[Samba] DNS problems
Steve Campbell
campbell at cnpapers.com
Fri May 30 05:40:35 MDT 2014
On 5/29/2014 4:59 PM, Marcel de Reuver wrote:
> 2014-05-29 21:19 GMT+02:00 Steve Campbell <campbell at cnpapers.com>:
>
>> I'm running my AD now, but testing some things dependent on DNS does not
>> seem to be working.
>>
>> Our server is setup in our cnpapers.net domain and was provisioned using
>> Internal Samba DNS.
>>
>> The forwarder is set properly, and almost everything resolves. The
>> forwarder DNS server only has a subset of zones we use on it and it
>> forwards requests to our public/real DNS server. So a request would be
>> something like:
>>
>> DNS request -> DC -> Partial DNS server -> real DNS server.
>>
>> My problem is when I need the resolution of a server in cnpapers.netdomain, the only host that resolves from a Windows machine using the Samba
>> DNS is the DC server itself. It appears that all other requests to other
>> domains get forwarded properly.
>>
>
> The internal Samba DNS server acts like the primairy DNS server for your
> internal domain. Only DNS queries for hosts outsite your local domain will
> be forwarded.
Our local domain? Could this be part of the problem, I wonder? We have a
"real" domain on our public DNS server. That domain is named
cnpapers.net. I thought that when provisioning and indicating I should
use the internal samba dns, that it would create that zone with only the
proper entries for this domain, and forward the request for anything
else in the domain. I could be wrong.
> You have two options, update your internal Samba DNS server with all
> information of your internal domain or configure your "Partial DNS server"
> with the DNS records needed for your Samba DC. For more info this
> Wiki<https://wiki.samba.org/index.php/DNS#Changing_the_DNS_backend>
> for
> changing the DNS backend and this
> Wiki<https://wiki.samba.org/index.php/DNS_Backend_BIND>for more info
> about Bind as
> DNS backend.
>
I've read both of those sections. They seem a little thin on substance
other than indicating what should be done and how to switch them. That's
not a slam on the information itself, I just mean it only provides
information if things are going well. There's not much for my situation
in there. If provisioning is supposed to populate the zone with the
needed information when using the internal samba server for DNS, then
something is amiss.
I could use our public DNS for this and switch to Bind for our DNS, and
add the entries there in our cnpapers.net zone, but I'm not sure what
entries to add other that what is in the wiki to test for. I'm also not
sure why the internal zone wasn't populated. The DNS server in between
the Samba server and the public DNS server is used similar to a DNSBL
only, and only has zones we block on the internal network where the
Samba server lives. It doesn't have the cnpapers.net zone on it.
This in-between DNS server is set up as the server we forward to on the
Samba server. Our resolv.conf file has the following:
search cnpapers.net
nameserver 192.9.200.71
nameserver 192.9.200.53
192.9.200.71 is the Samba server
192.9.200.53 is the in-between DNS server
The in-between server forwards to our public DNS server where
cnpapers.net lives.
>
>> Now:
>> From the wiki Samba AD DC HOWTO:
>>
>> Testing DNS:
>> When doing any of the test in this section, I get failures. Example below
>>
>> host -t SRV _ldap._tcp.samdom.example.com.
>>
>>
> Not clear what is going wrong...
> What is the content of /etc/resolv.conf on your Samba server? What is the
> output of: samba_dnsupdate --verbose on your Samba server?
Our resolv.conf is listed above. Here's the output of samba_dnsupdate
/usr/local/samba/sbin/samba_dnsupdate --verbose
IPs: ['192.9.200.71']
Looking for DNS entry A cnpapers.net 192.9.200.71 as cnpapers.net.
Looking for DNS entry A cnfsp.cnpapers.net 192.9.200.71 as
cnfsp.cnpapers.net.
Looking for DNS entry A gc._msdcs.cnpapers.net 192.9.200.71 as
gc._msdcs.cnpapers.net.
Looking for DNS entry CNAME
969fcf82-0f68-4a26-a89d-3f8a46bb59ba._msdcs.cnpapers.net
cnfsp.cnpapers.net as
969fcf82-0f68-4a26-a89d-3f8a46bb59ba._msdcs.cnpapers.net.
Looking for DNS entry SRV _kpasswd._tcp.cnpapers.net cnfsp.cnpapers.net
464 as _kpasswd._tcp.cnpapers.net.
Checking 0 100 464 cnfsp.cnpapers.net. against SRV
_kpasswd._tcp.cnpapers.net cnfsp.cnpapers.net 464
Looking for DNS entry SRV _kpasswd._udp.cnpapers.net cnfsp.cnpapers.net
464 as _kpasswd._udp.cnpapers.net.
Checking 0 100 464 cnfsp.cnpapers.net. against SRV
_kpasswd._udp.cnpapers.net cnfsp.cnpapers.net 464
Looking for DNS entry SRV _kerberos._tcp.cnpapers.net cnfsp.cnpapers.net
88 as _kerberos._tcp.cnpapers.net.
Checking 0 100 88 cnfsp.cnpapers.net. against SRV
_kerberos._tcp.cnpapers.net cnfsp.cnpapers.net 88
Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.cnpapers.net
cnfsp.cnpapers.net 88 as _kerberos._tcp.dc._msdcs.cnpapers.net.
Checking 0 100 88 cnfsp.cnpapers.net. against SRV
_kerberos._tcp.dc._msdcs.cnpapers.net cnfsp.cnpapers.net 88
Looking for DNS entry SRV
_kerberos._tcp.default-first-site-name._sites.cnpapers.net
cnfsp.cnpapers.net 88 as
_kerberos._tcp.default-first-site-name._sites.cnpapers.net.
Checking 0 100 88 cnfsp.cnpapers.net. against SRV
_kerberos._tcp.default-first-site-name._sites.cnpapers.net
cnfsp.cnpapers.net 88
Looking for DNS entry SRV
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.cnpapers.net
cnfsp.cnpapers.net 88 as
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.cnpapers.net.
Checking 0 100 88 cnfsp.cnpapers.net. against SRV
_kerberos._tcp.default-first-site-name._sites.dc._msdcs.cnpapers.net
cnfsp.cnpapers.net 88
Looking for DNS entry SRV _kerberos._udp.cnpapers.net cnfsp.cnpapers.net
88 as _kerberos._udp.cnpapers.net.
Checking 0 100 88 cnfsp.cnpapers.net. against SRV
_kerberos._udp.cnpapers.net cnfsp.cnpapers.net 88
Looking for DNS entry SRV _ldap._tcp.cnpapers.net cnfsp.cnpapers.net 389
as _ldap._tcp.cnpapers.net.
Checking 0 100 389 cnfsp.cnpapers.net. against SRV
_ldap._tcp.cnpapers.net cnfsp.cnpapers.net 389
Looking for DNS entry SRV _ldap._tcp.dc._msdcs.cnpapers.net
cnfsp.cnpapers.net 389 as _ldap._tcp.dc._msdcs.cnpapers.net.
Checking 0 100 389 cnfsp.cnpapers.net. against SRV
_ldap._tcp.dc._msdcs.cnpapers.net cnfsp.cnpapers.net 389
Looking for DNS entry SRV _ldap._tcp.gc._msdcs.cnpapers.net
cnfsp.cnpapers.net 3268 as _ldap._tcp.gc._msdcs.cnpapers.net.
Checking 0 100 3268 cnfsp.cnpapers.net. against SRV
_ldap._tcp.gc._msdcs.cnpapers.net cnfsp.cnpapers.net 3268
Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.cnpapers.net
cnfsp.cnpapers.net 389 as _ldap._tcp.pdc._msdcs.cnpapers.net.
Checking 0 100 389 cnfsp.cnpapers.net. against SRV
_ldap._tcp.pdc._msdcs.cnpapers.net cnfsp.cnpapers.net 389
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.cnpapers.net
cnfsp.cnpapers.net 389 as
_ldap._tcp.default-first-site-name._sites.cnpapers.net.
Checking 0 100 389 cnfsp.cnpapers.net. against SRV
_ldap._tcp.default-first-site-name._sites.cnpapers.net
cnfsp.cnpapers.net 389
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.dc._msdcs.cnpapers.net
cnfsp.cnpapers.net 389 as
_ldap._tcp.default-first-site-name._sites.dc._msdcs.cnpapers.net.
Checking 0 100 389 cnfsp.cnpapers.net. against SRV
_ldap._tcp.default-first-site-name._sites.dc._msdcs.cnpapers.net
cnfsp.cnpapers.net 389
Looking for DNS entry SRV
_ldap._tcp.default-first-site-name._sites.gc._msdcs.cnpapers.net
cnfsp.cnpapers.net 3268 as
_ldap._tcp.default-first-site-name._sites.gc._msdcs.cnpapers.net.
Checking 0 100 3268 cnfsp.cnpapers.net. against SRV
_ldap._tcp.default-first-site-name._sites.gc._msdcs.cnpapers.net
cnfsp.cnpapers.net 3268
Looking for DNS entry SRV
_ldap._tcp.f53acd26-041a-412d-93c4-5b007de2a737.domains._msdcs.cnpapers.net
cnfsp.cnpapers.net 389 as
_ldap._tcp.f53acd26-041a-412d-93c4-5b007de2a737.domains._msdcs.cnpapers.net.
Checking 0 100 389 cnfsp.cnpapers.net. against SRV
_ldap._tcp.f53acd26-041a-412d-93c4-5b007de2a737.domains._msdcs.cnpapers.net
cnfsp.cnpapers.net 389
Looking for DNS entry SRV _gc._tcp.cnpapers.net cnfsp.cnpapers.net 3268
as _gc._tcp.cnpapers.net.
Checking 0 100 3268 cnfsp.cnpapers.net. against SRV
_gc._tcp.cnpapers.net cnfsp.cnpapers.net 3268
Looking for DNS entry SRV
_gc._tcp.default-first-site-name._sites.cnpapers.net cnfsp.cnpapers.net
3268 as _gc._tcp.default-first-site-name._sites.cnpapers.net.
Checking 0 100 3268 cnfsp.cnpapers.net. against SRV
_gc._tcp.default-first-site-name._sites.cnpapers.net cnfsp.cnpapers.net 3268
No DNS updates needed
I see a lot of "Looking" and "Checking" but see no returned information.
A lot of these commands are new to me, so I'm not sure what
samba_dnsupdate is supposed to provide.
>
>
> Best regards,
> Marcel
Thanks Marcel
steve
More information about the samba
mailing list