[Samba] DNS problems
Steve Campbell
campbell at cnpapers.com
Fri May 30 07:13:12 MDT 2014
On 5/30/2014 8:53 AM, Rowland Penny wrote:
> On 30/05/14 13:46, Steve Campbell wrote:
>>
>> On 5/30/2014 8:38 AM, Steve Campbell wrote:
>>>
>>> On 5/30/2014 8:36 AM, Steve Campbell wrote:
>>>>
>>>> On 5/30/2014 8:34 AM, Steve Campbell wrote:
>>>>>
>>>>> On 5/30/2014 7:54 AM, steve wrote:
>>>>>> On Fri, 2014-05-30 at 07:40 -0400, Steve Campbell wrote:
>>>>>>
>>>>>>> This in-between DNS server is set up as the server we forward to
>>>>>>> on the
>>>>>>> Samba server. Our resolv.conf file has the following:
>>>>>>>
>>>>>>> search cnpapers.net
>>>>>>> nameserver 192.9.200.71
>>>>>>> nameserver 192.9.200.53
>>>>>>>
>>>>>>> 192.9.200.71 is the Samba server
>>>>>>> 192.9.200.53 is the in-between DNS server
>>>>>>>
>>>>>>> The in-between server forwards to our public DNS server where
>>>>>>> cnpapers.net lives.
>>>>>> Hi
>>>>>> Thinking out loud (bad on Fridays), the internal dns can't resolve
>>>>>> anything apart from its own domain so I think the config should be:
>>>>>> remove the ns:
>>>>>> nameserver 192.9.200.53
>>>>>> and let the internal server forward when it gets a request from
>>>>>> outside:
>>>>>> dns forwarder = 192.9.200.53
>>>>>> It then doesn't matter what the 'in-between server' does with it.
>>>>>>
>>>>>>
>>>>> Steve,
>>>>>
>>>>> Just to be clear, are you saying resolv.conf should be:
>>>>>
>>>>> search cnpapers.net
>>>>> nameserver 192.9.200.71
>>>>> dns forwarder = 192.9.200.53
>>>>>
>>>>>
>>>>> steve
>>>> Too quick on the send:
>>>>
>>>> Just to be clear, are you saying resolv.conf should be:
>>>>
>>>> search cnpapers.net
>>>> nameserver 192.9.200.71
>>>> dns forwarder = 192.9.200.53
>>>>
>>>> or just rely on the smb.conf to have
>>>>
>>>> dns forwarder = 192.9.200.53
>>>>
>>>> steve
>>>>
>>> And addressed to Rowland not Steve
>> And addressed to Rowland AND Steve
>>
>> Let me clarify.
>>
>> cnpapers.net is our zone for our servers. We have many servers in
>> this zone, including this samba DC. The entire zone lives on our
>> public DNS server(s) which serves the world asking about cnpapers.net.
>>
>> We created this samba server within the zone cnpapers.net, so the
>> internal samba server must think it has some rights to resolve at
>> least part of the cnpapers.net zone. I'm hoping I haven't
>> underthought this and hope if a request is made about one of the
>> other servers in cnpapers.net, it will forward on to 192.9.200.53. It
>> appears that it doesn't forward on the request.
>>
>> I'll make the change and see what happens.
>>
>> Thanks all (easier than trying to keep track of who is responding)
>>
>> steve
> Oh Dear, I take it you missed this:
>
> If your website is example.com, the domain of your AD should be a
> subdomain of it, like samdom.example.com (or ad.example.com,
> corp.example.com). Avoid using example.com internally.
>
> From:
>
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
>
> Now I am not a DNS expert, but I think that your domain should be a
> totally separate entity from your main domain otherwise you could have
> problems.
>
> Rowland
>
So when we provision, we should have used cnfsp.cnpapers.net instead of
cnpapers.net.
We then would use in resolv.con
search cnfsp.cnpapers.net
nameserver 192.9.200.71
Or maybe made up a domain separate from cnpapers.net (for example
cnpapersdc.net)?
It's certainly not working the way it is now. If I remove the
"nameserver 192.9.200.53" from resolv.conf, which is the intermediate
DNS server, I can't find other cnpapers.net servers with nslookup (and
probably dig). If I add that back, other servers resolve.
Sounds like we should re-provision?
steve
More information about the samba
mailing list