[Samba] Internal DNS Forwarder

Henry McLaughlin henry at incred.com.au
Mon Nov 9 19:32:50 UTC 2015

I have setup a Samba PDC using the following guide:

I have opted to use the internal Samba DNS server and have specified a DNS
forwarder of

When I test the DNS functionality according to the guide everything appears

user at myhost:~$ host -t SRV _ldap._tcp.ad.mydomain.com.au.
_ldap._tcp.ad.mydomain.com.au has SRV record 0 100 389
user at myhost:~$ host -t SRV _kerberos._udp.ad.mydomain.com.au.
_kerberos._udp.ad.mydomain.com.au has SRV record 0 100 88
user at myhost:~$ host -t A myhost.ad.mydomain.com.au.
myhost.ad.mydomain.com.au has address

When I verify an external host the DNS appears to fail:

user at myhost:~$ dig www.google.com

; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31751
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

; EDNS: version: 0, flags:; udp: 4096
;www.google.com.            IN  A

;; Query time: 0 msec
;; WHEN: Tue Nov 10 06:12:48 AEDT 2015
;; MSG SIZE  rcvd: 43

How can I verify the samba DNS forwarder is working correctly?

My smb.conf file reads as follows:

# Global parameters
        workgroup = MYDOMAIN
        realm = AD.MYDOMAIN.COM.AU
        netbios name = MYHOST
        server role = active directory domain controller
        dns forwarder =,
        server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, dns, smb
        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver, winreg, srvsvc
        idmap_ldb:use rfc2307 = yes

        path = /var/lib/samba/sysvol/ad.mydomain.com.au/scripts
        read only = No

        path = /var/lib/samba/sysvol
        read only = No

More information about the samba mailing list