[Samba] DNS problem when adding new record using samba-tool

Peter Ross Petros.Listig at fdrive.com.au
Tue Aug 5 22:32:03 MDT 2014 

Sorry for my ramblings.. this seems to be this bug:

https://bugzilla.samba.org/show_bug.cgi?id=9409

Any chance that it gets fixed?

Regards
Peter

Peter Ross wrote:
> Hi,
>
> to follow up.. I found an older e-mail which suggests CNAMEs are broken
> under samba4. Still true?
>
> https://lists.samba.org/archive/samba-technical/2013-January/090240.html
>
> Here my case - which (for me) suggests samba4 is not properly working as
> a DNS server:
>
> When I do a "host proxy.domain.fda", the traffic is:
>
> 14:08:27.473227 IP samba4.vv.fda.50057 > samba4.vv.fda.domain: 54908+ A?
> proxy.domain.fda.domain.fda. (45)
> 14:08:27.473395 IP samba4.vv.fda.domain > samba4.vv.fda.50057: 54908
> NXDomain- 0/0/0 (45)
>
> even when the CNAME can be solved "host -t CNAME proxy.domain.fda":
>
> 14:09:46.162952 IP samba4.vv.fda.52435 > samba4.vv.fda.domain: 40243+
> CNAME? proxy.domain.fda. (34)
> 14:09:46.163344 IP samba4.vv.fda.domain > samba4.vv.fda.52435: 40243*
> 1/0/0 CNAME proxy.vv.fda. (57)
>
> proxy.vv.fda resolves on the forwarder and a CNAME itself. So what is the
> traffic goes there ("host proxy.domain.fda")?
>
> 14:11:22.520133 IP samba4.vv.fda.28484 > bind.domain: 39432+ [1au] A?
> proxy.vv.fda. (41)
> 14:11:22.520222 IP bind.domain > samba4.vv.fda.28484: 39432* 2/2/3 CNAME
> squid.vv.fda., A 192.168.50.222 (152)
>
> So, this DNS server (bind 9.10) sends the CNAME back, and the A record
> this one is pointing to.
>
> If I am not mistaken, it means CNAME is broken in Samba4.
>
> Can someone confirm this?
>
> Thanks
> Peter
>
> Peter Ross wrote:
>> Hi all,
>>
>> I am setting up a new AD server with Samba 4.1.11 from the FreeBSD
>> ports.
>>
>> I struggle with the internal DNS. I add a new CNAME record but it does
>> not
>> show up properly.
>>
>> I gave the AD domain a new DNS domain (domain.fda) and the server the
>> name
>> samba4.domain.fda.
>>
>> I am using the internal DNS, and a forwarder to a bind server in the
>> same
>> network.
>>
>> After the AD provision I have this here (/etc/resolv.conf pointing to
>> itself on 192.168.50.216)
>>
>> # host -v samba4.domain.fda.
>> Trying "samba4.domain.fda"
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10796
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;samba4.domain.fda.             IN      A
>>
>> ;; ANSWER SECTION:
>> samba4.domain.fda.      900     IN      A       192.168.50.216
>>
>> Received 51 bytes from 192.168.50.216#53 in 0 ms
>> Trying "samba4.domain.fda"
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54131
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;samba4.domain.fda.             IN      AAAA
>>
>> Received 35 bytes from 192.168.50.216#53 in 0 ms
>> Trying "samba4.domain.fda"
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20043
>> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;samba4.domain.fda.             IN      MX
>>
>> Received 35 bytes from 192.168.50.216#53 in 0 ms
>>
>> Good.
>>
>> Adding a CNAME:
>>
>> # samba-tool dns add samba4 domain.fda proxy CNAME proxy.vv.fda. -U
>> Administrator
>> Password for [DOMAIN\Administrator]:
>> Record added successfully
>>
>> Looks good.
>>
>> proxy.vv.fda resolves, see:
>>
>> # host proxy.vv.fda.
>> proxy.vv.fda is an alias for squid.vv.fda.
>> squid.vv.fda has address 192.168.50.222
>>
>> But:
>>
>> # host -v proxy.domain.fda.
>> Trying "proxy.domain.fda"
>> Trying "proxy.domain.fda.domain.fda"
>> Host proxy.domain.fda not found: 3(NXDOMAIN)
>> Received 45 bytes from 192.168.50.216#53 in 0 ms
>>
>> Not good.
>>
>> But it works if I query samba using the samba-tool:
>>
>> # samba-tool dns query samba4 domain.fda proxy CNAME  -U Administrator
>> Password for [DOMAIN\Administrator]:
>>   Name=, Records=1, Children=0
>>     CNAME: proxy.vv.fda. (flags=f0, serial=2, ttl=900)
>>
>> Why isn't it showing up in "normal DNS"?
>>
>> Below the zonelist for samba4 if needed.
>>
>> Thanks for any help
>> Peter
>>
>> # samba-tool dns zonelist samba4  -U Administrator
>> Password for [DOMAIN\Administrator]:
>>   2 zone(s) found
>>
>>   pszZoneName                 : domain.fda
>>   Flags                       : DNS_RPC_ZONE_DSINTEGRATED
>> DNS_RPC_ZONE_UPDATE_SECURE
>>   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>>   Version                     : 50
>>   dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
>> DNS_DP_ENLISTED
>>   pszDpFqdn                   : DomainDnsZones.domain.fda
>>
>>   pszZoneName                 : _msdcs.domain.fda
>>   Flags                       : DNS_RPC_ZONE_DSINTEGRATED
>> DNS_RPC_ZONE_UPDATE_SECURE
>>   ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>>   Version                     : 50
>>   dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT
>> DNS_DP_ENLISTED
>>   pszDpFqdn                   : ForestDnsZones.domain.fda
>>
>>
>
>

More information about the samba mailing list