Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Configuration of a Bind slave server
158 views
Skip to first unread message
Daniel Carrasco Marín
Nov 17, 2015, 7:10:03 AM11/17/15
to
HI,
Is there any way to configure a slave bind server?. I'm trying to do it but
the zone is not updated.
My conf file on master are:
named.conf.options:
options {
directory "/var/cache/bind";
dnssec-validation auto;
allow-transfer {192.168.222.254;};
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
and in slave i've created this zone entry:
zone "domain.red" IN {
type slave;
masters {
192.168.222.250;
};
file "domain.red";
notify no;
};
The Slave log only shows the connection but did not show any error:
Nov 17 12:51:07 SlaveServer named[25306]: general: debug 1: soa_query: zone
domain.red/IN: enter
Nov 17 12:51:07 SlaveServer named[25306]: general: debug 1:
refresh_callback: zone domain.red/IN: enter
Nov 17 12:51:07 SlaveServer named[25306]: general: debug 1:
refresh_callback: zone domain.red/IN: serial: new 7, old not loaded
Nov 17 12:51:07 SlaveServer named[25306]: general: debug 1: queue_xfrin:
zone domain.red/IN: enter
Nov 17 12:51:07 SlaveServer named[25306]: general: info: zone
domain.red/IN: Transfer started.
Nov 17 12:51:07 SlaveServer named[25306]: general: debug 1: zone
domain.red/IN: no database exists yet, requesting AXFR of initial version
from 192.168.222.250#53
Nov 17 12:51:07 SlaveServer named[25306]: xfer-in: info: transfer of
'domain.red/IN' from 192.168.222.250#53: connected using
192.168.222.254#27985
And master has no entries on log about this...
What i can be doing wrong?
Thanks!!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Is there any way to configure a slave bind server?. I'm trying to do it but
the zone is not updated.
My conf file on master are:
named.conf.options:
options {
directory "/var/cache/bind";
dnssec-validation auto;
allow-transfer {192.168.222.254;};
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
and in slave i've created this zone entry:
zone "domain.red" IN {
type slave;
masters {
192.168.222.250;
};
file "domain.red";
notify no;
};
The Slave log only shows the connection but did not show any error:
Nov 17 12:51:07 SlaveServer named[25306]: general: debug 1: soa_query: zone
domain.red/IN: enter
Nov 17 12:51:07 SlaveServer named[25306]: general: debug 1:
refresh_callback: zone domain.red/IN: enter
Nov 17 12:51:07 SlaveServer named[25306]: general: debug 1:
refresh_callback: zone domain.red/IN: serial: new 7, old not loaded
Nov 17 12:51:07 SlaveServer named[25306]: general: debug 1: queue_xfrin:
zone domain.red/IN: enter
Nov 17 12:51:07 SlaveServer named[25306]: general: info: zone
domain.red/IN: Transfer started.
Nov 17 12:51:07 SlaveServer named[25306]: general: debug 1: zone
domain.red/IN: no database exists yet, requesting AXFR of initial version
from 192.168.222.250#53
Nov 17 12:51:07 SlaveServer named[25306]: xfer-in: info: transfer of
'domain.red/IN' from 192.168.222.250#53: connected using
192.168.222.254#27985
And master has no entries on log about this...
What i can be doing wrong?
Thanks!!
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Reindl Harald
Nov 17, 2015, 7:30:03 AM11/17/15
to
i wonder why that is a samba-topic, anyways....
Am 17.11.2015 um 13:00 schrieb Daniel Carrasco Marín:
> Is there any way to configure a slave bind server?. I'm trying to do it but
> the zone is not updated.
surely, as you did
> Nov 17 12:51:07 SlaveServer named[25306]: xfer-in: info: transfer of
> 'domain.red/IN' from 192.168.222.250#53: connected using
> 192.168.222.254#27985
>
> And master has no entries on log about this...
then he did not get connected
> What i can be doing wrong?
does TCP on port 53 work from the salve to the master?
telnet master-ip 53
zone transfers are *not* UDP and in general a nameserver needs to be
rechable via both UDP/TCP these days or things will randomly fail in
case of large responses
Am 17.11.2015 um 13:00 schrieb Daniel Carrasco Marín:
> Is there any way to configure a slave bind server?. I'm trying to do it but
> the zone is not updated.
> Nov 17 12:51:07 SlaveServer named[25306]: xfer-in: info: transfer of
> 'domain.red/IN' from 192.168.222.250#53: connected using
> 192.168.222.254#27985
>
> And master has no entries on log about this...
