Secondary Nameserver not working

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Secondary Nameserver not working

Samba - General mailing list
I've configured a secondary slave nameserver based on what I consider rather expert advice, but
it's not working as expected. I'm trying to determine if I've done something wrong with basic
configuration or if there are AD/DC nuances afoot.

The main nameserver is the domain Active Directory/Domain Controller running Samba 4.4.16 on
Slackware64 14.2. This has been running for a few years w/o problem. It's domain IP is
192.168.0.2.

I've attempted to configure a DNS slave on another Linux Slackware64 14.2 system, IP 192.168.0.3.
This host is on the domain LAN, but is not a domain member.

When bind is running on the slave, the zone files are updated as expected. Both Windows and
Linux domain members show both 192.168.0.2 and 192.168.0.3 as nameservers. However, when
192.168.0.2 goes offline, the domain members can no longer access the Internet. That condition
persists until 192.168.0.2 comes back on line. So, the slave DNS server is not working correctly.

In 192.168.0.2 has "allow-transfer { 192.168.0.3; };" set in named.conf options, and in zone and
reverse zone files.

Below is the named.conf on the slave. Am I doing something wrong AD/DC-wise?

options {
        directory "/var/named";

        forwarders {            // These are the ISP provided name servers
           209.18.47.61;
           209.18.47.62;
        };

        allow-query { any; };
        allow-recursion {192.168.0.0/24;};
};

logging{
  channel marks_log {
    syslog local7;
    severity info;
  };
  category default {
    marks_log;
  };
};

zone "hprs.local" IN {
        type slave;
        masters { 192.168.0.2; };
        file "/var/named/db.hprs.local";
};

zone "0.168.192.in-addr.arpa" IN {
    type slave;
    masters { 192.168.0.2; };
    file "/var/named/db.192.168.0";
};


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Secondary Nameserver not working

Samba - General mailing list
On Tue, 31 Oct 2017 02:51:00 -0400
Mark Foley via samba <[hidden email]> wrote:

> I've configured a secondary slave nameserver based on what I consider
> rather expert advice, but it's not working as expected. I'm trying to
> determine if I've done something wrong with basic configuration or if
> there are AD/DC nuances afoot.
>
> The main nameserver is the domain Active Directory/Domain Controller
> running Samba 4.4.16 on Slackware64 14.2. This has been running for a
> few years w/o problem. It's domain IP is 192.168.0.2.
>
> I've attempted to configure a DNS slave on another Linux Slackware64
> 14.2 system, IP 192.168.0.3. This host is on the domain LAN, but is
> not a domain member.
>
> When bind is running on the slave, the zone files are updated as
> expected. Both Windows and Linux domain members show both 192.168.0.2
> and 192.168.0.3 as nameservers. However, when 192.168.0.2 goes
> offline, the domain members can no longer access the Internet. That
> condition persists until 192.168.0.2 comes back on line. So, the
> slave DNS server is not working correctly.
>
> In 192.168.0.2 has "allow-transfer { 192.168.0.3; };" set in
> named.conf options, and in zone and reverse zone files.
>
> Below is the named.conf on the slave. Am I doing something wrong
> AD/DC-wise?
>
> options {
>         directory "/var/named";
>
>         forwarders {            // These are the ISP provided name
> servers 209.18.47.61;
>            209.18.47.62;
>         };
>
>         allow-query { any; };
>         allow-recursion {192.168.0.0/24;};
> };
>
> logging{
>   channel marks_log {
>     syslog local7;
>     severity info;
>   };
>   category default {
>     marks_log;
>   };
> };
>
> zone "hprs.local" IN {
>         type slave;
>         masters { 192.168.0.2; };
>         file "/var/named/db.hprs.local";
> };
>
> zone "0.168.192.in-addr.arpa" IN {
>     type slave;
>     masters { 192.168.0.2; };
>     file "/var/named/db.192.168.0";
> };
>
>

Yes, you are doing two things incorrectly ;-)

One) you have put the zones into the named.conf files, you just turned
off bind_dlz.

Two) you don't run Bind as a slave, all AD DC dns servers have to
be authoritative. Just set the Bind dns server up as you did the first.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba