bind_dlz and views and samba
As I understand it bind_dlz does not support multiple views, I have to following scenario and am trying to figure out how to configure it: * Internal (192.168.10.0/24) o resolve internal domain xyz.com o resolve internal samba domain xyz.lab o resolve single address xyz.3cx.us to 192.168.10.25 * External is resolved by a different server and xyz.3cx.us resolves to a public address * VPN (10.9.0.0/24) o resolve internal domain xyz.com o resolve internal samba domain xyz.lab o resolve single address xyz.3cx.us via normal public dns or alternatively resolve to external address I initially set this up with views: acl internals { 192.168.10.0/24; 192.168.11.0/24; localhost; }; acl vpn { 10.9.0.0/24; }; view trusted { match-clients { internals; }; zone "MYDOMAIN.com" IN { type master; file "/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; }; zone "3cx.us" IN { type master; file "/etc/bind/db.3cx.us"; allow-update { none; }; }; }; view vpn { match-clients { vpn; }; zone "MYDOMAIN.com" IN { type master; file "/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; }; }; But this crashes as soon as I add: dlz "AD DNS Zone" { database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_18.so"; }; So I split out DNS from ADDC, configured bind on DC to forward to another DNS and setup views there, but that doesnt work either as all requests now come from IP of the DC and so the ACLs wont match. Any ideas how I can accomplish this? Peter -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
named 100% utilization
we are having a problem with bind that has been happening for about a week. one of named's threads goes to 100% and then named stops responding to any dns requests. I have logging turned on and dont see anything out of the ordinary. It's not crashing. Any recommendations on where to start administrator@nc1:~$ named -version BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu (Extended Support Version) administrator@nc1:~$ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 22.04.4 LTS Release: 22.04 Codename: jammy Config files: administrator@nc1:/etc/bind$ cat named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; administrator@nc1:/etc/bind$ cat named.conf.options logging { channel default_file { file "/var/log/named/default.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel general_file { file "/var/log/named/general.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel database_file { file "/var/log/named/database.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel security_file { file "/var/log/named/security.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel config_file { file "/var/log/named/config.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel resolver_file { file "/var/log/named/resolver.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel xfer-in_file { file "/var/log/named/xfer-in.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel xfer-out_file { file "/var/log/named/xfer-out.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel notify_file { file "/var/log/named/notify.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel client_file { file "/var/log/named/client.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel unmatched_file { file "/var/log/named/unmatched.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel queries_file { file "/var/log/named/queries.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel network_file { file "/var/log/named/network.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel update_file { file "/var/log/named/update.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel dispatch_file { file "/var/log/named/dispatch.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel dnssec_file { file "/var/log/named/dnssec.log" versions 3 size 5m; severity dynamic; print-time yes; }; channel lame-servers_file { file "/var/log/named/lame-servers.log" versions 3 size 5m; severity dynamic; print-time yes; }; category default { default_file; }; category general { general_file; }; category database { database_file; }; category security { security_file; }; category config { config_file; }; category resolver { resolver_file; }; category xfer-in { xfer-in_file; }; category xfer-out { xfer-out_file; }; category notify { notify_file; }; category client { client_file; }; category unmatched { unmatched_file; }; category queries { queries_file; }; category network { network_file; }; category update { update_file; }; category dispatch { dispatch_file; }; category dnssec { dnssec_file; }; category lame-servers { lame-servers_file; }; }; options { directory "/var/cache/bind"; version "Go Away 0.0.7"; notify no; empty-zones-enable no; auth-nxdomain yes; forwarders { 8.8.8.8; 8.8.4.4; }; allow-transfer { none; }; dnssec-validation no; listen-on-v6 { none; }; listen-on port 53 { 192.168.10.11; 127.0.0.1; ::1; }; minimal-responses yes; tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; }; administrator@nc1:/etc/bind$ cat n