Samba4/DNS

From SambaWiki
Revision as of 15:33, 5 December 2012 by Bilbo (talk | contribs) (→‎Overview)

Overview

This page describes how to setup static DNS for Samba 4 on Fedora Core 10. It assumes that Samba is already installed in INSTALL_DIR (e.g. /usr/local/samba). DNS can be installed either on the same machine as Samba or on a separate machine.


Please note that this is for versions of Bind prior to 9.8. Most of the current documentation for Samba4 assumes DLZ (Dynamic loaded zones), in either Bind 9.8 or later, or in the internal DNS service.

Installation

% yum install bind

Configuration

Configuring Domain Zone

Copy zone data file generated by Samba:

% cp $INSTALL_DIR/example.com.zone /var/named/dynamic

Edit zone data file /var/named/dynamic/example.com.zone:

$ORIGIN example.com.
$TTL 1W
@                       IN SOA  example.com. root.example.com. (
                                01              ; serial
                                2D              ; refresh
                                4H              ; retry
                                6W              ; expiry
                                1W )            ; minimum

                        IN NS   ns1

ns1                     IN A    192.168.1.100
samba1                  IN A    192.168.1.101

gc._msdcs               IN CNAME        samba1
27f515e4-f5af-4396-bc93-130013076ab7._msdcs     IN CNAME        samba1

_gc._tcp                IN SRV 0 100 3268       samba1
_gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268       samba1
_ldap._tcp.gc._msdcs    IN SRV 0 100 389        samba1
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs     IN SRV 0 100 389 samba1

_ldap._tcp              IN SRV 0 100 389        samba1
_ldap._tcp.dc._msdcs    IN SRV 0 100 389        samba1
_ldap._tcp.pdc._msdcs   IN SRV 0 100 389        samba1
_ldap._tcp.b168ccf1-d862-4146-8cea-0021f3c88feb IN SRV 0 100 389        samba1
_ldap._tcp.b168ccf1-d862-4146-8cea-0021f3c88feb.domains._msdcs          IN SRV 0 100 389 samba1
_ldap._tcp.Default-First-Site-Name._sites               IN SRV 0 100 389 samba1
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs     IN SRV 0 100 389 samba1

_kerberos._tcp          IN SRV 0 100 88         samba1
_kerberos._tcp.dc._msdcs        IN SRV 0 100 88 samba1
_kerberos._tcp.Default-First-Site-Name._sites   IN SRV 0 100 88 samba1
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 samba1
_kerberos._udp          IN SRV 0 100 88         samba1

_kerberos-master._tcp           IN SRV 0 100 88         samba1
_kerberos-master._udp           IN SRV 0 100 88         samba1

_kpasswd._tcp           IN SRV 0 100 464        samba1
_kpasswd._udp           IN SRV 0 100 464        samba1

_kerberos               IN TXT  EXAMPLE.COM

Configuring Reverse Mapping

Create reverse mapping file /var/named/192.168.1.rev:

$ORIGIN 1.168.192.in-addr.arpa.
$TTL    1W
@                       IN SOA  example.com. root.example.com. (
                                01              ; serial
                                2D              ; refresh
                                4H              ; retry
                                6W              ; expiry
                                1W )            ; minimum

                        IN NS                   ns1.example.com.

100                     IN PTR                  ns1.example.com.
101                     IN PTR                  samba1.example.com.

Configuring File Ownership

Set file ownership:

% chown named.named /var/named/dynamic/example.com.zone
% chown named.named /var/named/192.168.1.rev

Copy zone configuration file:

% cp $INSTALL_DIR/named.conf /etc/named-samba.conf
% chown named.named /etc/named-samba.conf

Configuring DNS

Edit /etc/named.conf:

options {
        #listen-on port 53 { 127.0.0.1; };
        #listen-on-v6 port 53 { ::1; };
        #allow-query     { localhost; };
        ...
};

include "/etc/named-samba.conf";

Edit /etc/named-samba.conf:

zone "example.com." IN {
        type master;
        file "/var/named/dynamic/example.com.zone";
};

zone "1.168.192.in-addr.arpa." IN {
        type master;
        file "192.168.1.rev";
};

Restart DNS:

% service named restart

Multiple Samba Instances

The DNS can to be configured such that it points to multiple Samba instances for failover.

