samba 4 dns-update issue
in [Samba]
|
Prev: [Samba] HOWTO close session(s) to a specific share from samba server side?
Next: [Samba] Samba idmap against ad
From: Roland de Lepper on 11 Aug 2010 07:20 I,ve looked at your howto, and it's exactly what I've did too. I also compiled bind after I created the user'named' and added to the group 'named'. I've set the permissions on the files as in your howto, but still no luck. Selinux and the firewall are disabled on the samba-server and the firewall is disabled on the win7 client machine. Kind regards, Roland de Lepper > Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple > failover > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller(a)tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > > -----Ursprüngliche Nachricht----- > Von: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] > Im > Auftrag von Roland de Lepper > Gesendet: Mittwoch, 11. August 2010 09:38 > An: samba(a)lists.samba.org > Betreff: [Samba] samba 4 dns-update issue > > Hi all, > > I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. > This went without any problems. I only had to install a higher version of > bind to 9.6.x because Centos bind in repo will install version 9.3.x. > I've used the Fedora12 source rpms for this to build bind 9.6.x on Centos > 5.4. > > Then I configured bind according to the samba wiki > (http://wiki.samba.org/index.php/Samba4/DNS) > > I did all the check in the wiki to see if bind is working. All tests > passed. > But in my logs a got the messages "The working directory is not writable". > I changed the owner on /var/named to the group named, which solved that > problem. > > Then i installed Win7 virtual in KVM and joined the domain. I can login, > create users via dsa.msc tool on windows and see them in wbinfo -u on the > samba4 domain controller. All looks right, except for my ddns. The zone > could not be updated with the new win7 machine. The win7 machine has a > fixed ip-address. > > I checked all the howto again and again, but couldn't find a thing which > could cause this. The error I see in my log is: > > Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: > query 'roland.quinox.be/SOA/IN' denied > > Is this a permission problem? I check and the group 'named' has write > access to my zone file. (the user 'named' is member of the group 'named') > > This is the only issue I have with my samba4 installation and I really > want to solve this issue. > > If you need more information or configurations, i can post them. > > Kind regards, > > Roland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Daniel Müller on 12 Aug 2010 04:00 Did you set a allow query to all your subnets in your named conf?? Here is mine: options { listen-on port 53 { 127.0.0.1;192.168.134.27; };<---imortant put an ip listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.135.0/24; 192.168.134.0/24; };<---all your subnets here recursion yes; forwarders { 192.168.134.253; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/usr/local/samba/private/named.conf";<--- this named.conf must be named:named, and the file at which it is pointing to:/usr/local/samba/private/named.conf.update Also the entry dns.keytab file in /etc/sysconfig/named: [root(a)node1 sysconfig]# cat named # BIND named process options # KEYTAB_FILE="/usr/local/samba/private/dns.keytab" export KEYTAB_FILE # -- Specify named service keytab file (for GSS-TSIG) Make shure named can read and write to it. Try in your smb.conf Interfaces= ip Ex mine: [globals] netbios name = NODE1 workgroup = TUEBINGEN realm = TUEBINGEN.TST.LOC server role = domain controller interfaces= 192.168.134.27 Make a samba_dnsupdate --verbose: [root(a)node1 sysconfig]# samba_dnsupdate --verbose Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as tuebingen.tst.loc. Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as node1.tuebingen.tst.loc. Looking for DNS entry CNAME 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc as 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc. Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 as _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. Checking 0 100 88 node2.tuebingen.tst.loc. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Checking 0 100 88 node1.tuebingen.tst.loc. against SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc. Checking 0 100 88 node1.tuebingen.tst.loc. against SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc. Checking 0 100 389 node2.tuebingen.tst.loc. against SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst ..loc node1.tuebingen.tst.loc 389 as _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst ..loc. Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst ..loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 as _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc. Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc. Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc. Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 as _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 Looking for DNS entry SRV _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc node1.tuebingen.tst.loc 88 as _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. Checking 0 100 88 node2.tuebingen.tst.loc. against SRV _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Checking 0 100 88 node1.tuebingen.tst.loc. against SRV _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Looking for DNS entry SRV _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 as _gc._tcp.tuebingen.tst.loc. Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc. Checking 0 100 88 node2.tuebingen.tst.loc. against SRV _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Checking 0 100 88 node1.tuebingen.tst.loc. against SRV _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc. Checking 0 100 464 node1.tuebingen.tst.loc. against SRV _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc. Checking 0 100 389 node2.tuebingen.tst.loc. against SRV _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Checking 0 100 389 node1.tuebingen.tst.loc. against SRV _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc. Checking 0 100 88 node2.tuebingen.tst.loc. against SRV _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Checking 0 100 88 node1.tuebingen.tst.loc. against SRV _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc. Checking 0 100 464 node2.tuebingen.tst.loc. against SRV _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 Checking 0 100 464 node1.tuebingen.tst.loc. against SRV _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 No DNS updates needed ----------------------------------------------- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller(a)tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Ursprüngliche Nachricht----- Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] Gesendet: Mittwoch, 11. August 2010 13:16 An: mueller(a)tropenklinik.de Cc: samba(a)lists.samba.org Betreff: Re: AW: [Samba] samba 4 dns-update issue I,ve looked at your howto, and it's exactly what I've did too. I also compiled bind after I created the user'named' and added to the group 'named'. I've set the permissions on the files as in your howto, but still no luck. Selinux and the firewall are disabled on the samba-server and the firewall is disabled on the win7 client machine. Kind regards, Roland de Lepper > Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple > failover > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller(a)tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > > -----Ursprüngliche Nachricht----- > Von: samba-bounces(a)lists.samba.org [mailto:samba-bounces(a)lists.samba.org] > Im > Auftrag von Roland de Lepper > Gesendet: Mittwoch, 11. August 2010 09:38 > An: samba(a)lists.samba.org > Betreff: [Samba] samba 4 dns-update issue > > Hi all, > > I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. > This went without any problems. I only had to install a higher version of > bind to 9.6.x because Centos bind in repo will install version 9.3.x. > I've used the Fedora12 source rpms for this to build bind 9.6.x on Centos > 5.4. > > Then I configured bind according to the samba wiki > (http://wiki.samba.org/index.php/Samba4/DNS) > > I did all the check in the wiki to see if bind is working. All tests > passed. > But in my logs a got the messages "The working directory is not writable". > I changed the owner on /var/named to the group named, which solved that > problem. > > Then i installed Win7 virtual in KVM and joined the domain. I can login, > create users via dsa.msc tool on windows and see them in wbinfo -u on the > samba4 domain controller. All looks right, except for my ddns. The zone > could not be updated with the new win7 machine. The win7 machine has a > fixed ip-address. > > I checked all the howto again and again, but couldn't find a thing which > could cause this. The error I see in my log is: > > Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: > query 'roland.quinox.be/SOA/IN' denied > > Is this a permission problem? I check and the group 'named' has write > access to my zone file. (the user 'named' is member of the group 'named') > > This is the only issue I have with my samba4 installation and I really > want to solve this issue. > > If you need more information or configurations, i can post them. > > Kind regards, > > Roland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Roland de Lepper on 12 Aug 2010 04:10 Yes I did. here is my /etc/named.conf [root(a)sambaserver ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.122.100; }; ## listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.122.0/24; }; recursion yes; forwarders { 192.168.122.1; }; tkey-gssapi-credential "DNS/quinox.be"; tkey-domain "QUINOX.BE"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named-samba.conf"; > Did you set a allow query to all your subnets in your named conf?? > Here is mine: > > > > options { > listen-on port 53 { 127.0.0.1;192.168.134.27; };<---imortant put > an > ip > listen-on-v6 port 53 { ::1; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > allow-query { localhost; 192.168.135.0/24; 192.168.134.0/24; > };<---all your subnets here > recursion yes; > forwarders { 192.168.134.253; }; > > > logging { > channel default_debug { > file "data/named.run"; > severity dynamic; > }; > }; > > zone "." IN { > type hint; > file "named.ca"; > }; > include "/usr/local/samba/private/named.conf";<--- this named.conf must be > named:named, and the file at which it is pointing > to:/usr/local/samba/private/named.conf.update > Also the entry dns.keytab file in /etc/sysconfig/named: > > > [root(a)node1 sysconfig]# cat named > # BIND named process options > # > KEYTAB_FILE="/usr/local/samba/private/dns.keytab" > export KEYTAB_FILE > # -- Specify named service keytab file (for GSS-TSIG) > > Make shure named can read and