Samba AD DC dns issue

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Samba AD DC dns issue

Samba - General mailing list
Hi,

I have 2 samba AD Dc's running 4.7.0 with bind_DLZ on both servers.
For the most part things seem to be working as expected. I have created
reverse zones as per
https://wiki.samba.org/index.php/DNS_Administration#Creating_a_new_zone.

I have noticed 2 things that seem odd. when I use the windows dns manager
to add an A record. If I check the box that says to update the reverse zone
and then click add. I get a response that says the record was created
but if I look at the reverse zone the ptr never gets created. I then have
to add the ptr by hand.

Is this expected behavior? If it is not expected, how do I troubleshoot it?

The other thing I have noticed is that if I join a machine to the domain
sometimes the forward DNS records get created and other times they do not.
The reverse zones never get updated.

Name resolution and replication between the 2 DC's work as advertised.

Does anyone know how i can go about troubleshooting this problem?

My bind config is as follows:

options {
     listen-on port 53 { any; };
     directory   "/var/named";
     dump-file   "/var/named/data/cache_dump.db";
     statistics-file "/var/named/data/named_stats.txt";
     memstatistics-file "/var/named/data/named_mem_stats.txt";
     allow-query     { localhost; internal; };

     recursion yes;

     /*
     dnssec-enable yes;
     dnssec-validation yes;
     dnssec-lookaside auto;
     */

     /* Path to ISC DLV key */
     bindkeys-file "/etc/named.iscdlv.key";

     managed-keys-directory "/var/named/dynamic";

     pid-file "/var/run/named/named.pid";
     session-keyfile "/var/run/named/session.key";

     forwarders { 172.20.0.14; 172.20.0.11; 10.224.135.11; };

     // Added for Samba-4.x.
     tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
};

acl "internal" { 10.224.135.0/24; 172.20.0.0/23; 172.20.10.0/24; 172.30.0.0/23; 172.30.10.0/24; 192.168.100.0/24; 192.168.101.0/24; 192.168.102.0/24; 192.168.103.0/24; 127.0.0.1; };

logging {
         channel default_debug {
             file "data/named.run"
                 versions 10
                 size 10M;
             severity dynamic;
             print-time yes;
             print-severity yes;
             print-category yes;
         };
};

zone "." IN {
     type hint;
     file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
# added below for bind DLZ.
include "/usr/local/samba/private/named.conf";

The smb.conf is as follows:

[global]
     netbios name = VDC1
     realm = SAMDOM.MYDOMAIN.COM
     server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
     workgroup = SAMDOM
     server role = active directory domain controller
     idmap_ldb:use rfc2307 = yes

     log file = /var/log/samba/%m.log
     max log size = 5000
     log level = 2

     idmap config SAMDOM:unix_nss_info = yes

     template shell = /bin/bash
     template homedir = /home/samba/users/%U

     deadtime = 5

[netlogon]
     path = /usr/local/samba/var/locks/sysvol/samdom.mydomain.com/scripts
     read only = No

[sysvol]
     path = /usr/local/samba/var/locks/sysvol
     read only = No

Regards,

--
Tom [hidden email]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Samba AD DC dns issue

Samba - General mailing list
On 10/9/2017 3:03 PM, Tom Diehl via samba wrote:

> Hi,
>
> I have 2 samba AD Dc's running 4.7.0 with bind_DLZ on both servers.
> For the most part things seem to be working as expected. I have created
> reverse zones as per
> https://wiki.samba.org/index.php/DNS_Administration#Creating_a_new_zone.
>
> I have noticed 2 things that seem odd. when I use the windows dns manager
> to add an A record. If I check the box that says to update the reverse
> zone
> and then click add. I get a response that says the record was created
> but if I look at the reverse zone the ptr never gets created. I then have
> to add the ptr by hand.
>
> Is this expected behavior? If it is not expected, how do I
> troubleshoot it?
>
> The other thing I have noticed is that if I join a machine to the domain
> sometimes the forward DNS records get created and other times they do
> not.
> The reverse zones never get updated.
>
> Name resolution and replication between the 2 DC's work as advertised.
>
> Does anyone know how i can go about troubleshooting this problem?
>
> My bind config is as follows:
>
> options {
>     listen-on port 53 { any; };
>     directory   "/var/named";
>     dump-file   "/var/named/data/cache_dump.db";
>     statistics-file "/var/named/data/named_stats.txt";
>     memstatistics-file "/var/named/data/named_mem_stats.txt";
>     allow-query     { localhost; internal; };
>
>     recursion yes;
>
>     /*
>     dnssec-enable yes;
>     dnssec-validation yes;
>     dnssec-lookaside auto;
>     */
>
>     /* Path to ISC DLV key */
>     bindkeys-file "/etc/named.iscdlv.key";
>
>     managed-keys-directory "/var/named/dynamic";
>
>     pid-file "/var/run/named/named.pid";
>     session-keyfile "/var/run/named/session.key";
>
>     forwarders { 172.20.0.14; 172.20.0.11; 10.224.135.11; };
>
>     // Added for Samba-4.x.
>     tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
> };
>
> acl "internal" { 10.224.135.0/24; 172.20.0.0/23; 172.20.10.0/24;
> 172.30.0.0/23; 172.30.10.0/24; 192.168.100.0/24; 192.168.101.0/24;
> 192.168.102.0/24; 192.168.103.0/24; 127.0.0.1; };
>
> logging {
>         channel default_debug {
>             file "data/named.run"
>                 versions 10
>                 size 10M;
>             severity dynamic;
>             print-time yes;
>             print-severity yes;
>             print-category yes;
>         };
> };
>
> zone "." IN {
>     type hint;
>     file "named.ca";
> };
>
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
> # added below for bind DLZ.
> include "/usr/local/samba/private/named.conf";
>
> The smb.conf is as follows:
>
> [global]
>     netbios name = VDC1
>     realm = SAMDOM.MYDOMAIN.COM
>     server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbindd, ntp_signd, kcc, dnsupdate
>     workgroup = SAMDOM
>     server role = active directory domain controller
>     idmap_ldb:use rfc2307 = yes
>
>     log file = /var/log/samba/%m.log
>     max log size = 5000
>     log level = 2
>
>     idmap config SAMDOM:unix_nss_info = yes
>
>     template shell = /bin/bash
>     template homedir = /home/samba/users/%U
>
>     deadtime = 5
>
> [netlogon]
>     path = /usr/local/samba/var/locks/sysvol/samdom.mydomain.com/scripts
>     read only = No
>
> [sysvol]
>     path = /usr/local/samba/var/locks/sysvol
>     read only = No
>
> Regards,
>
The PTR issue is a bug. See https://bugzilla.samba.org/show_bug.cgi?id=12186


--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba