see the differences, especially the las...
2019 Aug 05
2
samba dlz. bind9 nslookup is wrong
...notify no;
??? empty-zones-enable no;
??? auth-nxdomain yes;
??? allow-query { 127.0.0.1; 192.168.0.0/24; };
??? allow-recursion { 192.168.0.0/24; 127.0.0.1/32; };
??? forwarders { 8.8.8.8; 8.8.4.4; };
??? allow-transfer { none; };
??? dnssec-validation no;
??? dnssec-enable no;
??? dnssec-lookaside no;
??? listen-on-v6 { none; };
??? listen-on port 53 { 192.168.0.6; 127.0.0.1; };
??? tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
};
/etc/bind/named.conf.local
include "/var/lib/samba/bind-dns/named.conf";
/etc/bind/named.conf.default-zones is unchanged from...
2013 Mar 10
8
BIND Setup Issue
...tatistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 10.0.0.1/24; 10.0.0.254/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;...
2014 Sep 21
1
rndc permission denied
...timate users. Failing to do so
will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type...
2019 Jan 11
2
samba_dnsupdate options: --use-samba-tool vs. --use-nsupdate, and dhcpd dynamic updates
On Friday, January 11, 2019 12:04 PM, Rowland Penny via samba <samba at lists.samba.org> wrote:
> OK, you are now running my scripts as found on the Samba wiki, so it
> should work.
>
> Lets check some things, can you post the contents of the following
> files:
>
> /etc/resolv.conf
search corp.<DOMAIN>.com# nameserver 172.20.10.131nameserver 172.20.10.130
2020 Nov 18
2
dnsupdate failed with TKEY is unaceptable
...amba/smb.conf# cat /etc/named.conf ??????????????????????# Global Configuration Options options { ???auth-nxdomain yes; ???version "Parametro no soportado"; ???directory "/var/named"; ???notify no; ???empty-zones-enable no; ???dnssec-validation no; ???dnssec-enable no; ???dnssec-lookaside no; ???listen-on-v6 { none; }; ???listen-on port 53 { 192.168.41.18; 127.0.0.1; }; ???# IP addresses and network ranges allowed to query the DNS server: ???allow-query { ???????127.0.0.1; ???????192.168.41.0/24; ???}; ???allow-query-cache { ???????127.0.0.1; ???????192.168.41.0/24; ???}; ???# IP ad...
2019 May 15
1
Workstations cannot update DNS
...; 192.168.0.0/24; };
> > > allow-recursion { 192.168.0.0/24; 127.0.0.1/32; };
> > > forwarders { 8.8.8.8; 8.8.4.4; };
> > > allow-transfer { none; };
> > > dnssec-validation no;
> > > dnssec-enable no;
> > > dnssec-lookaside no;
> > > listen-on-v6 { none; };
> > > listen-on port 53 { 192.168.0.6; 127.0.0.1; };
> > >
> > > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
> > > };
> > >
> > > I think you should be able to see...
2020 Feb 27
3
User names not replicating to secondary DC
...;
notify no;
empty-zones-enable no;
allow-query { trusted;};
allow-recursion { trusted;};
forwarders { 172.23.93.3; };
allow-transfer { trusted;};
allow-update { trusted;};
dnssec-validation no;
dnssec-enable no;
dnssec-lookaside no;
listen-on-v6 { none; };
listen-on port 53 { 172.23.93.25; 127.0.0.1; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
named.conf.local
include "/var/lib/samba/bind-dns/named.conf";
/var/lib/samba/bind-dns/named.conf
dlz "AD DNS Z...
2020 Apr 12
2
BIND9/DNS lookups stopped working after upgrading our Comcast modem/gateway
...?? ??? statistics-file "/var/named/data/named_stats.txt";
??? ??? memstatistics-file "/var/named/data/named_mem_stats.txt";
??? ??? allow-query???? { localhost; mynetworks; };
??? ??? recursion yes;
??? ??? dnssec-enable yes;
??? ??? dnssec-validation auto;
??? ??? dnssec-lookaside auto;
??? ??? /* Path to ISC DLV key */
??? ??? bindkeys-file "/etc/named.iscdlv.key";
??? ??? managed-keys-directory "/var/named/dynamic";
??? ??? pid-file "/run/named/named.pid";
??? ??? session-keyfile "/run/named/session.key";
??? ??? # samba BI...
2020 Sep 30
3
Bind9 issue
Yesterday I had an issue with Samba v 4.13.0.
Went to backup and discovered backup computer has a drive failure and
backup is gone.
Only resort is to rebuild the DC.
I cannot figure out why bind9 will not "host -t SRV _ldap._
tcp.ad.dtntwk.work." or "host -t SRV _kerberos._udp.ad.dtntwk.work."
root at dc1:~# host -t SRV _ldap._tcp.subdom.example.com.
>
2017 Oct 09
1
Samba AD DC dns issue
...ache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; internal; };
recursion yes;
/*
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
*/
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/var/run/named/named.pid";
session-keyfile "/var/run/named/session.key";
forwarders { 172.2...
2019 Nov 28
2
security = ads parameter not working in samba 4.9.5
...tatistics-file "/var/named/data/named_mem_stats.txt";
??? notify no;
??? empty-zones-enable no;
??? allow-query { any; };
??? allow-query-cache { any; };
??? forwarders { 8.8.8.8; 8.8.4.4; };
??? allow-transfer { none; };
??? dnssec-validation no;
??? dnssec-enable no;
??? dnssec-lookaside no;
??? listen-on port 53 { 172.27.28.1; 127.0.0.1; };
??? listen-on-v6 port 53 { ::1;};
??? tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
logging {
??? channel default_debug {
???????? file "data/named.run";
???????? severity dynamic;
??? };
};
zone "...
2019 May 15
2
Workstations cannot update DNS
> > > >
> >
https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration
> > > >
> > > > selinux is not installed.
> > > > Firewall is not active.
> > > > iptables is not active.
> > > The problem appears to have something to do with Apparmor.
> > > >
> > > > From that page,
>
2020 Feb 19
1
Why are ForeignSecurityPrincipals and Managed Service Accounts empty with no entries?
...empty-zones-enable no;
> allow-query { 127.0.0.1; 192.168.0.0/24; };
> allow-recursion { 127.0.0.1/32; 192.168.0.0/24; };
> forwarders { 8.8.8.8; 8.8.4.4; };
> allow-transfer { none; };
> dnssec-validation no;
> dnssec-enable no;
> dnssec-lookaside no;
> listen-on port 53 { any; };
> listen-on-v6 port 53 { any; };
> pid-file "/run/named/named.pid";
> tkey-gssapi-keytab "/usr/local/samba/bind-dns/dns.keytab";
> minimal-responses yes;
> };
>
> logging {
> channel...