write to it. > > Try in your smb.conf > Interfaces= ip > Ex mine: > > [globals] > netbios name = NODE1 > workgroup = TUEBINGEN > realm = TUEBINGEN.TST.LOC > server role = domain controller > interfaces= 192.168.134.27 > > Make a samba_dnsupdate --verbose: > [root(a)node1 sysconfig]# samba_dnsupdate --verbose > Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as > tuebingen.tst.loc. > Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as > node1.tuebingen.tst.loc. > Looking for DNS entry CNAME > 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc as > 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc. > Looking for DNS entry SRV > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 389 node2.tuebingen.tst.loc. against SRV > _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst > .loc node1.tuebingen.tst.loc 389 as > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst > .loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst > .loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV > _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 as > _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV > _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 as > _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV > _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as > _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc > 3268 as _gc._tcp.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc. > Checking 0 100 464 node1.tuebingen.tst.loc. against SRV > _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 > Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc. > Checking 0 100 389 node2.tuebingen.tst.loc. against SRV > _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc > node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc. > Checking 0 100 464 node2.tuebingen.tst.loc. against SRV > _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 > Checking 0 100 464 node1.tuebingen.tst.loc. against SRV > _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 > No DNS updates needed > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller(a)tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > > -----Ursprüngliche Nachricht----- > Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] > Gesendet: Mittwoch, 11. August 2010 13:16 > An: mueller(a)tropenklinik.de > Cc: samba(a)lists.samba.org > Betreff: Re: AW: [Samba] samba 4 dns-update issue > > I,ve looked at your howto, and it's exactly what I've did too. I also > compiled bind after I created the user'named' and added to the group > 'named'. I've set the permissions on the files as in your howto, but still > no luck. > > Selinux and the firewall are disabled on the samba-server and the firewall > is disabled on the win7 client machine. > > Kind regards, > > Roland de Lepper > > > >> Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple >> failover >> >> ----------------------------------------------- >> EDV Daniel Müller >> >> Leitung EDV >> Tropenklinik Paul-Lechler-Krankenhaus >> Paul-Lechler-Str. 24 >> 72076 Tübingen >> >> Tel.: 07071/206-463, Fax: 07071/206-499 >> eMail: mueller(a)tropenklinik.de >> Internet: www.tropenklinik.de >> ----------------------------------------------- >> >> -----Ursprüngliche Nachricht----- >> Von: samba-bounces(a)lists.samba.org >> [mailto:samba-bounces(a)lists.samba.org] >> Im >> Auftrag von Roland de Lepper >> Gesendet: Mittwoch, 11. August 2010 09:38 >> An: samba(a)lists.samba.org >> Betreff: [Samba] samba 4 dns-update issue >> >> Hi all, >> >> I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. >> This went without any problems. I only had to install a higher version >> of >> bind to 9.6.x because Centos bind in repo will install version 9.3.x. >> I've used the Fedora12 source rpms for this to build bind 9.6.x on >> Centos >> 5.4. >> >> Then I configured bind according to the samba wiki >> (http://wiki.samba.org/index.php/Samba4/DNS) >> >> I did all the check in the wiki to see if bind is working. All tests >> passed. >> But in my logs a got the messages "The working directory is not >> writable". >> I changed the owner on /var/named to the group named, which solved that >> problem. >> >> Then i installed Win7 virtual in KVM and joined the domain. I can login, >> create users via dsa.msc tool on windows and see them in wbinfo -u on >> the >> samba4 domain controller. All looks right, except for my ddns. The zone >> could not be updated with the new win7 machine. The win7 machine has a >> fixed ip-address. >> >> I checked all the howto again and again, but couldn't find a thing which >> could cause this. The error I see in my log is: >> >> Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: >> query 'roland.quinox.be/SOA/IN' denied >> >> Is this a permission problem? I check and the group 'named' has write >> access to my zone file. (the user 'named' is member of the group >> 'named') >> >> This is the only issue I have with my samba4 installation and I really >> want to solve this issue. >> >> If you need more information or configurations, i can post them. >> >> Kind regards, >> >> Roland >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Daniel Müller on 12 Aug 2010 04:30 Is this working: samba_dnsupdate --verbose ??? ----------------------------------------------- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: mueller(a)tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Ursprüngliche