[Samba] Internal DNS Forwarder

Henry McLaughlin henry at incred.com.au
Mon Nov 9 19:32:50 UTC 2015


I have setup a Samba PDC using the following guide:
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller

I have opted to use the internal Samba DNS server and have specified a DNS
forwarder of 8.8.8.8

When I test the DNS functionality according to the guide everything appears
fine:

user at myhost:~$ host -t SRV _ldap._tcp.ad.mydomain.com.au.
_ldap._tcp.ad.mydomain.com.au has SRV record 0 100 389
myhost.ad.mydomain.com.au.
user at myhost:~$ host -t SRV _kerberos._udp.ad.mydomain.com.au.
_kerberos._udp.ad.mydomain.com.au has SRV record 0 100 88
myhost.ad.mydomain.com.au.
user at myhost:~$ host -t A myhost.ad.mydomain.com.au.
myhost.ad.mydomain.com.au has address 192.168.1.13


When I verify an external host the DNS appears to fail:

user at myhost:~$ dig www.google.com

; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31751
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.google.com.            IN  A

;; Query time: 0 msec
;; SERVER: 192.168.1.13#53(192.168.1.13)
;; WHEN: Tue Nov 10 06:12:48 AEDT 2015
;; MSG SIZE  rcvd: 43

How can I verify the samba DNS forwarder is working correctly?

My smb.conf file reads as follows:

# Global parameters
[global]
        workgroup = MYDOMAIN
        realm = AD.MYDOMAIN.COM.AU
        netbios name = MYHOST
        server role = active directory domain controller
        dns forwarder = 8.8.8.8,
        server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, dns, smb
        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver, winreg, srvsvc
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/sysvol/ad.mydomain.com.au/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


More information about the samba mailing list