[Samba] BIND9_DLZ CNAME Records Not Resolving from Windows Workstations
Thomas Simmons
twsnnva at gmail.com
Thu Feb 14 19:20:09 MST 2013
Hello,
In an effort to get MX and CNAME records working, I have migrated from
Samba's internal DNS to bind9_dlz. I am now seeing strange behavior where
CNAME records resolve correctly on the S4 DC, but not from workstations.
Please see the case below where I have foo.internal.testdom.com aliased to
google.com using a CNAME record. I do not understand why this is occurring
This should work, correct? Does anyone see something that I am missing? I
am completely stumped and greatly appreciate any input. Thanks, Thomas.
First, I ensure the Windows system and the DC are pointing to the same DNS
server (DC is pointing to itself)...
C:\Users\Admin1>ipconfig /all
Windows IP Configuration
...
DNS Suffix Search List. . . . . . : internal.testdom.com
...
DNS Servers . . . . . . . . . . . : 10.1.1.254
[root at DC1 ~]# cat /etc/resolv.conf
nameserver 10.1.1.254
search internal.testdom.com
Just to be sure the Windows workstation is using the correct DNS, I alter
the record for my vpn server to a nonsense IP of 1.2.3.4...
C:\Users\Admin1>ping vpn.internal.testdom.com -n 1
Pinging vpn.internal.testdom.com [1.2.3.4] with 32 bytes of data:
Request timed out.
Ping statistics for 1.2.3.4:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
[root at DC1 ~]# ping vpn.internal.testdom.com -c 1
PING vpn.internal.testdom.com (1.2.3.4) 56(84) bytes of data.
--- vpn.internal.testdom.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 10000ms
Works as expected. Now I test the CNAME on the DC (samba-tool dns query,
dig, ping)...
[root at DC1 ~]# samba-tool dns query dc1 internal.testdom.com foo CNAME
Name=, Records=1, Children=0
CNAME: google.com. (flags=f0, serial=62, ttl=0)
[root at dc1 ~]# dig foo.internal.testdom.com CNAME
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>>
foo.internal.testdom.com CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62924
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;foo.internal.testdom.com. IN CNAME
;; ANSWER SECTION:
foo.internal.testdom.com. 0 IN CNAME google.com.
;; AUTHORITY SECTION:
internal.testdom.com. 900 IN NS dc1.internal.testdom.com.
;; ADDITIONAL SECTION:
dc1.internal.testdom.com. 900 IN A 10.1.1.254
;; Query time: 2 msec
;; SERVER: 10.1.1.254#53(10.1.1.254)
;; WHEN: Thu Feb 14 21:01:24 2013
;; MSG SIZE rcvd: 100
[root at DC1 ~]# ping foo.internal.testdom.com -c 1
PING google.com (74.125.228.98) 56(84) bytes of data.
64 bytes from iad23s08-in-f2.1e100.net (74.125.228.98): icmp_seq=1 ttl=54
time=18.6 ms
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 20ms
rtt min/avg/max/mdev = 18.696/18.696/18.696/0.000 ms
Perfect! Now from the Windows workstation.
C:\Users\Admin1>ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Admin1>ping foo.internal.testdom.com
Ping request could not find host foo.internal.testdom.com. Please check the
name
and try again.
More information about the samba
mailing list