BIND9 DLZ DNS Back End

Revision as of 03:17, 21 January 2013 by Rixter (talk | contribs) (Created page with "==== Bind 9.8.0 or newer ==== If using BIND, the next step to get a working DNS setup for Samba is to start with the DNS configuration file that is created by the [[#Step 4: Pro…")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Bind 9.8.0 or newer

If using BIND, the next step to get a working DNS setup for Samba is to start with the DNS configuration file that is created by the provision step or if you are using any of the other samba-tool options (classicupgrade for example) you can specify --dns-backend=BIND9_DLZ or --dns-backend=BIND9_FLATFILE.

You can activate the configuration that the provision has created by including this configuration file in bind's named configuration file. This file is typically located in the /etc/bind directory, please refer to your distribution documentation for the location of this file on your system. Once located, add the following line to the configuration file:

include "/usr/local/samba/private/named.conf";

Edit that file to uncomment the correct dlz plugin line, based on your version of bind. Open the /usr/local/samba/private/named.conf file in a text editor and follow the instructions inside.

After adding that line you should restart your Bind server and check in the system logs for any problems. If available, you can run named-checkconf to help you fix any problems with your named configuration.

Bind 9.7.x

Users of bind-9.7.x are strongly encouraged to upgrade to bind-9.8 or bind-9.9. If this is not possible, refer to the section Configure Kerberos DNS Dynamic Updates for instructions on configuring bind-9.7.

Bind (All Versions)

A common problem you may encounter is that many modern Linux distributions activate 'Apparmor' or 'SELinux' by default, and these may be configured to deny access to Bind for your the named.conf and zone files created in the provision. If your Bind logs show that Bind is getting a access denied error accessing these files, please see your local system documentation for how to enable access to these files in Bind (hint: for Apparmor systems such as Ubuntu, the command aa-logprof may be useful).

  • Note: On Debian systems, the zone auto-generation might detect and use 127.0.1.1 as the domain controller's IP address. This will cause problems when trying to connect to the server from client machines. To fix this, you will need to adjust /usr/local/samba/private/named.conf by changing 127.0.1.1 to reflect the actual IP address of the server you're setting up.
  • Note: On Debian SID (bind9 package), /etc/bind/named.conf.options is missing and this will cause the named daemon to fail to start. To fix this either create an empty file, or comment out corresponding line in /etc/bind/named.conf. See your syslog messages for more information.