> What i can be doing wrong?
telnet master-ip 53
zone transfers are *not* UDP and in general a nameserver needs to be
rechable via both UDP/TCP these days or things will randomly fail in
case of large responses
Daniel Carrasco Marín
Nov 17, 2015, 3:20:03 PM11/17/15
to
Hi,
Thanks for your help.
Is like magic, after a lot of tests without results and just now the file
is finally created and works as expected... Maybe it need more time.
Sorry for ask here, but I've asked because in this server bind is only a
bridge between the Samba 4 and the other server and then i did not know if
maybe i did something wrong or samba need any special configuration. Now i
see how works and i know that the question is about bind only.
Thanks again and greetings!!
El 17 nov. 2015 1:28 p. m., "Reindl Harald" <h.re...@thelounge.net>
escribió:
Thanks for your help.
Is like magic, after a lot of tests without results and just now the file
is finally created and works as expected... Maybe it need more time.
Sorry for ask here, but I've asked because in this server bind is only a
bridge between the Samba 4 and the other server and then i did not know if
maybe i did something wrong or samba need any special configuration. Now i
see how works and i know that the question is about bind only.
Thanks again and greetings!!
El 17 nov. 2015 1:28 p. m., "Reindl Harald" <h.re...@thelounge.net>
escribió:
Marc Muehlfeld
Nov 17, 2015, 5:00:04 PM11/17/15
to
Hello Daniel,
Am 17.11.2015 um 21:13 schrieb Daniel Carrasco Marín:
> Is like magic, after a lot of tests without results and just now the file
> is finally created and works as expected... Maybe it need more time.
> Sorry for ask here, but I've asked because in this server bind is only a
> bridge between the Samba 4 and the other server and then i did not know if
> maybe i did something wrong or samba need any special configuration. Now i
> see how works and i know that the question is about bind only.
Zone transfer control outside directory replication is currently not
implemented. This means, whatever you setup in AD DNS via MMC; this
setting is not respected and you will get an error if you try to change it.
BIND9_DLZ currently allows zone transfers and you can't disable it. On
the other hand, the internal DNS doesn't and you can't enable it.
The last discussion about that was, that at least both should act the
same way and disable zone transfers for BIND9_DLZ, too. Until yet, no
one submitted a patch, but if you setup something that relies on that
behaviour, you maybe get a surprise one day after updating. :-) For more
about that discussion, see
https://bugzilla.samba.org/show_bug.cgi?id=9634
Regards,
Marc
Am 17.11.2015 um 21:13 schrieb Daniel Carrasco Marín:
> Is like magic, after a lot of tests without results and just now the file
> is finally created and works as expected... Maybe it need more time.
> Sorry for ask here, but I've asked because in this server bind is only a
> bridge between the Samba 4 and the other server and then i did not know if
> maybe i did something wrong or samba need any special configuration. Now i
> see how works and i know that the question is about bind only.
implemented. This means, whatever you setup in AD DNS via MMC; this
setting is not respected and you will get an error if you try to change it.
BIND9_DLZ currently allows zone transfers and you can't disable it. On
the other hand, the internal DNS doesn't and you can't enable it.
The last discussion about that was, that at least both should act the
same way and disable zone transfers for BIND9_DLZ, too. Until yet, no
one submitted a patch, but if you setup something that relies on that
behaviour, you maybe get a surprise one day after updating. :-) For more
about that discussion, see
https://bugzilla.samba.org/show_bug.cgi?id=9634
Regards,
Marc
Daniel Carrasco Marín
Nov 17, 2015, 6:50:03 PM11/17/15
to
I see, thanks for the info ;)
Maybe one day will work, but for now is not a problem for me becase the
Samba server is on a private network separated from users and WAN, and the
slave server which is the "gateway", allow to block the domain transfers.
Maybe my problem was the pfSense server and paths, because i've used the
full path for the bind db file and now i see that did not work... Is
strange because if i use the relative path works (and the folder is the
same). Anyway, this is offtopic ;P
¡¡Greetings!!
Maybe one day will work, but for now is not a problem for me becase the
Samba server is on a private network separated from users and WAN, and the
slave server which is the "gateway", allow to block the domain transfers.
Maybe my problem was the pfSense server and paths, because i've used the
full path for the bind db file and now i see that did not work... Is
strange because if i use the relative path works (and the folder is the
same). Anyway, this is offtopic ;P
¡¡Greetings!!
0 new messages