Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba4 how to get a reverse dlz zone
1,929 views
Skip to first unread message
steve
Apr 2, 2012, 1:00:03 PM4/2/12
to
Hi
I have s4 with bind9 working fine. I see that it sets up a forward zone
without using zone files (is that the dlz bit?)
Is it possible to get it to produce a reverse zone?
Thanks,
Steve pp lcb
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I have s4 with bind9 working fine. I see that it sets up a forward zone
without using zone files (is that the dlz bit?)
Is it possible to get it to produce a reverse zone?
Thanks,
Steve pp lcb
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
steve
Apr 2, 2012, 1:20:02 PM4/2/12
to
El 02/04/12 18:12, fe...@epepm.cupet.cu escribió:
> I have done it using the DNS mmc console from Windows.
>
> Best regards,
> Felix.
Hi
I'm not very good with windows. Is there a equivalent for Linux?
Cheers,
Steve
>> Hi
>> I have s4 with bind9 working fine. I see that it sets up a forward zone
>> without using zone files (is that the dlz bit?)
>>
>> Is it possible to get it to produce a reverse zone?
>>
>
> Well, it's possible.
>> I have s4 with bind9 working fine. I see that it sets up a forward zone
>> without using zone files (is that the dlz bit?)
>>
>> Is it possible to get it to produce a reverse zone?
>>
>
> I have done it using the DNS mmc console from Windows.
>
> Best regards,
> Felix.
Hi
I'm not very good with windows. Is there a equivalent for Linux?
Cheers,
Steve
steve
Apr 2, 2012, 1:30:03 PM4/2/12
to
El 02/04/12 18:22, fe...@epepm.cupet.cu escribió:
>
> Cheers,
> Felix
OK, thanks.
Anyone?
>> El 02/04/12 18:12, fe...@epepm.cupet.cu escribió:
>>>> Hi
>>>> I have s4 with bind9 working fine. I see that it sets up a forward zone
>>>> without using zone files (is that the dlz bit?)
>>>>
>>>> Is it possible to get it to produce a reverse zone?
>>>>
>>>
>>> Well, it's possible.
>>> I have done it using the DNS mmc console from Windows.
>>>
>>> Best regards,
>>> Felix.
>> Hi
>> I'm not very good with windows. Is there a equivalent for Linux?
>> Cheers,
>> Steve
>
> I don't know. It might be possible with samba-tool.
>>>> Hi
>>>> I have s4 with bind9 working fine. I see that it sets up a forward zone
>>>> without using zone files (is that the dlz bit?)
>>>>
>>>> Is it possible to get it to produce a reverse zone?
>>>>
>>>
>>> Well, it's possible.
>>> I have done it using the DNS mmc console from Windows.
>>>
>>> Best regards,
>>> Felix.
>> Hi
>> I'm not very good with windows. Is there a equivalent for Linux?
>> Cheers,
>> Steve
>
>
> Cheers,
> Felix
OK, thanks.
Anyone?
Amitay Isaacs
Apr 2, 2012, 8:20:01 PM4/2/12
to
On Tue, Apr 3, 2012 at 3:27 AM, steve <st...@steve-ss.com> wrote:
> El 02/04/12 18:22, fe...@epepm.cupet.cu escribió:
>>>
>>> El 02/04/12 18:12, fe...@epepm.cupet.cu escribió:
>>>>>
>>>>> Hi
>>>>> I have s4 with bind9 working fine. I see that it sets up a forward zone
>>>>> without using zone files (is that the dlz bit?)
>>>>>
>>>>> Is it possible to get it to produce a reverse zone?
>>>>>
>>>>
>>>> Well, it's possible.
>>>> I have done it using the DNS mmc console from Windows.
>>>>
>>>> Best regards,
>>>> Felix.
>>>
>>> Hi
>>> I'm not very good with windows. Is there a equivalent for Linux?
>>> Cheers,
>>> Steve
>>
>>
>> I don't know. It might be possible with samba-tool.
