cabrini-bind-DLZ<\/a><\/p>\nriavviare samba-ad-dc e bind
\n\/etc\/init.d\/samba-ad-dc restart
\n\/etc\/init.d\/named restart<\/p>\n
Verifica che bind sia in ascolto sulla 53<\/p>\n
root@cabrini:\/etc\/bind# netstat -tapn | grep 53
\ntcp \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00 \u00a0\u00a0\u00a0\u00a0\u00a00 192.168.3.229:53 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00.0.0.0:* \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN \u00a0\u00a0\u00a0\u00a0\u00a03473\/named
\ntcp \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00 \u00a0\u00a0\u00a0\u00a0\u00a00 192.168.3.229:53 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00.0.0.0:* \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN \u00a0\u00a0\u00a0\u00a0\u00a03473\/named
\ntcp \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00 \u00a0\u00a0\u00a0\u00a0\u00a00 127.0.0.1:53 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00.0.0.0:* \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN \u00a0\u00a0\u00a0\u00a0\u00a03473\/named
\ntcp \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00 \u00a0\u00a0\u00a0\u00a0\u00a00 127.0.0.1:53 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00.0.0.0:* \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN \u00a0\u00a0\u00a0\u00a0\u00a03473\/named
\ntcp \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00 \u00a0\u00a0\u00a0\u00a0\u00a00 127.0.0.1:953 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00.0.0.0:* \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN \u00a0\u00a0\u00a0\u00a0\u00a03473\/named
\ntcp \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00 \u00a0\u00a0\u00a0\u00a0\u00a00 0.0.0.0:49153 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00.0.0.0:* \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN \u00a0\u00a0\u00a0\u00a0\u00a03307\/samba: task[rp
\ntcp6 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a00 \u00a0\u00a0\u00a0\u00a0\u00a00 :::49153 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0:::* \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN \u00a0\u00a0\u00a0\u00a0\u00a03307\/samba: task[rp<\/p>\n
Verificare query locali e ricorsive
\nroot@cabrini:\/etc\/bind# dig @localhost google.it<\/p>\n
; <<>> DiG 9.16.37-Debian <<>> @localhost google.it
\n; (2 servers found)
\n;; global options: +cmd
\n;; Got answer:
\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54597
\n;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1<\/p>\n
;; OPT PSEUDOSECTION:
\n; EDNS: version: 0, flags:; udp: 1232
\n; COOKIE: 805c77ac60cbcaca01000000644cc60b80a844784a56f37d (good)
\n;; QUESTION SECTION:
\n;google.it. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A<\/p>\n
;; ANSWER SECTION:
\ngoogle.it. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0300 \u00a0\u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0142.250.184.99<\/p>\n
;; Query time: 40 msec
\n;; SERVER: 127.0.0.1#53(127.0.0.1)
\n;; WHEN: Sat Apr 29 09:23:55 CEST 2023
\n;; MSG SIZE \u00a0rcvd: 82<\/p>\n
root@cabrini:\/etc\/bind# dig @localhost cabrini.myfirm.lan<\/p>\n
; <<>> DiG 9.16.37-Debian <<>> @localhost cabrini.myfirm.lan
\n; (2 servers found)
\n;; global options: +cmd
\n;; Got answer:
\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12197
\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1<\/p>\n
;; OPT PSEUDOSECTION:
\n; EDNS: version: 0, flags:; udp: 1232
\n; COOKIE: b9159eda2bd53d9701000000644cc6dbb948d67ea615b1d0 (good)
\n;; QUESTION SECTION:
\n;cabrini.myfirm.lan. \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A<\/p>\n
;; ANSWER SECTION:
\ncabrini.myfirm.lan. 900 \u00a0\u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0A \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0192.168.3.229<\/p>\n
;; Query time: 0 msec
\n;; SERVER: 127.0.0.1#53(127.0.0.1)
\n;; WHEN: Sat Apr 29 09:27:23 CEST 2023
\n;; MSG SIZE \u00a0rcvd: 95<\/p>\n
root@cabrini:\/etc\/bind# dig -t SRV @localhost _ldap._tcp.myfirm.lan<\/p>\n
; <<>> DiG 9.16.37-Debian <<>> -t SRV @localhost _ldap._tcp.myfirm.lan
\n; (2 servers found)
\n;; global options: +cmd
\n;; Got answer:
\n;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37855
\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1<\/p>\n
;; OPT PSEUDOSECTION:
\n; EDNS: version: 0, flags:; udp: 1232
\n; COOKIE: 0a387ab2332cd15001000000644cc73ce1960667500ef837 (good)
\n;; QUESTION SECTION:
\n;_ldap._tcp.myfirm.lan. \u00a0\u00a0\u00a0\u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0SRV<\/p>\n
;; ANSWER SECTION:
\n_ldap._tcp.myfirm.lan. 900 \u00a0IN \u00a0\u00a0\u00a0\u00a0\u00a0SRV \u00a0\u00a0\u00a0\u00a00 100 389 cabrini.myfirm.lan.<\/p>\n
;; Query time: 4 msec
\n;; SERVER: 127.0.0.1#53(127.0.0.1)
\n;; WHEN: Sat Apr 29 09:29:00 CEST 2023
\n;; MSG SIZE \u00a0rcvd: 124<\/p>\n
E ci siamo.
\n <\/p>\n","protected":false},"excerpt":{"rendered":"
Nonostante samba venga fornito col suo DNS interno molti\u00a0 suggeriscono nonostante quest’ultimo acceda direttamente al SAM (database utenti) con massimi permessi\u00a0 e senza ACL di utilizzare Bind-DLZ, nel mio caso il server \u00e8 su una rete interna e dietro firewall una compromissione del Bind \u00e8 difficile; inoltre essendo su una rete nattata \u00e8 preferibile configurare […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8,14,11,6],"tags":[262,15,263],"class_list":["post-2311","post","type-post","status-publish","format-standard","hentry","category-linux","category-networking","category-samba","category-work","tag-bind-dlz","tag-dns","tag-samba-ad"],"_links":{"self":[{"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/2311","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2311"}],"version-history":[{"count":6,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/2311\/revisions"}],"predecessor-version":[{"id":2436,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=\/wp\/v2\/posts\/2311\/revisions\/2436"}],"wp:attachment":[{"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2311"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2311"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/clark.tipistrani.it\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2311"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}