Re: [Samba] (S4) Neither AXFR nor authoritative nameserving available?
On 12/22/2012 05:44 AM, Andrew Bartlett wrote: On Tue, 2012-12-18 at 11:58 -0500, Michael B. Trausch wrote: Hello all, I'd like to have redundant DNS in our setup. But it seems that Samba 4 does not yet support AXFR with its internal DNS server. Alright, that's fine, so I figured I'd configure the system such that at the very least, a caching nameserver was sitting in front of it. However, that doesn't work; the caching nameserver (BIND 9) returns SERVFAIL, apparently because Samba 4 isn't setting the authoritative bit on its DNS responses. That's odd. Please file a bug, so Kai can look into it. Well, I finally got it working, after an update. Yay. :) I still don't have the ability for AXFR, though, it seems. Is that supported, or in-the-works? Is this a known issue, a configuration error on my part, or something entirely different altogether? You could run another Samba DC to get the redundant DNS. I _could_... but I'm not there yet, and Samba seems to drop queries a fair bit on a lightly-loaded (about 1 QPS) network; what I mean there is that we've observed failure-to-resolve several times a day. This seems to have gone away now that we've turned off the forwarding option, and are using BIND in front of Samba 4 as a caching/forwarding nameserver. I'll know more as the week goes by. Another option is to run the bind9 server and the dlz plugin. I'd opted to not set this domain up that way because I figured it'd be easier to manage if Samba handled the domain itself. We could switch to BIND for the server, but I have three questions there: 1. Can we switch from Samba 4 - BIND without reprovisioning? 2. Is there any loss of client-side functionality (e.g., the Microsoft DNS tool)? 3. Are there any other downsides to using BIND over the internal Samba4 DNS? --- Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (S4) Neither AXFR nor authoritative nameserving available?
On Sun, 2012-12-23 at 14:20 -0500, Michael B. Trausch wrote: On 12/22/2012 05:44 AM, Andrew Bartlett wrote: On Tue, 2012-12-18 at 11:58 -0500, Michael B. Trausch wrote: Hello all, I'd like to have redundant DNS in our setup. But it seems that Samba 4 does not yet support AXFR with its internal DNS server. Alright, that's fine, so I figured I'd configure the system such that at the very least, a caching nameserver was sitting in front of it. However, that doesn't work; the caching nameserver (BIND 9) returns SERVFAIL, apparently because Samba 4 isn't setting the authoritative bit on its DNS responses. That's odd. Please file a bug, so Kai can look into it. Well, I finally got it working, after an update. Yay. :) I still don't have the ability for AXFR, though, it seems. Is that supported, or in-the-works? Neither, at this stage. Is this a known issue, a configuration error on my part, or something entirely different altogether? You could run another Samba DC to get the redundant DNS. I _could_... but I'm not there yet, and Samba seems to drop queries a fair bit on a lightly-loaded (about 1 QPS) network; what I mean there is that we've observed failure-to-resolve several times a day. This seems to have gone away now that we've turned off the forwarding option, and are using BIND in front of Samba 4 as a caching/forwarding nameserver. I'll know more as the week goes by. Another option is to run the bind9 server and the dlz plugin. I'd opted to not set this domain up that way because I figured it'd be easier to manage if Samba handled the domain itself. We could switch to BIND for the server, but I have three questions there: 1. Can we switch from Samba 4 - BIND without reprovisioning? Yes. See the samba_upgradedns script, which handles the switching required between backends. 2. Is there any loss of client-side functionality (e.g., the Microsoft DNS tool)? No. 3. Are there any other downsides to using BIND over the internal Samba4 DNS? The internal DNS is simpler, follows our internal handling of 'bind interfaces' and starts up with the rest of Samba. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] (S4) Neither AXFR nor authoritative nameserving available?
On Tue, 2012-12-18 at 11:58 -0500, Michael B. Trausch wrote: Hello all, I'd like to have redundant DNS in our setup. But it seems that Samba 4 does not yet support AXFR with its internal DNS server. Alright, that's fine, so I figured I'd configure the system such that at the very least, a caching nameserver was sitting in front of it. However, that doesn't work; the caching nameserver (BIND 9) returns SERVFAIL, apparently because Samba 4 isn't setting the authoritative bit on its DNS responses. That's odd. Please file a bug, so Kai can look into it. Is this a known issue, a configuration error on my part, or something entirely different altogether? You could run another Samba DC to get the redundant DNS. Another option is to run the bind9 server and the dlz plugin. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] (S4) Neither AXFR nor authoritative nameserving available?
Hello all, I'd like to have redundant DNS in our setup. But it seems that Samba 4 does not yet support AXFR with its internal DNS server. Alright, that's fine, so I figured I'd configure the system such that at the very least, a caching nameserver was sitting in front of it. However, that doesn't work; the caching nameserver (BIND 9) returns SERVFAIL, apparently because Samba 4 isn't setting the authoritative bit on its DNS responses. Is this a known issue, a configuration error on my part, or something entirely different altogether? Thanks, Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
