[Samba] Forward lookup DNS Issues samba 4.1.12-9 el6

L.P.H. van Belle belle at bazuin.nl
Mon Sep 29 06:13:34 MDT 2014 

Hi 

To give some insight. 
Cause of this can be : 

EDNS 
DNSSEC 

which you can disable/enable in bind. 

my internal dns servers ( the DC's) point to my proxy dns as forwarder
which has also a slave for the DC servers, and this server resolvs to the internet. 

I use-ing these settings in bind for now the proxy server. ( a NON samba server ) 
        dnssec-enable yes;
        dnssec-validation yes;
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { none; };

on the samba servers ( the DC's im using ) 
        dnssec-validation auto;
        auth-nxdomain yes;    # conform to RFC1035 =no
        listen-on-v6 { none; };

Lots to read about EDNS and DNSSEC, but thats for you ;-) 

Best regards, 

Louis


>-----Oorspronkelijk bericht-----
>Van: heupink at merit.unu.edu 
>[mailto:samba-bounces at lists.samba.org] Namens mourik jan 
>heupink - merit
>Verzonden: maandag 29 september 2014 14:00
>Aan: Neil
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] Forward lookup DNS Issues samba 4.1.12-9 el6
>
>Hi,
>
>I did not notice this problem, but that doesn't mean we didn't 
>have it: 
>our 'old' config was: three resolvers pushed via shcp, all three our 
>dc's. And I perhaps they never failed at the same time. :-)
>
>However, I'm actually quite happy with this setup, and I'll keep it 
>around. Even if this problem gets resolved.
>
>Sven: why are you unhappy with this setup? I like it, actually.
>
>MJ
>
>On 09/29/2014 12:54 PM, Neil wrote:
>> Hi guys,
>>
>> Thanks for the responses and suggestions.
>>
>> Harry you mentioned you also had the same problem, MJ did you
>> experience the same problem and is that why you also have 
>the internal
>> caching DNS servers?
>>
>> I just want to try find out how many people experience this issue and
>> if it's a known issue?
>>
>> Thanks.
>>
>> Regards.
>>
>> Neil Wilson.
>>
>>
>>
>> On Mon, Sep 29, 2014 at 12:28 PM, mourik jan heupink - merit
>> <heupink at merit.unu.edu> wrote:
>>> What we have:
>>>
>>> One (or wto) internal caching dns server pointing to the 
>samba dc's plus to
>>> external dns servers.
>>>
>>> (samba4 'normally' with own internal dns, we did not switch 
>to bind there)
>>>
>>> Then all clients use this caching dns server, plus an 
>external for extra
>>> reliability.
>>>
>>> MJ
>>>
>>>
>>> On 09/29/2014 12:04 PM, Harry Jede wrote:
>>>>
>>>> On 11:55:13 wrote Neil:
>>>>>
>>>>> Hi guys,
>>>>>
>>>>> I know this sounds vague and I'll try to explain in more 
>depth now,
>>>>> but firstly, does Samba4 internal DNS, cache any records that were
>>>>> looked up from a forwarder, and then secondly what is the default
>>>>> timeout for waiting for a DNS lookup off of a DNS forwarder?
>>>>>
>>>>> I've installed two new Samba4 PDC's(using the built in 
>DNS server and
>>>>> not named) for two separate sites, and both had an existing DNS
>>>>> server using named configured with multiple forwarders and both
>>>>> sites retained the existing named DNS servers and 
>forwarders. Since
>>>>> the Samba4 PDC's went in users now have their DNS's set to the
>>>>> Samba4 machines and nothing else. Then the Samba4 is configured to
>>>>> just lookup any Internet names it doesn't know about via 
>the single
>>>>> forwarder off of the older caching named servers.
>>>>>
>>>>> Sporadically I seem to get an instant DNS resolution 
>failure(almost
>>>>> like my named caching DNS server wasn't even checked), but if you
>>>>> refresh or run the same ping again, the name then 
>resolves straight
>>>>> away. I can understand if a DNS name doesn't resolve straight away
>>>>> due to line speed issues or packet loss, but usually I'd 
>expect this
>>>>> would take a few seconds to timeout and not fail instantly.
>>>>>
>>>>> If I use my old named caching DNS server I don't get the same
>>>>> behaviour, does anyone know why we would experience this?
>>>>
>>>> No,
>>>> but I have had a similiary situation some weeks ago. I solved the
>>>> problem this way:
>>>>
>>>> switch from internal DNS to bind8 or bind9 with DLZ, see samba wiki
>>>> declare this bind instance as "forward only"
>>>> make your current internal forwarders a slave for your samba DNS
>>>>
>>>>>
>>>>> Thank you.
>>>>>
>>>>> Regards.
>>>>>
>>>>> Neil Wilson.
>>>>
>>>>
>>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list