Configuring BIND9 for Linux AD-DC on Ubuntu 18.04 is the stage from which the whole action begins after we have done the initial configuration of Ubuntu Server 18.04. Without bind9 configuration, we will not be able to initialize Linux AD-DC on Ubuntu Server 18.04. Also, in principle, things are the same in all other operating systems on which Linux AD-DC can be raised. The exception, of course, is initializing a domain controller using SAMBA INTERNAL DNS. But this series of articles will talk about initializing a domain controller on Ubuntu Server 18.04 using BIND9 DLZ and an ISC-DHCP server.
Why article on setting up bind9 for Linux AD-DC on Ubuntu 18.04
And not for example not Ubuntu 20? It should be noted right away that Ubuntu 18.04 or Ubuntu 20.04 here means, first of all, Ubuntu Server 18.04 and Ubuntu Server 20.04. But you need to understand that setting up Linux AD-DC for Ubuntu 18.04 Desktop and Ubuntu Server 18.04 will be absolutely identical in terms of the set of commands and installed packages. I just don’t make a big difference between Ubuntu Server and ubuntu Desktop, and for the server load, except for the terminal server, I use Ubuntu Server, trite in order to save resources consumed by virtual machines.
Current state of Ubuntu 20.04
So, the article talks about configuring Linux AD-DC for Ubuntu 18.04, because quite recently, in June-July 2020, Samba released a new version, which is perhaps a watershed in terms of technologies used to update DNS records in the local zone of a domain controller. If earlier and in this article, the nsupdate utility was used for these purposes. Samba has recently started using the samba-tool for this. Therefore, the instructions developed for Ubuntu 18.04, based on installing the latest packages from the Ubuntu 18.04 repositories, are not suitable for Ubuntu 20.04 due to different approaches to working with the DNS zone.
Also in the Ubuntu 20.04 repositories is bind9 version 9.16.x. In turn, at the time of this writing, the latest dlz module available when installing Samba4 is compatible with bind 9.12.x. And if with bind9 version 9.14.x this DLZ module still worked without errors, then with version 9.16.x and the samba-tool utility, the server syslog begins to be replete with errors referring specifically to the DLZ module code. After weighing the pros and cons, I decided to postpone adapting the Linux AD-DC setup instructions for Ubuntu 20 and focus on updating and updating the same instructions for Ubuntu 18.04. I have little faith that package updates delivered these days in Ubuntu 20.04 can reach the Ubuntu 18.04 repositories. And after half a year or a year, when all the updates are mostly installed, it will be possible to adapt this instruction for Ubuntu 20.
Purpose of the article – Configuring BIND9 for Linux AD-DC
The purpose of this article is not only to update the information from the previous one. This article will be with blackjack and harlots. If earlier, during configuration, the domain was initialized using the samba_internal DNS server and was only able to control authorization and serve dns names of clients connected to it, this article will use BIND9 + dhcpd and all the ensuing delights, such as automatic creation of DNS A records in the local zone. , for devices that received an address via DHCP. That is, any device, not just domain members. Initially, I planned to arrange the information in the form of one article. But taught by bitter experience of the complexity of maintaining such articles, I will publish this manual in the form of 5 separate articles, thereby creating 5 thematic posts with their own discussion threads each. But the needy will overcome :). Feel free to ask questions in the comments where you saw this tutorial. If this is one of the sites where I post content, then I will definitely answer.
-
Installing Ubuntu Server 18.04
Useful Post-Installation Commands# Update system sudo apt update && sudo apt dist-upgrade -y # Install a set of network utilities including the familiar ifconfig sudo apt install net-tools # Find out the current ip address ip addr show ifconfig # Find out the current default gateway ip route show
-
Setting the server name
The server name must be set BEFORE initializing the domain controller.
-
Setting a static IP
The domain controller must have a static IP address, it is commonplace because if it changes its address, the domain will cease to function.
-
Versions of key packages used in the article
Recently, package versions have become fatally important when reproducing instructions because here:
- Samba4: Version 4.7.6-Ubuntu
- bind9 (named): BIND 9.11.3-1ubuntu1.13-Ubuntu (Extended Support Version) <id: a375815>
-
Configuring BIND9 for Linux AD-DC – Part 1
It is noteworthy that the installation of the domain begins with the installation of the DNS server, a package distributed separately from samba4. It is possible later, but in this case you will have to do additional body movements. In order to avoid this, you first need to install bind and partially configure it. Install, create zones, carry out the initial configuration
-
We put BIND9_DLZ
sudo apt install bind9
First of all we check the bind version
named -v
At the time of writing, the Ubuntu 18.04 repository has version 9.11.3
-
See where bind keeps named.conf
named -V | grep sysco
As a result, we will see something like this:
–sysconfdir = / etc / bind – this is the folder where the named.conf file is located
-
We look where the dns server keeps the cache
sudo cat / etc / passwd | grep bind
As a result, we see something like this:
We will need the / var / cache / bind directory for further configuration
-
Checking named.conf
nano /etc/bind/named.conf
As a result, we see:
We need the files in red
-
Editing named.conf.options
First of all, we make a backup and edit the file
sudo cp /etc/bind/named.conf.options /etc/bind/named.conf.options_bak sudo nano /etc/bind/named.conf.options
We delete its contents and replace with the following:
# Global settings options { auth-nxdomain yes; directory "/ var / cache / bind"; # Bind cache folder notify no; empty-zones-enable no; tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; minimal-responses yes; # IP addresses and subnets from which requests will be processed allow-query { 127.0.0.1; 192.168.1.0/24; # Current local network ag-dc-1.adminguide.lan }; # IP addresses and subnets from which recursive requests will be processed # (Zones not served by this DNS server) allow-recursion { 127.0.0.1; 192.168.1.0/24; # Current local network ag-dc-1.adminguide.lan }; # Redirect requests for which there is no information in the local zone # to the following servers: forwarders { 192.168.1.1; # DNS forwarder IP address 8.8.8.8; # DNS forwarder IP address 8.8.4.4; # DNS forwarder IP address }; # Zone transfer ban allow-transfer { none; }; };
-
Editing named.conf.default-zones
sudo cp /etc/bind/named.conf.default-zones /etc/bind/named.conf.default-zones_bak sudo nano /etc/bind/named.conf.default-zones
We delete its contents and replace with the following:
# Root servers # (Required for recursive queries) zone "." { type hint; file "named.root"; }; # localhost zone zone "localhost" { type master; file "master / localhost.zone"; }; # 127.0.0. zone. zone "0.0.127.in-addr.arpa" { type master; file "master / 0.0.127.zone"; };
-
Go to the section: “Ubuntu Domain Controller – Configuration – Part 1”
At this stage, we have done everything necessary. Now you can start installing and configuring samba4
-
At the moment, all text content is published a week earlier on my Zen blog. Russian-language premieres of video lessons are also held there 🙂
The videos are also published on the Youtube channel, but there are first English-language premieres 🙂
Vkontakte Comments
Default Comments