>>
>> Cheers,
>> Felix
>
>
> OK, thanks.
> Anyone?
>
> Steve
You can use samba-tool dns commands to create a reverse zone.
> El 02/04/12 18:22, fe...@epepm.cupet.cu escribió:
>>>
>>> El 02/04/12 18:12, fe...@epepm.cupet.cu escribió:
>>>>>
>>>>> Hi
>>>>> I have s4 with bind9 working fine. I see that it sets up a forward zone
>>>>> without using zone files (is that the dlz bit?)
>>>>>
>>>>> Is it possible to get it to produce a reverse zone?
>>>>>
>>>>
>>>> Well, it's possible.
>>>> I have done it using the DNS mmc console from Windows.
>>>>
>>>> Best regards,
>>>> Felix.
>>>
>>> Hi
>>> I'm not very good with windows. Is there a equivalent for Linux?
>>> Cheers,
>>> Steve
>>
>>
>> I don't know. It might be possible with samba-tool.
>>
>> Cheers,
>> Felix
>
>
> OK, thanks.
> Anyone?
>
> Steve
To create a reverse zone for 192.168.1.0/24 subnet,
$ samba-tool dns zonecreate <server> 1.168.192.in-addr.arpa
And then you can add record (e.g. test1.my.domain -> 192.168.1.1)
$ samba-tool dns add <server> 1.168.192.in-addr.arpa 1 PTR test1.my.domain
Amitay.
steve
Apr 3, 2012, 12:50:02 AM4/3/12
to
El 03/04/12 02:10, Amitay Isaacs escribió:
fixed IP for each client no?
The s4 provision produces a bind include for the forward zone and a tsig
keytab for ddns on it. Is it possible to do the same for the reverse zone?
BTW, I only need this for Linux clients using Kerberized nfs. Win7
clients don't seem to need it for anything.
Thanks,
Steve
> On Tue, Apr 3, 2012 at 3:27 AM, steve<st...@steve-ss.com> wrote:
>> El 02/04/12 18:22, fe...@epepm.cupet.cu escribió:
>>>>
>>>> El 02/04/12 18:12, fe...@epepm.cupet.cu escribió:
>>>>>>
>>
>> El 02/04/12 18:22, fe...@epepm.cupet.cu escribió:
>>>>
>>>> El 02/04/12 18:12, fe...@epepm.cupet.cu escribió:
>>>>>>
>>
>> OK, thanks.
>> Anyone?
>>
>> Steve
>
> You can use samba-tool dns commands to create a reverse zone.
>
> To create a reverse zone for 192.168.1.0/24 subnet,
>
> $ samba-tool dns zonecreate<server> 1.168.192.in-addr.arpa
>
> And then you can add record (e.g. test1.my.domain -> 192.168.1.1)
>
> $ samba-tool dns add<server> 1.168.192.in-addr.arpa 1 PTR test1.my.domain
>
> Amitay.
Thanks. That's good news. But for that to work, I would need to have a
>> Anyone?
>>
>> Steve
>
> You can use samba-tool dns commands to create a reverse zone.
>
> To create a reverse zone for 192.168.1.0/24 subnet,
>
> $ samba-tool dns zonecreate<server> 1.168.192.in-addr.arpa
>
> And then you can add record (e.g. test1.my.domain -> 192.168.1.1)
>
> $ samba-tool dns add<server> 1.168.192.in-addr.arpa 1 PTR test1.my.domain
>
> Amitay.
fixed IP for each client no?
The s4 provision produces a bind include for the forward zone and a tsig
keytab for ddns on it. Is it possible to do the same for the reverse zone?
BTW, I only need this for Linux clients using Kerberized nfs. Win7
clients don't seem to need it for anything.
Thanks,
Steve
Kai Blin
Apr 3, 2012, 5:20:02 AM4/3/12
to
On 2012-04-03 06:45, steve wrote:
> Thanks. That's good news. But for that to work, I would need to
> have a fixed IP for each client no?
