bind_dlz and views and samba
As I understand it bind_dlz does not support multiple views, I have to
following scenario and am trying to figure out how to configure it:
* Internal (192.168.10.0/24)
o resolve internal domain xyz.com
o resolve internal samba domain xyz.lab
o resolve single address xyz.3cx.us to 192.168.10.25
* External is resolved by a different server and xyz.3cx.us resolves
to a public address
* VPN (10.9.0.0/24)
o resolve internal domain xyz.com
o resolve internal samba domain xyz.lab
o resolve single address xyz.3cx.us via normal public dns or
alternatively resolve to external address
I initially set this up with views:
acl internals { 192.168.10.0/24; 192.168.11.0/24; localhost; };
acl vpn { 10.9.0.0/24; };
view trusted {
match-clients { internals; };
zone "MYDOMAIN.com" IN { type master; file
"/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
zone "3cx.us" IN { type master; file "/etc/bind/db.3cx.us";
allow-update { none; }; };
};
view vpn {
match-clients { vpn; };
zone "MYDOMAIN.com" IN { type master; file
"/etc/bind/db.MYDOMAIN.com"; allow-update { none; }; };
};
But this crashes as soon as I add:
dlz "AD DNS Zone" {
database "dlopen
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_18.so";
};
So I split out DNS from ADDC, configured bind on DC to forward to
another DNS and setup views there, but that doesnt work either as all
requests now come from IP of the DC and so the ACLs wont match.
Any ideas how I can accomplish this?
Peter
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
named 100% utilization
we are having a problem with bind that has been happening for about a
week. one of named's threads goes to 100% and then named stops
responding to any dns requests. I have logging turned on and dont see
anything out of the ordinary. It's not crashing. Any recommendations on
where to start
administrator@nc1:~$ named -version
BIND 9.18.18-0ubuntu0.22.04.2-Ubuntu (Extended Support Version)
administrator@nc1:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Codename: jammy
Config files:
administrator@nc1:/etc/bind$ cat named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
administrator@nc1:/etc/bind$ cat named.conf.options
logging {
channel default_file {
file "/var/log/named/default.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel general_file {
file "/var/log/named/general.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel database_file {
file "/var/log/named/database.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel security_file {
file "/var/log/named/security.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel config_file {
file "/var/log/named/config.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel resolver_file {
file "/var/log/named/resolver.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-in_file {
file "/var/log/named/xfer-in.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel xfer-out_file {
file "/var/log/named/xfer-out.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel notify_file {
file "/var/log/named/notify.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel client_file {
file "/var/log/named/client.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel unmatched_file {
file "/var/log/named/unmatched.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel queries_file {
file "/var/log/named/queries.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel network_file {
file "/var/log/named/network.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel update_file {
file "/var/log/named/update.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dispatch_file {
file "/var/log/named/dispatch.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel dnssec_file {
file "/var/log/named/dnssec.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
channel lame-servers_file {
file "/var/log/named/lame-servers.log" versions 3 size 5m;
severity dynamic;
print-time yes;
};
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
options {
directory "/var/cache/bind";
version "Go Away 0.0.7";
notify no;
empty-zones-enable no;
auth-nxdomain yes;
forwarders { 8.8.8.8; 8.8.4.4; };
allow-transfer { none; };
dnssec-validation no;
listen-on-v6 { none; };
listen-on port 53 { 192.168.10.11; 127.0.0.1; ::1; };
minimal-responses yes;
tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab";
};
administrator@nc1:/etc/bind$ cat n
