[Samba] DNS problem when adding new record using samba-tool

Peter Ross Petros.Listig at fdrive.com.au
Tue Aug 5 02:36:37 MDT 2014 

Hi all,

I am setting up a new AD server with Samba 4.1.11 from the FreeBSD ports.

I struggle with the internal DNS. I add a new CNAME record but it does not
show up properly.

I gave the AD domain a new DNS domain (domain.fda) and the server the name
samba4.domain.fda.

I am using the internal DNS, and a forwarder to a bind server in the same
network.

After the AD provision I have this here (/etc/resolv.conf pointing to
itself on 192.168.50.216)

# host -v samba4.domain.fda.
Trying "samba4.domain.fda"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10796
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;samba4.domain.fda.             IN      A

;; ANSWER SECTION:
samba4.domain.fda.      900     IN      A       192.168.50.216

Received 51 bytes from 192.168.50.216#53 in 0 ms
Trying "samba4.domain.fda"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54131
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;samba4.domain.fda.             IN      AAAA

Received 35 bytes from 192.168.50.216#53 in 0 ms
Trying "samba4.domain.fda"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20043
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;samba4.domain.fda.             IN      MX

Received 35 bytes from 192.168.50.216#53 in 0 ms

Good.

Adding a CNAME:

# samba-tool dns add samba4 domain.fda proxy CNAME proxy.vv.fda. -U
Administrator
Password for [DOMAIN\Administrator]:
Record added successfully

Looks good.

proxy.vv.fda resolves, see:

# host proxy.vv.fda.
proxy.vv.fda is an alias for squid.vv.fda.
squid.vv.fda has address 192.168.50.222

But:

# host -v proxy.domain.fda.
Trying "proxy.domain.fda"
Trying "proxy.domain.fda.domain.fda"
Host proxy.domain.fda not found: 3(NXDOMAIN)
Received 45 bytes from 192.168.50.216#53 in 0 ms

Not good.

But it works if I query samba using the samba-tool:

# samba-tool dns query samba4 domain.fda proxy CNAME  -U Administrator
Password for [DOMAIN\Administrator]:
  Name=, Records=1, Children=0
    CNAME: proxy.vv.fda. (flags=f0, serial=2, ttl=900)

Why isn't it showing up in "normal DNS"?

Below the zonelist for samba4 if needed.

Thanks for any help
Peter

# samba-tool dns zonelist samba4  -U Administrator
Password for [DOMAIN\Administrator]:
  2 zone(s) found

  pszZoneName                 : domain.fda
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
DNS_DP_ENLISTED
  pszDpFqdn                   : DomainDnsZones.domain.fda

  pszZoneName                 : _msdcs.domain.fda
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
DNS_DP_ENLISTED
  pszDpFqdn                   : ForestDnsZones.domain.fda

More information about the samba mailing list