No idea about the BIND stuff, but in principle if there's a reverse
> Thanks. That's good news. But for that to work, I would need to
> have a fixed IP for each client no?
zone in DNS, the windows clients will try to update that when updating
their forward entry. Sans TKEY/TSIG, I've seen this working just fine
with the internal DNS. I see no reason why it shouldn't work with BIND.
Cheers,
Kai
--
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
Konstantin Pobudzey
Apr 3, 2012, 5:50:02 AM4/3/12
to
Hello
It worked for me. I did exactly same as for forward zone.
###################################
ls -l /var/named/dynamic
-rw-r--r-- 1 named named 619 Mar 28 22:52 168.192.in-addr.arpa.zone
-rw-r--r-- 1 named named 2174 Mar 28 22:39 168.192.in-addr.arpa.zone.jnl
########################
# The reverse zone configuration is optional. The following example assumes a
# subnet of 192.168.123.0/24:
zone "168.192.in-addr.arpa" in {
type master;
file "dynamic/168.192.in-addr.arpa.zone";
check-names ignore;
update-policy {
grant *.INC wildcard *.9.168.192.in-addr.arpa. PTR;
grant *.INC wildcard *.1.168.192.in-addr.arpa. PTR;
};
};
#############################################################################
It worked for me. I did exactly same as for forward zone.
###################################
ls -l /var/named/dynamic
-rw-r--r-- 1 named named 619 Mar 28 22:52 168.192.in-addr.arpa.zone
-rw-r--r-- 1 named named 2174 Mar 28 22:39 168.192.in-addr.arpa.zone.jnl
########################
# The reverse zone configuration is optional. The following example assumes a
# subnet of 192.168.123.0/24:
zone "168.192.in-addr.arpa" in {
type master;
file "dynamic/168.192.in-addr.arpa.zone";
check-names ignore;
update-policy {
grant *.INC wildcard *.9.168.192.in-addr.arpa. PTR;
grant *.INC wildcard *.1.168.192.in-addr.arpa. PTR;
};
};
#############################################################################
Kai Blin
Apr 3, 2012, 6:20:02 AM4/3/12
to
On 2012-04-03 11:41, Konstantin Pobudzey wrote:
Hi Konstantin,
> It worked for me. I did exactly same as for forward zone.
But that's using the flat-file backend, not the DLZ AD-based backend,
right?
Hi Konstantin,
> It worked for me. I did exactly same as for forward zone.
right?
steve
Apr 3, 2012, 8:10:02 AM4/3/12
to
On 03/04/12 11:13, Kai Blin wrote:
> On 2012-04-03 06:45, steve wrote:
>
>> Thanks. That's good news. But for that to work, I would need to
>> have a fixed IP for each client no?
>
> No idea about the BIND stuff, but in principle if there's a reverse
> zone in DNS, the windows clients will try to update that when updating
> their forward entry. Sans TKEY/TSIG, I've seen this working just fine
> with the internal DNS. I see no reason why it shouldn't work with BIND.
>
> Cheers,
> Kai
>
Hi Kai
> On 2012-04-03 06:45, steve wrote:
>
>> Thanks. That's good news. But for that to work, I would need to
>> have a fixed IP for each client no?
>
> No idea about the BIND stuff, but in principle if there's a reverse
> zone in DNS, the windows clients will try to update that when updating
> their forward entry. Sans TKEY/TSIG, I've seen this working just fine
> with the internal DNS. I see no reason why it shouldn't work with BIND.
>
> Cheers,
> Kai
>
I want the reverse lookup for my Linux clients. As far as I can see, the
only way I can get the reverse lookup working is to use static IP. I
want my Linux clients using DHCP as do the windows clients. Can it be
done? Is it easier if I switch to SAMBA_INTERNAL perhaps?
I just want a reverse lookup in the same way that forward lookup and
update works for windows.
