[Samba] BIND9_DLZ CNAME Records Not Resolving from Windows Workstations

Thomas Simmons twsnnva at gmail.com
Fri Feb 15 06:58:33 MST 2013 

On Thu, Feb 14, 2013 at 11:45 PM, Gregory Sloop <gregs at sloop.net> wrote:

> -SNIP-
>
> TS> Perfect! Now from the Windows workstation.
>
> C:\Users\Admin1>>ipconfig /flushdns
> TS> Windows IP Configuration
> TS> Successfully flushed the DNS Resolver Cache.
>
> C:\Users\Admin1>>ping foo.internal.testdom.com
> TS> Ping request could not find host foo.internal.testdom.com. Please
> check the
> TS> name
> TS> and try again.
>
> A NSLookup trace would probably be more helpful, than just a non
> resolution from ping. Perhaps it won't show us anything, but it might.
>
> Hello Greg,

I used ping as it showed what was happening with less output, but here is
nslookup.

C:\Users\Admin1>nslookup foo.internal.testdom.com
Server:  UnKnown
Address:  10.1.1.254

Name:    foo.internal.testdom.com

[root at DC1 ~]# nslookup foo.internal.testdom.com
Server:         10.1.1.254
Address:        10.1.1.254#53

foo.internal.testdom.com        canonical name = google.com.
Name:   google.com
Address: 74.125.228.104
Name:   google.com
Address: 74.125.228.98
Name:   google.com
Address: 74.125.228.99
Name:   google.com
Address: 74.125.228.101
Name:   google.com
Address: 74.125.228.96
Name:   google.com
Address: 74.125.228.102
Name:   google.com
Address: 74.125.228.100
Name:   google.com
Address: 74.125.228.103
Name:   google.com
Address: 74.125.228.110
Name:   google.com
Address: 74.125.228.105
Name:   google.com
Address: 74.125.228.97

> ---
> Provided the nslookup trace show that the server you expect isn't
> giving answers, rather than some other problem...
>
> Is BIND configured to answer queries from hosts in the IP
> block that the station is in? [See listen-on and allow-query in BIND
> docs]
>
> The server can answer queries from the Windows workstation. This vpn
resolution test verifies this:

Just to be sure the Windows workstation is using the correct DNS, I alter
the record for my vpn server to a nonsense IP of 1.2.3.4...

C:\Users\Admin1>ping vpn.internal.testdom.com -n 1
Pinging vpn.internal.testdom.com [1.2.3.4] with 32 bytes of data:
Request timed out.
Ping statistics for 1.2.3.4:
    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
 [root at DC1 ~]# ping vpn.internal.testdom.com -c 1
PING vpn.internal.testdom.com (1.2.3.4) 56(84) bytes of data.
--- vpn.internal.testdom.com ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 10000ms

Here is nslookup of the same thing:

C:\Users\Admin1>nslookup vpn.internal.testdom.com
Server:  UnKnown
Address:  10.1.1.254

Name:    vpn.internal.testdom.com
Address:  1.2.3.4

[root at DC1 ~]# nslookup vpn.internal.testdom.com
Server:         10.1.1.254
Address:        10.1.1.254#53

Name:   vpn.internal.testdom.com
Address: 1.2.3.4


> -Greg
>
>

More information about the samba mailing list