Changing the DNS Back End of a Samba AD DC: Difference between revisions
From SambaWiki
Mmuehlfeld (talk | contribs) m (Mmuehlfeld moved page Changing the DNS Back End to Changing the DNS Back End of a Samba AD DC without leaving a redirect: Use a better fitting title) |
Mmuehlfeld (talk | contribs) (Rewrote page. Clearer structure.) |
||
Line 1: | Line 1: | ||
= Introduction = |
= Introduction = |
||
Samba enables you to change switch between the <code>INTERNAL_DNS</code> and <code>BIND9_DLZ</code> DNS back end on your Active Directory (AD) domain controller (DC) without loosing data. |
|||
During the provisioning step of a new [[Setup_a_Samba_Active_Directory_Domain_Controller|Samba Active Directory Domain Controller]], you decided which DNS backend, if any, should be used: The internal DNS or BIND_DLZ. In some cases, it might be necessary to revise this decision because of problems, limitations or other reasons. In the following, we will describe how to change the DNS backend on a Samba AD Domain Controller. |
|||
'''See the [[Host_information_used_in_documentation|host information used in documentation]] page for used paths, hostnames, etc.''' |
|||
= Changing From the Samba Internal DNS Server to the BIND9_DLZ Back End = |
|||
Run on your domain controller (DC): |
|||
= Changing from Samba internal DNS to BIND_DLZ = |
|||
* [[BIND9_DLZ_DNS_Back_End| |
* Set up and configure the <code>BIND9_DLZ</code> back end. For details, see [[BIND9_DLZ_DNS_Back_End|BIND9_DLZ Back End]]. |
||
* |
* Shut down the Samba service. |
||
* Migrate the |
* Migrate the back end: |
||
# |
# samba_upgradedns --dns-backend=BIND9_DLZ |
||
* Use one of the following ways to disable the internal DNS in your <code>smb.conf</code> file: |
|||
:* If you have a <code>server services</code> parameter, remove the <code>dns</code> option. For example: |
|||
⚫ | |||
:* If you do not have a <code>server services</code> parameter, add the following line: |
|||
* Change the "server services" parameter. There are three ways to enable BIND_DLZ and disable the internal DNS: |
|||
:1st way: If do not have this parameter in your smb.conf, add it just with the "-dns" option. All other values are taken from the defaults (see man page). |
|||
server services = -dns |
server services = -dns |
||
:2nd way: If do not have this parameter in your smb.conf, add this line: |
|||
⚫ | |||
:3rd way: If you do have this parameter in your smb.conf, Remove the "dns" option: |
|||
⚫ | |||
* Enable |
* Enable the BIND service to start at boot time. See your distribution's documentation for details. |
||
* Start the BIND service. |
|||
⚫ | |||
= Changing From the BIND9_DLZ Back End to the Samba Internal DNS Server = |
|||
Run on your domain controller (DC): |
|||
* |
* Shut down the BIND service. |
||
* Disable the automatic start of the BIND service at boot time. See your distribution's documentation for details. |
|||
⚫ | |||
* Shut down the Samba service. |
|||
* Migrate the back end: |
|||
⚫ | |||
* Use one of the following ways to disable the <code>BIND9_DLZ</code> module in your <code>smb.conf</code> file:: |
|||
:* Replace the <code>-dns</code> with the <code>dns</code> option in the <code>server services</code> parameter. For example: |
|||
= Changing from BIND_DLZ to Samba internal DNS = |
|||
server services = 3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate<s>, -dns</s> dns |
|||
* Shutdown BIND |
|||
:* The internal DNS is one of the default settings of the <code>server services</code> parameter. Remove the <code>-dns</code> option to disable the <code>BIND9_DLZ</code> module. For example: |
|||
* Disable automatic startup of BIND at boot time, e. g. by using "chkconfig", "systemctl", etc. - depending on your distribution. |
|||
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate<s>, dns</s> |
|||
* Shutdown Samba |
|||
:* If you only have the <code>-dns</code> option listed in the <code>server services</code> parameter, remove the entire parameter: |
|||
* Migrate the backend to Samba internal DNS |
|||
⚫ | |||
⚫ | |||
* Change the "server services" parameter. there are three ways to disable BIND_DLZ and enable the internal DNS: |
|||
:1st way: The internal DNS is part of the "server services" defaults (see man page). Remove the "service services" parameter completely, only do this if the other options are also defaults. |
|||
<s>server services = ..... dns</s> |
|||
:2nd way: Add the "dns" option to the "server services" parameter: |
|||
server services = ..... dns |
|||
:3rd way: Change the "-dns" option to "dns": |
|||
server services = ........ <s>-dns</s> dns |
|||
* Start Samba |
* Start the Samba service. |
||
Revision as of 01:47, 12 October 2016
Introduction
Samba enables you to change switch between the INTERNAL_DNS
and BIND9_DLZ
DNS back end on your Active Directory (AD) domain controller (DC) without loosing data.
Changing From the Samba Internal DNS Server to the BIND9_DLZ Back End
Run on your domain controller (DC):
- Set up and configure the
BIND9_DLZ
back end. For details, see BIND9_DLZ Back End.
- Shut down the Samba service.
- Migrate the back end:
# samba_upgradedns --dns-backend=BIND9_DLZ
- Use one of the following ways to disable the internal DNS in your
smb.conf
file:
- If you have a
server services
parameter, remove thedns
option. For example:
- If you have a
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
- If you do not have a
server services
parameter, add the following line:
- If you do not have a
server services = -dns
- Enable the BIND service to start at boot time. See your distribution's documentation for details.
- Start the BIND service.
- Start the Samba service.
Changing From the BIND9_DLZ Back End to the Samba Internal DNS Server
Run on your domain controller (DC):
- Shut down the BIND service.
- Disable the automatic start of the BIND service at boot time. See your distribution's documentation for details.
- Shut down the Samba service.
- Migrate the back end:
# samba_upgradedns --dns-backend=SAMBA_INTERNAL
- Use one of the following ways to disable the
BIND9_DLZ
module in yoursmb.conf
file::
- Replace the
-dns
with thedns
option in theserver services
parameter. For example:
- Replace the
server services = 3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, -dnsdns
- The internal DNS is one of the default settings of the
server services
parameter. Remove the-dns
option to disable theBIND9_DLZ
module. For example:
- The internal DNS is one of the default settings of the
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate, dns
- If you only have the
-dns
option listed in theserver services
parameter, remove the entire parameter:
- If you only have the
server services = -dns
- Start the Samba service.