Cheers,
Steve
Kai Blin
Apr 3, 2012, 9:20:01 AM4/3/12
to
On 2012-04-03 14:04, steve wrote:
> I want the reverse lookup for my Linux clients. As far as I can
> see, the only way I can get the reverse lookup working is to use
> static IP. I want my Linux clients using DHCP as do the windows
> clients. Can it be done? Is it easier if I switch to SAMBA_INTERNAL
> perhaps?
What I'm saying is that it should make no difference if you run the
> I want the reverse lookup for my Linux clients. As far as I can
> see, the only way I can get the reverse lookup working is to use
> static IP. I want my Linux clients using DHCP as do the windows
> clients. Can it be done? Is it easier if I switch to SAMBA_INTERNAL
> perhaps?
BIND DLZ or the internal server. No idea what DHCP client you're
using, and how that does DNS updates. If your DHCP client is able to
do GSS-TSIG updates against windows, it should be able to do the same
against Samba4. If the DHCP client can't update, you'll have to figure
out how to fix the client side of things.
> I just want a reverse lookup in the same way that forward lookup
> and update works for windows.
of things.
Cheers,
Kai
--
Kai Blin
Worldforge developer http://www.worldforge.org/
Wine developer http://wiki.winehq.org/KaiBlin
Samba team member http://www.samba.org/samba/team/
steve
Apr 7, 2012, 11:00:01 AM4/7/12
to
On 03/04/12 02:10, Amitay Isaacs wrote:
> On Tue, Apr 3, 2012 at 3:27 AM, steve<st...@steve-ss.com> wrote:
>
> You can use samba-tool dns commands to create a reverse zone.
>
> To create a reverse zone for 192.168.1.0/24 subnet,
>
> $ samba-tool dns zonecreate<server> 1.168.192.in-addr.arpa
>
> And then you can add record (e.g. test1.my.domain -> 192.168.1.1)
>
> $ samba-tool dns add<server> 1.168.192.in-addr.arpa 1 PTR test1.my.domain
>
> Amitay.
Hi Amitay
> On Tue, Apr 3, 2012 at 3:27 AM, steve<st...@steve-ss.com> wrote:
>
> You can use samba-tool dns commands to create a reverse zone.
>
> To create a reverse zone for 192.168.1.0/24 subnet,
>
> $ samba-tool dns zonecreate<server> 1.168.192.in-addr.arpa
>
> And then you can add record (e.g. test1.my.domain -> 192.168.1.1)
>
> $ samba-tool dns add<server> 1.168.192.in-addr.arpa 1 PTR test1.my.domain
>
> Amitay.
s4 seemed to create the forward zone by itself. We added the reverse
zone as you mentioned. Our win 7 clients inject the forward zone with
their details automatically by DHCP.
For our Linux clients authenticating against s4, we had to use fixed IP.
This is with bind9. Could you take a look at this for us?
hh1:/home/steve # samba-tool dns add 192.168.1.2 hh3.site hh10.hh3.site
A 192.168.1.10
Password for [Admini...@HH3.SITE]:
Record added successfully
hh1:/home/steve # samba-tool dns add 192.168.1.2 1.168.192.in-addr.arpa
11 PTR hh11.hh3.site
Password for [Admini...@HH3.SITE]:
Record added successfully
hh1:/home/steve # host hh10.hh3.site
hh10.hh3.site has address 192.168.1.10
hh1:/home/steve # host 192.168.1.10
10.1.168.192.in-addr.arpa domain name pointer hh10.hh3.site.
It seems to be working. Is this the correct way of proceeding?
Cheers,
Steve
steve
Apr 7, 2012, 11:10:03 AM4/7/12
to
Sorry.
That should have read:
> hh1:/home/steve # samba-tool dns add 192.168.1.2 1.168.192.in-addr.arpa
> Password for [Admini...@HH3.SITE]:
> Record added successfully
>
Got carried away with the names-
> Record added successfully
>
0 new messages