[Samba] Samba internal DNS strange behavior to ssh client lookup request

Werthmuller, Derek dwerthmu at ctg.albany.edu
Fri Nov 22 08:13:43 MST 2013

Answers to my own question.

Understand why this behaves this way.  No its not a bug in samba internal DNS.  I believe its how the resolver libraries work in the ssh client (ssh client didn't chek multiple nameserver resources).  It also points out a bit how the Samba AD DNS setup works.
1) my incorrect assumption was that the DNS forwarder address, found in smb.conf, would be used for any address space the AD DNS was not authority for and if it didn't have an entry for a system within its authority space.   The last part about forwarding to another DNS server if the internal AD DNS doesn't have an entry for it doesn't work, and appears to be by design.
2) My plan was to use the samba DNS only for sort of the windows network, and leave webservers and such to the other already existing DNS server.  This case only works if the client resolver will check multiple DNS resources if the first( being the AD DNS) fails.  Nslookup resolver does check multiple DNS resources often found in /etc/resolv.conf.  Samab AD documentation states to place the AD address in the first  nameserver entry for the resolv.conf.
3) my new plan is to place more hosts in the samba AD  DNS than originally anticipated.  I've seen posts suggesting creating a separate DNS domain for AD so that you don't have to pull all DNS in the AD for a given domain/subnet.  Not sure if this is a good idea - it seems that if a host have multiple roles and would be found in both DNS server than the clients resolvers and cache could become confused.


-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Werthmuller, Derek
Sent: Tuesday, November 19, 2013 1:25 PM
To: samba at lists.samba.org
Subject: [Samba] Samba internal DNS strange behavior to ssh client lookup request

Running a new install of samba 4.1  AD, also using winbind to handle Linux user, group authorizing users.

I'm have problems with DNS lookups for ssh client don't work  nslookup on the same  AD and member system works fine.
For example: I can run nslookup example.com and it returns a valid answer right way.  If I try to ssh -l username example.com , ssh returns "ssh: Could not resolve hostname example.com : Name or service not known"

Samba is configured with dns forwarder = external DNS server.

Samba DNS tests work.
Such as host -t SRV _ldap._tcp.example.com /etc/resolve.conf
Configured with nameserver of the DC as the top item in list.   If I move the DC nameserver entry lower in the list and place the external DNS at the top then ssh dns lookups work fine. (but then the samba lookups don't work properly)
Any Advice here?


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list