$ORIGIN example.com.
$TTL 1W
@               IN SOA  example.com. root.example.com. (
                                01           ; serial
                                2D           ; refresh
                                4H           ; retry
                                6W           ; expiry
                                1W )         ; minimum
                IN NS   ns1

                IN A    192.168.1.101
                IN A    192.168.1.102

ns1             IN A    192.168.1.100
samba1          IN A    192.168.1.101
samba2          IN A    192.168.1.102

gc._msdcs       IN CNAME        samba1
ff3b280e-6caa-11de-ab0a-e44b8f038cdc._msdcs     IN CNAME        samba1

_gc._tcp        IN SRV 0 100 3268       samba1
_gc._tcp.Default-First-Site-Name._sites IN SRV 0 100 3268       samba1

_ldap._tcp.gc._msdcs    IN SRV 0 100 389        samba1
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs     IN SRV 0 100 389 samba1

_ldap._tcp              IN SRV 0 100 389        samba1
_ldap._tcp              IN SRV 0 100 389        samba2

_ldap._tcp.dc._msdcs    IN SRV 0 100 389        samba1
_ldap._tcp.dc._msdcs    IN SRV 0 100 389        samba2

_ldap._tcp.pdc._msdcs   IN SRV 0 100 389        samba1

_ldap._tcp.ff3b2587-6caa-11de-ab0a-e44b8f038cdc IN SRV 0 100 389        samba1
_ldap._tcp.ff3b2587-6caa-11de-ab0a-e44b8f038cdc IN SRV 0 100 389        samba2

_ldap._tcp.ff3b2587-6caa-11de-ab0a-e44b8f038cdc.domains._msdcs          IN SRV 0 100 389 samba1
_ldap._tcp.ff3b2587-6caa-11de-ab0a-e44b8f038cdc.domains._msdcs          IN SRV 0 100 389 samba2

_ldap._tcp.Default-First-Site-Name._sites               IN SRV 0 100 389 samba1
_ldap._tcp.Default-First-Site-Name._sites               IN SRV 0 100 389 samba2

_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs     IN SRV 0 100 389 samba1
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs     IN SRV 0 100 389 samba2

_kerberos._tcp          IN SRV 0 100 88         samba1
_kerberos._tcp          IN SRV 0 100 88         samba2

_kerberos._tcp.dc._msdcs        IN SRV 0 100 88 samba1
_kerberos._tcp.dc._msdcs        IN SRV 0 100 88 samba2

_kerberos._tcp.Default-First-Site-Name._sites   IN SRV 0 100 88 samba1
_kerberos._tcp.Default-First-Site-Name._sites   IN SRV 0 100 88 samba2

_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 samba1
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs IN SRV 0 100 88 samba2

_kerberos._udp          IN SRV 0 100 88         samba1
_kerberos._udp          IN SRV 0 100 88         samba2

_kerberos-master._tcp           IN SRV 0 100 88         samba1
_kerberos-master._tcp           IN SRV 0 100 88         samba2

_kerberos-master._udp           IN SRV 0 100 88         samba1
_kerberos-master._udp           IN SRV 0 100 88         samba2

_kpasswd._tcp           IN SRV 0 100 464        samba1
_kpasswd._tcp           IN SRV 0 100 464        samba2

_kpasswd._udp           IN SRV 0 100 464        samba1
_kpasswd._udp           IN SRV 0 100 464        samba2

_kerberos               IN TXT  EXAMPLE.COM

Verification

Execute the following commands to verify DNS:

% dig _kerberos.example.com TXT @localhost
...
;; ANSWER SECTION:
_kerberos.example.com.	604800	IN	TXT	"EXAMPLE.COM"
...
% dig _ldap._tcp.dc._msdcs.example.com SRV @localhost
...
;; ANSWER SECTION:
_ldap._tcp.dc._msdcs.example.com. 604800 IN SRV 0 100 389 samba2.example.com.
_ldap._tcp.dc._msdcs.example.com. 604800 IN SRV 0 100 389 samba1.example.com.
...