[Samba] DNS problem when adding new record using samba-tool
Peter Ross
Petros.Listig at fdrive.com.au
Tue Aug 5 22:15:53 MDT 2014
Hi,
to follow up.. I found an older e-mail which suggests CNAMEs are broken
under samba4. Still true?
https://lists.samba.org/archive/samba-technical/2013-January/090240.html
Here my case - which (for me) suggests samba4 is not preoperly woirking as
a DNS server:
When I do a "host proxy.domain.fda", the traffic is:
14:08:27.473227 IP samba4.vv.fda.50057 > samba4.vv.fda.domain: 54908+ A?
proxy.domain.fda.domain.fda. (45)
14:08:27.473395 IP samba4.vv.fda.domain > samba4.vv.fda.50057: 54908
NXDomain- 0/0/0 (45)
even when the CNAME can be solved "host -t CNAME proxy.domain.fda":
14:09:46.162952 IP samba4.vv.fda.52435 > samba4.vv.fda.domain: 40243+
CNAME? proxy.domain.fda. (34)
14:09:46.163344 IP samba4.vv.fda.domain > samba4.vv.fda.52435: 40243*
1/0/0 CNAME proxy.vv.fda. (57)
proxy.vv.fda resolves on the forwarder and a CNAME itself. So what is the
traffic goes there ("host proxy.domain.fda")?
14:11:22.520133 IP samba4.vv.fda.28484 > bind.domain: 39432+ [1au] A?
proxy.vv.fda. (41)
14:11:22.520222 IP bind.domain > samba4.vv.fda.28484: 39432* 2/2/3 CNAME
squid.vv.fda., A 192.168.50.222 (152)
So, this DNS server (bind 9.10) sends the CNAME back, and the A record
this one is pointing to.
If I am not mistaken, it means CNAME is broken in Samba4.
Can someone confirm this?
Thanks
Peter
Peter Ross wrote:
> Hi all,
>
> I am setting up a new AD server with Samba 4.1.11 from the FreeBSD ports.
>
> I struggle with the internal DNS. I add a new CNAME record but it does not
> show up properly.
>
> I gave the AD domain a new DNS domain (domain.fda) and the server the name
> samba4.domain.fda.
>
> I am using the internal DNS, and a forwarder to a bind server in the same
> network.
>
> After the AD provision I have this here (/etc/resolv.conf pointing to
> itself on 192.168.50.216)
>
> # host -v samba4.domain.fda.
> Trying "samba4.domain.fda"
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10796
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;samba4.domain.fda. IN A
>
> ;; ANSWER SECTION:
> samba4.domain.fda. 900 IN A 192.168.50.216
>
> Received 51 bytes from 192.168.50.216#53 in 0 ms
> Trying "samba4.domain.fda"
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54131
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;samba4.domain.fda. IN AAAA
>
> Received 35 bytes from 192.168.50.216#53 in 0 ms
> Trying "samba4.domain.fda"
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20043
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;samba4.domain.fda. IN MX
>
> Received 35 bytes from 192.168.50.216#53 in 0 ms
>
> Good.
>
> Adding a CNAME:
>
> # samba-tool dns add samba4 domain.fda proxy CNAME proxy.vv.fda. -U
> Administrator
> Password for [DOMAIN\Administrator]:
> Record added successfully
>
> Looks good.
>
> proxy.vv.fda resolves, see:
>
> # host proxy.vv.fda.
> proxy.vv.fda is an alias for squid.vv.fda.
> squid.vv.fda has address 192.168.50.222
>
> But:
>
> # host -v proxy.domain.fda.
> Trying "proxy.domain.fda"
> Trying "proxy.domain.fda.domain.fda"
> Host proxy.domain.fda not found: 3(NXDOMAIN)
> Received 45 bytes from 192.168.50.216#53 in 0 ms
>
> Not good.
>
> But it works if I query samba using the samba-tool:
>
> # samba-tool dns query samba4 domain.fda proxy CNAME -U Administrator
> Password for [DOMAIN\Administrator]:
> Name=, Records=1, Children=0
> CNAME: proxy.vv.fda. (flags=f0, serial=2, ttl=900)
>
> Why isn't it showing up in "normal DNS"?
>
> Below the zonelist for samba4 if needed.
>
> Thanks for any help
> Peter
>
> # samba-tool dns zonelist samba4 -U Administrator
> Password for [DOMAIN\Administrator]:
> 2 zone(s) found
>
> pszZoneName : domain.fda
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.domain.fda
>
> pszZoneName : _msdcs.domain.fda
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
> DNS_DP_ENLISTED
> pszDpFqdn : ForestDnsZones.domain.fda
>
>
More information about the samba
mailing list