Nachricht----- Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] Gesendet: Donnerstag, 12. August 2010 10:09 An: mueller(a)tropenklinik.de Cc: samba(a)lists.samba.org Betreff: Re: AW: AW: [Samba] samba 4 dns-update issue Yes I did. here is my /etc/named.conf [root(a)sambaserver ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { 127.0.0.1; 192.168.122.100; }; ## listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.122.0/24; }; recursion yes; forwarders { 192.168.122.1; }; tkey-gssapi-credential "DNS/quinox.be"; tkey-domain "QUINOX.BE"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named-samba.conf"; > Did you set a allow query to all your subnets in your named conf?? > Here is mine: > > > > options { > listen-on port 53 { 127.0.0.1;192.168.134.27; };<---imortant put > an > ip > listen-on-v6 port 53 { ::1; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > allow-query { localhost; 192.168.135.0/24; 192.168.134.0/24; > };<---all your subnets here > recursion yes; > forwarders { 192.168.134.253; }; > > > logging { > channel default_debug { > file "data/named.run"; > severity dynamic; > }; > }; > > zone "." IN { > type hint; > file "named.ca"; > }; > include "/usr/local/samba/private/named.conf";<--- this named.conf must be > named:named, and the file at which it is pointing > to:/usr/local/samba/private/named.conf.update > Also the entry dns.keytab file in /etc/sysconfig/named: > > > [root(a)node1 sysconfig]# cat named > # BIND named process options > # > KEYTAB_FILE="/usr/local/samba/private/dns.keytab" > export KEYTAB_FILE > # -- Specify named service keytab file (for GSS-TSIG) > > Make shure named can read and write to it. > > Try in your smb.conf > Interfaces= ip > Ex mine: > > [globals] > netbios name = NODE1 > workgroup = TUEBINGEN > realm = TUEBINGEN.TST.LOC > server role = domain controller > interfaces= 192.168.134.27 > > Make a samba_dnsupdate --verbose: > [root(a)node1 sysconfig]# samba_dnsupdate --verbose > Looking for DNS entry A tuebingen.tst.loc 192.168.134.27 as > tuebingen.tst.loc. > Looking for DNS entry A node1.tuebingen.tst.loc 192.168.134.27 as > node1.tuebingen.tst.loc. > Looking for DNS entry CNAME > 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc as > 02284f45-de16-4125-a795-3b614f540ef7._msdcs.tuebingen.tst.loc. > Looking for DNS entry SRV > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as _kerberos._tcp.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV _ldap._tcp.dc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as _ldap._tcp.dc._msdcs.tuebingen.tst.loc. > Checking 0 100 389 node2.tuebingen.tst.loc. against SRV > _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.dc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst > .loc node1.tuebingen.tst.loc 389 as > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst > .loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.3d718df6-359c-4eb4-a0de-5a7aaf5b0d26.domains._msdcs.tuebingen.tst > .loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV > _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 as > _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV _ldap._tcp.gc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 as _ldap._tcp.gc._msdcs.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.gc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as _ldap._tcp.pdc._msdcs.tuebingen.tst.loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.pdc._msdcs.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV > _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 as > _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _gc._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV > _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as > _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc. > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.Default-First-Site-Name._sites.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV _gc._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc > 3268 as _gc._tcp.tuebingen.tst.loc. > Checking 0 100 3268 node1.tuebingen.tst.loc. against SRV > _gc._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 3268 > Looking for DNS entry SRV _kerberos._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as _kerberos._tcp.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV _kpasswd._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc 464 as _kpasswd._tcp.tuebingen.tst.loc. > Checking 0 100 464 node1.tuebingen.tst.loc. against SRV > _kpasswd._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 > Looking for DNS entry SRV _ldap._tcp.tuebingen.tst.loc > node1.tuebingen.tst.loc 389 as _ldap._tcp.tuebingen.tst.loc. > Checking 0 100 389 node2.tuebingen.tst.loc. against SRV > _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Checking 0 100 389 node1.tuebingen.tst.loc. against SRV > _ldap._tcp.tuebingen.tst.loc node1.tuebingen.tst.loc 389 > Looking for DNS entry SRV _kerberos._udp.tuebingen.tst.loc > node1.tuebingen.tst.loc 88 as _kerberos._udp.tuebingen.tst.loc. > Checking 0 100 88 node2.tuebingen.tst.loc. against SRV > _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Checking 0 100 88 node1.tuebingen.tst.loc. against SRV > _kerberos._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 88 > Looking for DNS entry SRV _kpasswd._udp.tuebingen.tst.loc > node1.tuebingen.tst.loc 464 as _kpasswd._udp.tuebingen.tst.loc. > Checking 0 100 464 node2.tuebingen.tst.loc. against SRV > _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 > Checking 0 100 464 node1.tuebingen.tst.loc. against SRV > _kpasswd._udp.tuebingen.tst.loc node1.tuebingen.tst.loc 464 > No DNS updates needed > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: mueller(a)tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > > -----Ursprüngliche Nachricht----- > Von: Roland de Lepper [mailto:roland.de.lepper(a)cvis.nl] > Gesendet: Mittwoch, 11. August 2010 13:16 > An: mueller(a)tropenklinik.de > Cc: samba(a)lists.samba.org > Betreff: Re: AW: [Samba] samba 4 dns-update issue > > I,ve looked at your howto, and it's exactly what I've did too. I also > compiled bind after I created the user'named' and added to the group > 'named'. I've set the permissions on the files as in your howto, but still > no luck. > > Selinux and the firewall are disabled on the samba-server and the firewall > is disabled on the win7 client machine. > > Kind regards, > > Roland de Lepper > > > >> Look at my thread: HOWTO samba4 centos5.5 named dnsupdate drbd simple >> failover >> >> ----------------------------------------------- >> EDV Daniel Müller >> >> Leitung EDV >> Tropenklinik Paul-Lechler-Krankenhaus >> Paul-Lechler-Str. 24 >> 72076 Tübingen >> >> Tel.: 07071/206-463, Fax: 07071/206-499 >> eMail: mueller(a)tropenklinik.de >> Internet: www.tropenklinik.de >> ----------------------------------------------- >> >> -----Ursprüngliche Nachricht----- >> Von: samba-bounces(a)lists.samba.org >> [mailto:samba-bounces(a)lists.samba.org] >> Im >> Auftrag von Roland de Lepper >> Gesendet: Mittwoch, 11. August 2010 09:38 >> An: samba(a)lists.samba.org >> Betreff: [Samba] samba 4 dns-update issue >> >> Hi all, >> >> I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. >> This went without any problems. I only had to install a higher version >> of >> bind to 9.6.x because Centos bind in repo will install version 9.3.x. >> I've used the Fedora12 source rpms for this to build bind 9.6.x on >> Centos >> 5.4. >> >> Then I configured bind according to the samba wiki >> (http://wiki.samba.org/index.php/Samba4/DNS) >> >> I did all the check in the wiki to see if bind is working. All tests >> passed. >> But in my logs a got the messages "The working directory is not >> writable". >> I changed the owner on /var/named to the group named, which solved that >> problem. >> >> Then i installed Win7 virtual in KVM and joined the domain. I can login, >> create users via dsa.msc tool on windows and see them in wbinfo -u on >> the >> samba4 domain controller. All looks right, except for my ddns. The zone >> could not be updated with the new win7 machine. The win7 machine has a >> fixed ip-address. >> >> I checked all the howto again and again, but couldn't find a thing which >> could cause this. The error I see in my log is: >> >> Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: >> query 'roland.quinox.be/SOA/IN' denied >> >> Is this a permission problem? I check and the group 'named' has write >> access to my zone file. (the user 'named' is member of the group >> 'named') >> >> This is the only issue I have with my samba4 installation and I really >> want to solve this issue. >> >> If you need more information or configurations, i can post them. >> >> Kind regards, >> >> Roland >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Moray Henderson on 12 Aug 2010 05:10
Roland de Lepper wrote: >I've setup samba4 according to the samba4 wiki on centOS 5.4 in KVM. >This went without any problems. I only had to install a higher version of >bind to 9.6.x because Centos bind in repo will install version 9.3.x. >I've used the Fedora12 source rpms for this to build bind 9.6.x on Centos >5.4. > >Then I configured bind according to the samba wiki >(http://wiki.samba.org/index.php/Samba4/DNS) > >I did all the check in the wiki to see if bind is working. All tests >passed. >But in my logs a got the messages "The working directory is not writable". >I changed the owner on /var/named to the group named, which solved that >problem. > >Then i installed Win7 virtual in KVM and joined the domain. I can login, >create users via dsa.msc tool on windows and see them in wbinfo -u on the >samba4 domain controller. All looks right, except for my ddns. The zone >could not be updated with the new win7 machine. The win7 machine has a >fixed ip-address. > >I checked all the howto again and again, but couldn't find a thing which >could cause this. The error I see in my log is: > >Aug 11 09:34:46 sambaserver named[2281]: client 192.168.122.150#60058: >query 'roland.quinox.be/SOA/IN' denied > >Is this a permission problem? I check and the group 'named' has write >access to my zone file. (the user 'named' is member of the group 'named') > >This is the only issue I have with my samba4 installation and I really >want to solve this issue. > >If you need more information or configurations, i can post them. > >Kind regards, > >Roland I don't know the Samba side of this, but that looks like a permission problem in the named.conf file. Your main options section (or view, if you're using views), should contain something like: allow-query { localnets; }; allow-query-cache { localnets; }; to tell bind that, yes, it is actually allowed to answer queries on your local network. Other subnets and IP ranges can be added alongside, or instead of, "localnets" if necessary. Moray. "To err is human. To purr, feline" -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |