[Samba] Internal DNS Forwarder

Rowland Penny rowlandpenny241155 at gmail.com
Mon Nov 9 19:48:49 UTC 2015 

On 09/11/15 19:32, Henry McLaughlin wrote:
> I have setup a Samba PDC using the following guide:
> https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
>
> I have opted to use the internal Samba DNS server and have specified a DNS
> forwarder of 8.8.8.8
>
> When I test the DNS functionality according to the guide everything appears
> fine:
>
> user at myhost:~$ host -t SRV _ldap._tcp.ad.mydomain.com.au.
> _ldap._tcp.ad.mydomain.com.au has SRV record 0 100 389
> myhost.ad.mydomain.com.au.
> user at myhost:~$ host -t SRV _kerberos._udp.ad.mydomain.com.au.
> _kerberos._udp.ad.mydomain.com.au has SRV record 0 100 88
> myhost.ad.mydomain.com.au.
> user at myhost:~$ host -t A myhost.ad.mydomain.com.au.
> myhost.ad.mydomain.com.au has address 192.168.1.13
>
>
> When I verify an external host the DNS appears to fail:
>
> user at myhost:~$ dig www.google.com
>
> ; <<>> DiG 9.9.5-3ubuntu0.5-Ubuntu <<>> www.google.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31751
> ;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;www.google.com.            IN  A
>
> ;; Query time: 0 msec
> ;; SERVER: 192.168.1.13#53(192.168.1.13)
> ;; WHEN: Tue Nov 10 06:12:48 AEDT 2015
> ;; MSG SIZE  rcvd: 43
>
> How can I verify the samba DNS forwarder is working correctly?
>
> My smb.conf file reads as follows:
>
> # Global parameters
> [global]
>          workgroup = MYDOMAIN
>          realm = AD.MYDOMAIN.COM.AU
>          netbios name = MYHOST
>          server role = active directory domain controller
>          dns forwarder = 8.8.8.8,
>          server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate, dns, smb
>          dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
> backupkey, dnsserver, winreg, srvsvc
>          idmap_ldb:use rfc2307 = yes
>
> [netlogon]
>          path = /var/lib/samba/sysvol/ad.mydomain.com.au/scripts
>          read only = No
>
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No

I noticed you are using Ubuntu, are you by any chance using Network 
Manager, if so have you turned of the dnsmasq cache ?

Rowland

More information about the samba mailing list