[Samba] DNS problems

Rowland Penny rowlandpenny at googlemail.com
Fri May 30 06:53:09 MDT 2014


On 30/05/14 13:46, Steve Campbell wrote:
>
> On 5/30/2014 8:38 AM, Steve Campbell wrote:
>>
>> On 5/30/2014 8:36 AM, Steve Campbell wrote:
>>>
>>> On 5/30/2014 8:34 AM, Steve Campbell wrote:
>>>>
>>>> On 5/30/2014 7:54 AM, steve wrote:
>>>>> On Fri, 2014-05-30 at 07:40 -0400, Steve Campbell wrote:
>>>>>
>>>>>> This in-between DNS server is set up as the server we forward to 
>>>>>> on the
>>>>>> Samba server. Our resolv.conf file has the following:
>>>>>>
>>>>>> search cnpapers.net
>>>>>> nameserver 192.9.200.71
>>>>>> nameserver 192.9.200.53
>>>>>>
>>>>>> 192.9.200.71 is the Samba server
>>>>>> 192.9.200.53 is the in-between DNS server
>>>>>>
>>>>>> The in-between server forwards to our public DNS server where
>>>>>> cnpapers.net lives.
>>>>> Hi
>>>>> Thinking out loud (bad on Fridays), the internal dns can't resolve
>>>>> anything apart from its own domain so I think the config should be:
>>>>> remove the ns:
>>>>> nameserver 192.9.200.53
>>>>> and let the internal server forward when it gets a request from 
>>>>> outside:
>>>>> dns forwarder = 192.9.200.53
>>>>> It then doesn't matter what the 'in-between server' does with it.
>>>>>
>>>>>
>>>> Steve,
>>>>
>>>> Just to be clear, are you saying resolv.conf should be:
>>>>
>>>> search cnpapers.net
>>>> nameserver 192.9.200.71
>>>> dns forwarder = 192.9.200.53
>>>>
>>>>
>>>> steve
>>> Too quick on the send:
>>>
>>> Just to be clear, are you saying resolv.conf should be:
>>>
>>> search cnpapers.net
>>> nameserver 192.9.200.71
>>> dns forwarder = 192.9.200.53
>>>
>>> or just rely on the smb.conf to have
>>>
>>> dns forwarder = 192.9.200.53
>>>
>>> steve
>>>
>> And addressed to Rowland not Steve
> And addressed to Rowland AND Steve
>
> Let me clarify.
>
> cnpapers.net is our zone for our servers. We have many servers in this 
> zone, including this samba DC. The entire zone lives on our public  
> DNS server(s) which serves the world asking about cnpapers.net.
>
> We created this samba server within the zone cnpapers.net, so the 
> internal samba server must think it has some rights to resolve at 
> least part of the cnpapers.net zone. I'm hoping I haven't underthought 
> this and hope if a request is made about one of the other servers in 
> cnpapers.net, it will forward on to 192.9.200.53. It appears that it 
> doesn't forward on the request.
>
> I'll make the change and see what happens.
>
> Thanks all (easier than trying to keep track of who is responding)
>
> steve
Oh Dear, I take it you missed this:

If your website is example.com, the domain of your AD should be a 
subdomain of it, like samdom.example.com (or ad.example.com, 
corp.example.com). Avoid using example.com internally.

From:

https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

Now I am not a DNS expert, but I think that your domain should be a 
totally separate entity from your main domain otherwise you could have 
problems.

Rowland



More information about the samba mailing list