[Samba] NXDOMAIN on forwarded DNS requests for non-existant names
Rob Joyce
rj_t1 at redglow.org
Sun Apr 13 08:00:31 MDT 2014
Hi all,
I have a Samba 4.1.6 domain controller set up with SAMBA_INTERNAL for DNS.
When I make a DNS query for a host name that doesn’t exist, but that Samba
would be authoritative for, I get the expected NXDOMAIN. But when I make
a DNS query that Samba forwards to a recursive DNS server, again for a
host that doesn’t exist, I simply get an empty response. I've verified
that the recursive server is returning NXDOMAIN, while Samba returns
NOERROR (see below). This yields funny behavior with the 'host'
command, for instance, giving no output but returning success.
Any ideas? Thanks!
_Rob
e.g., querying Samba:
% dig anonexistantdomain.com @127.0.0.1
; <<>> DiG <<>> anonexistantdomain.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64553
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;anonexistantdomain.com. IN A
;; AUTHORITY SECTION:
com. 900 IN SOA a.gtld-servers.net.
nstld.verisign-grs.com. 1397367170 1800 900 604800 86400
;; Query time: 81 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Apr 13 01:33:00 2014
;; MSG SIZE rcvd: 124
then querying the recursive DNS server directly:
% dig anonexistantdomain.com @8.8.8.8
; <<>> DiG <<>> anonexistantdomain.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53651
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;anonexistantdomain.com. IN A
;; AUTHORITY SECTION:
com. 897 IN SOA a.gtld-servers.net.
nstld.verisign-grs.com. 1397367170 1800 900 604800 86400
;; Query time: 59 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Apr 13 01:33:03 2014
;; MSG SIZE rcvd: 113
More information about the samba
mailing list