The Samba AD DNS Back Ends: Difference between revisions
(suggest samba_upgradedns rather than manually making the hard links.) |
Mmuehlfeld (talk | contribs) m (Added info how to check if the DNS databases aren't hard-linked.) |
||
Line 54: | Line 54: | ||
Files in samba/private/dns/sam.ldb.d/ are hardlinks to samba/private/sam.ldb.d/. |
Files in samba/private/dns/sam.ldb.d/ are hardlinks to samba/private/sam.ldb.d/. |
||
Maybe you've copied/moved it across filesystems and the hardlinking got lost |
Maybe you've copied/moved it across filesystems and the hardlinking got lost |
||
and you're now running with two different copies of the databases at the moment |
and you're now running with two different copies of the databases at the moment |
||
(You can test this by adding a new DNS entry, e. g. by samba-tool. If you can't |
|||
resolve it, check if the inodes differ). |
|||
If you "ls -i" on the two folders, you should see, that the following files |
If you "ls -i" on the two folders, you should see, that the following files |
||
Line 72: | Line 74: | ||
aren't hard-links. To fix this, run |
aren't hard-links. To fix this, run |
||
samba_upgradedns --dns-backend=BIND9_DLZ |
# samba_upgradedns --dns-backend=BIND9_DLZ |
||
This will recreate the DNS files with correct hard links and permissions. |
This will recreate the DNS files with correct hard links and permissions. |
Revision as of 18:19, 22 February 2013
Internal DNS
Developing and using the DNS server built into Samba. AD backend.
Status
As of early September 2012, the internal DNS server is fully functional, for both GSS-TSIG-signed and unsigned updates.
Configuration
There are three options that can be added to smb.conf to control the behavior of DNS at this point:
# Allow unsigned updates | don't allow any updates | only allow signed updates allow dns updates = True | False | signed # If recursive queries = yes is set, the following is also needed dns forwarder = <ip addr of external dns server>
Known Issues
The samba_dnsupdate command produces warnings when used with signed updates. We're currenly investigating a fix for the warnings, but the updates actually succeed. Client systems like samba3 or Win7 work fine
Tests
Run during make test
TDB_NO_FSYNC=1 make test TESTS=samba.tests.dns
Run against external servers (Windows or BIND)
SERVER_IP=<dns server ip> SERVER=<dns server name> REALM=<dns server domain name part> PYTHONPATH=`pwd`/bin/python ./source4/scripting/bin/subunitrun samba.tests.dns
BIND 9.8.0 DLZ plug-in
Dynamically loaded zones plug-in for BIND 9.8.0. AD backend.
Status
Module is built with Samba, handles RFC 1035 and RFC 2136
BIND & samba_dnsupdate
Non-AD backend, but works with older BINDs.
Status
samba_dnsupdate script shipped with Samba, lets BIND handle DNS and just dynamically modifies AD-related information.
A note on DNS problems with BIND9 DLZ
If you have problems with resolving the new added DNS entries using the BIND9 DLZ interface, you maybe want to check the following:
Files in samba/private/dns/sam.ldb.d/ are hardlinks to samba/private/sam.ldb.d/. Maybe you've copied/moved it across filesystems and the hardlinking got lost and you're now running with two different copies of the databases at the moment (You can test this by adding a new DNS entry, e. g. by samba-tool. If you can't resolve it, check if the inodes differ).
If you "ls -i" on the two folders, you should see, that the following files have the same inodes (what indicates, that they are hard-linked):
# ls -lai .../samba/private/sam.ldb.d/ 17344368 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DDOMAINDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb 17344370 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DFORESTDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb 17344372 -rw-rw---- 2 root named 421888 11. Nov 17:53 metadata.tdb # ls -lai .../samba/private/dns/sam.ldb.d/ 17344368 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DDOMAINDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb 17344370 -rw-rw---- 2 root named 4251648 11. Nov 18:27 DC%3DFORESTDNSZONES,DC%3DSAMBA,DC%3DEXAMPLE,DC%3DCOM.ldb 17344372 -rw-rw---- 2 root named 421888 11. Nov 17:53 metadata.tdb
If the files in the two folders have different inode numbers, then they aren't hard-links. To fix this, run
# samba_upgradedns --dns-backend=BIND9_DLZ
This will recreate the DNS files with correct hard links and permissions.
Then restart BIND9.