[Samba] BIND9_DLZ CNAME Records Not Resolving from Windows Workstations

L.P.H. van Belle belle at bazuin.nl
Mon Feb 18 03:57:21 MST 2013 

Hai, 
do : ipconfig /all 

should look like this: 

P:\>ipconfig /all

Windows IP-configuratie

        Host-name  . . . . . . . . . . . .: FOO
        Primair DNS-achtervoegsel. . . . .: internal.testdom.com
        DNS-achtervoegselsearchlist . . . : internal.testdom.com

 
I bet on your linux in resolve.conf you have the following line. 

DOMAIN internal.testdom.com
SEARCH internal.testdom.com 

In windows after adding to domain, you loose your search option, aka. 
Its set to the domain name. 

For example. PCNAME
My NT domain is called HOMEOFFICE. 
My DNS domain is called internal.testdom.com 

PC name after adding to NT domain, : PCNAME.HOMEOFFICE 
and not pcname.internal.testcom.com 


Also, if you used Forwarders in BIND, remove them. 
add nameserver IP to resolve.conf

resolv.conf should look like. 

domain internal.testdom.com
search internal.testdom.com 
# first look in own DB. 
nameserver 127.0.0.1 
# now look up the internet thingies. 
nameserver DNS1PROVIDER
nameserver DNS2PROVIDER
nameserver DNS3PROVIDER
nameserver DNS4PROVIDER


Help this helps a bit. 

Louis



>-----Oorspronkelijk bericht-----
>Van: twsnnva at gmail.com [mailto:samba-bounces at lists.samba.org] 
>Namens Thomas Simmons
>Verzonden: vrijdag 15 februari 2013 14:59
>Aan: Greg Sloop
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] BIND9_DLZ CNAME Records Not Resolving 
>from Windows Workstations
>
>On Thu, Feb 14, 2013 at 11:45 PM, Gregory Sloop 
><gregs at sloop.net> wrote:
>
>> -SNIP-
>>
>> TS> Perfect! Now from the Windows workstation.
>>
>> C:\Users\Admin1>>ipconfig /flushdns
>> TS> Windows IP Configuration
>> TS> Successfully flushed the DNS Resolver Cache.
>>
>> C:\Users\Admin1>>ping foo.internal.testdom.com
>> TS> Ping request could not find host foo.internal.testdom.com. Please
>> check the
>> TS> name
>> TS> and try again.
>>
>> A NSLookup trace would probably be more helpful, than just a non
>> resolution from ping. Perhaps it won't show us anything, but 
>it might.
>>
>> Hello Greg,
>
>I used ping as it showed what was happening with less output, 
>but here is
>nslookup.
>
>C:\Users\Admin1>nslookup foo.internal.testdom.com
>Server:  UnKnown
>Address:  10.1.1.254
>
>Name:    foo.internal.testdom.com
>
>[root at DC1 ~]# nslookup foo.internal.testdom.com
>Server:         10.1.1.254
>Address:        10.1.1.254#53
>
>foo.internal.testdom.com        canonical name = google.com.
>Name:   google.com
>Address: 74.125.228.104
>Name:   google.com
>Address: 74.125.228.98
>Name:   google.com
>Address: 74.125.228.99
>Name:   google.com
>Address: 74.125.228.101
>Name:   google.com
>Address: 74.125.228.96
>Name:   google.com
>Address: 74.125.228.102
>Name:   google.com
>Address: 74.125.228.100
>Name:   google.com
>Address: 74.125.228.103
>Name:   google.com
>Address: 74.125.228.110
>Name:   google.com
>Address: 74.125.228.105
>Name:   google.com
>Address: 74.125.228.97
>
>> ---
>> Provided the nslookup trace show that the server you expect isn't
>> giving answers, rather than some other problem...
>>
>> Is BIND configured to answer queries from hosts in the IP
>> block that the station is in? [See listen-on and allow-query in BIND
>> docs]
>>
>> The server can answer queries from the Windows workstation. This vpn
>resolution test verifies this:
>
>Just to be sure the Windows workstation is using the correct 
>DNS, I alter
>the record for my vpn server to a nonsense IP of 1.2.3.4...
>
>C:\Users\Admin1>ping vpn.internal.testdom.com -n 1
>Pinging vpn.internal.testdom.com [1.2.3.4] with 32 bytes of data:
>Request timed out.
>Ping statistics for 1.2.3.4:
>    Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
> [root at DC1 ~]# ping vpn.internal.testdom.com -c 1
>PING vpn.internal.testdom.com (1.2.3.4) 56(84) bytes of data.
>--- vpn.internal.testdom.com ping statistics ---
>1 packets transmitted, 0 received, 100% packet loss, time 10000ms
>
>Here is nslookup of the same thing:
>
>C:\Users\Admin1>nslookup vpn.internal.testdom.com
>Server:  UnKnown
>Address:  10.1.1.254
>
>Name:    vpn.internal.testdom.com
>Address:  1.2.3.4
>
>[root at DC1 ~]# nslookup vpn.internal.testdom.com
>Server:         10.1.1.254
>Address:        10.1.1.254#53
>
>Name:   vpn.internal.testdom.com
>Address: 1.2.3.4
>
>
>> -Greg
>>
>>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list