The Samba AD DNS Back Ends: Difference between revisions
(→Internal DNS: Recursive queries option was removed, also some other little changes) |
Mmuehlfeld (talk | contribs) (Added 'A note on DNS problems' section (was in the 'join as DC' howto before)) |
||
| Line 28: | Line 28: | ||
Run against external servers (Windows or BIND) |
Run against external servers (Windows or BIND) |
||
SERVER_IP=<dns server ip> SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns |
SERVER_IP=<dns server ip> SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns |
||
=BIND 9.8.0 DLZ plug-in= |
=BIND 9.8.0 DLZ plug-in= |
||
| Line 36: | Line 37: | ||
Module is built with Samba, handles RFC 1035 and RFC 2136 |
Module is built with Samba, handles RFC 1035 and RFC 2136 |
||
=BIND & samba_dnsupdate= |
=BIND & samba_dnsupdate= |
||
| Line 44: | Line 46: | ||
samba_dnsupdate script shipped with Samba, lets BIND handle DNS and just dynamically modifies AD-related information. |
samba_dnsupdate script shipped with Samba, lets BIND handle DNS and just dynamically modifies AD-related information. |
||
= A note on DNS problems = |
|||
If you have problems with resolving the new added DNS entries, you maybe want to check the following: |
|||
Files in samba/private/dns/sam.ldb.d/ are hardlinks to samba/private/sam.ldb.d/. |
|||
Maybe you've copied/moved it across filesystems and the hardlinking got lost |
|||
and you're now running with two different copies of the databases at the moment. |
|||
If you "ls -i" on the two folders, you should see, that the following files |
|||
have the same inodes (what indicates, that they are hard-linked): |
|||
# la -i .../samba/private/sam.ldb.d/ |
|||
17344368 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DDOMAINDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb |
|||
17344370 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DFORESTDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb |
|||
17344372 -rw-rw---- 2 root named 421888 11. Nov 17:53 metadata.tdb |
|||
# la -i .../samba/private/dns/sam.ldb.d/ |
|||
17344368 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DDOMAINDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb |
|||
17344370 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DFORESTDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb |
|||
17344372 -rw-rw---- 2 root named 421888 11. Nov 17:53 metadata.tdb |
|||
If the files in the two folders have different inode numbers, then they |
|||
aren't hard-links. To fix this, stop samba, move the three files to a save |
|||
place (just to have a backup/copy of it) and hard-link them again: |
|||
# cd .../samba/private/dns/sam.ldb.d/ |
|||
# ln ../../sam.ldb.d/DC%3DDOMAINDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb . |
|||
# ln ../../sam.ldb.d/DC%3DFORESTDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb . |
|||
# ln ../../sam.ldb.d/metadata.tdb . |
|||
Now start samba again. |
|||
Revision as of 17:50, 19 November 2012
Internal DNS
Developing and using the DNS server built into Samba. AD backend.
Status
As of early September 2012, the internal DNS server is fully functional, for both GSS-TSIG-signed and unsigned updates.
Configuration
There are three options that can be added to smb.conf to control the behavior of DNS at this point:
# Allow unsigned updates | don't allow any updates | only allow signed updates allow dns updates = True | False | signed # If recursive queries = yes is set, the following is also needed dns forwarder = <ip addr of external dns server>
Known Issues
The samba_dnsupdate command sometimes doesn't work for signed updates. We're currenly investigating. Client systems like samba3 or Win7 work fine.
Tests
Run during make test
TDB_NO_FSYNC=1 make test TESTS=samba.tests.dns
Run against external servers (Windows or BIND)
SERVER_IP=<dns server ip> SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns
BIND 9.8.0 DLZ plug-in
Dynamically loaded zones plug-in for BIND 9.8.0. AD backend.
Status
Module is built with Samba, handles RFC 1035 and RFC 2136
BIND & samba_dnsupdate
Non-AD backend, but works with older BINDs.
Status
samba_dnsupdate script shipped with Samba, lets BIND handle DNS and just dynamically modifies AD-related information.
A note on DNS problems
If you have problems with resolving the new added DNS entries, you maybe want to check the following:
Files in samba/private/dns/sam.ldb.d/ are hardlinks to samba/private/sam.ldb.d/. Maybe you've copied/moved it across filesystems and the hardlinking got lost and you're now running with two different copies of the databases at the moment.
If you "ls -i" on the two folders, you should see, that the following files have the same inodes (what indicates, that they are hard-linked):
# la -i .../samba/private/sam.ldb.d/ 17344368 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DDOMAINDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb 17344370 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DFORESTDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb 17344372 -rw-rw---- 2 root named 421888 11. Nov 17:53 metadata.tdb # la -i .../samba/private/dns/sam.ldb.d/ 17344368 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DDOMAINDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb 17344370 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DFORESTDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb 17344372 -rw-rw---- 2 root named 421888 11. Nov 17:53 metadata.tdb
If the files in the two folders have different inode numbers, then they aren't hard-links. To fix this, stop samba, move the three files to a save place (just to have a backup/copy of it) and hard-link them again:
# cd .../samba/private/dns/sam.ldb.d/ # ln ../../sam.ldb.d/DC%3DDOMAINDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb . # ln ../../sam.ldb.d/DC%3DFORESTDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb . # ln ../../sam.ldb.d/metadata.tdb .
Now start samba again.