[Samba] DNS Suddenly breaking
Garland McAlexander
garland at linear.nyc
Thu Jun 30 19:00:07 UTC 2016
bus-ny-dc-01 ~]# dig google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 779
;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 0 msec
;; SERVER: 192.168.1.236#53(192.168.1.236)
;; WHEN: Thu Jun 30 14:51:57 EDT 2016
;; MSG SIZE rcvd: 39
----------------
bus-ny-dc-01 ~]# dig @8.8.8.8 google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> @8.8.8.8 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16101
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 39 IN A 172.217.0.46
;; Query time: 19 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Jun 30 14:53:27 EDT 2016
;; MSG SIZE rcvd: 55
---------
bus-ny-dc-02 ~]# dig google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.3 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39987
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 30 IN A 172.217.0.46
;; Query time: 4 msec
;; SERVER: 192.168.1.235#53(192.168.1.235)
;; WHEN: Thu Jun 30 14:55:20 EDT 2016
;; MSG SIZE rcvd: 55
----------
It looks like it's failing at the first dig, but my resolv looks good...
On Thu, Jun 30, 2016 at 10:11 AM, mathias dufresne <infractory at gmail.com>
wrote:
> from both DC:
> dig google.com
> dig @8.8.8.8 google.com
>
> First dig will use resolvers declared into /etc/resolv.conf.
> Second dig forces usage of 8.8.8.8.
>
> Both commands should reply the same things, on all DC.
>
> 2016-06-30 15:58 GMT+02:00 lingpanda101 at gmail.com <lingpanda101 at gmail.com
> >:
>
> > On 6/30/2016 9:57 AM, Garland McAlexander wrote:
> >
> >> nslookup google.com <http://google.com>
> >> ;; Got recursion not available from 192.168.1.236, trying next server
> >> Server: 192.168.1.235
> >> Address: 192.168.1.235#53
> >>
> >> Non-authoritative answer:
> >> Name: google.com <http://google.com>
> >> Address: 172.217.4.78
> >>
> >>
> >> Interesting little bit about the "Recursion not available"
> >>
> >>
> >> On Thu, Jun 30, 2016 at 9:52 AM, lingpanda101 at gmail.com <mailto:
> >> lingpanda101 at gmail.com> <lingpanda101 at gmail.com <mailto:
> >> lingpanda101 at gmail.com>> wrote:
> >>
> >> On 6/30/2016 9:41 AM, Garland McAlexander wrote:
> >>
> >> Hosts:
> >>
> >> 127.0.0.1 localhost localhost.localdomain localhost4
> >> localhost4.localdomain4
> >> ::1 localhost localhost.localdomain localhost6
> >> localhost6.localdomain6
> >> 192.168.1.235 bus-ny-dc-01.domain.domain.com
> >> <http://bus-ny-dc-01.domain.domain.com>
> >> <http://bus-ny-dc-01.domain.domain.com> bus-ny-dc-01
> >>
> >>
> >> Resolv:
> >>
> >> # Generated by NetworkManager
> >> search domain.domain.com <http://domain.domain.com>
> >> <http://domain.domain.com>
> >> nameserver 192.168.1.236
> >> nameserver 192.168.1.235
> >>
> >> Smb.conf:
> >>
> >> # Global parameters
> >> [global]
> >> workgroup = DOMAIN
> >> realm = DOMAIN.DOMAIN.COM <http://DOMAIN.DOMAIN.COM>
> >> <http://DOMAIN.DOMAIN.COM>
> >> netbios name = BUS-NY-DC-01
> >> server role = active directory domain controller
> >> dns forwarder = 8.8.8.8
> >> printing = bsd
> >> printcap name = /dev/null
> >>
> >> [netlogon]
> >> path = /var/lib/samba/sysvol/domain.domain.com/scripts
> >> <http://domain.domain.com/scripts>
> >> <http://domain.domain.com/scripts>
> >> read only = No
> >>
> >> [sysvol]
> >> path = /var/lib/samba/sysvol
> >> read only = No
> >>
> >>
> >>
> >> On Thu, Jun 30, 2016 at 9:36 AM, lingpanda101 at gmail.com
> >> <mailto:lingpanda101 at gmail.com> <mailto:lingpanda101 at gmail.com
> >> <mailto:lingpanda101 at gmail.com>> <lingpanda101 at gmail.com
> >> <mailto:lingpanda101 at gmail.com> <mailto:lingpanda101 at gmail.com
> >> <mailto:lingpanda101 at gmail.com>>> wrote:
> >>
> >> On 6/30/2016 9:25 AM, Garland McAlexander wrote:
> >>
> >> Yes, it's set up with 8.8.8.8
> >>
> >> I'm able to ping it without issues, jut not able to
> >> resolve
> >> anything
> >> externally.
> >>
> >> On Thu, Jun 30, 2016 at 9:09 AM, mathias dufresne
> >> <infractory at gmail.com <mailto:infractory at gmail.com>
> >> <mailto:infractory at gmail.com <mailto:infractory at gmail.com>>>
> >> wrote:
> >>
> >> To get recursion working with internal DNS you
> >> only need
> >> to set up:
> >> dns forwarder = <IP of your main DNS>
> >>
> >> Is it configured?
> >>
> >> If yes and packets can go from your broken DC to
> "your
> >> main DNS" using TCP
> >> and also UDP, there is an issue.
> >>
> >> 2016-06-30 14:58 GMT+02:00 Garland McAlexander
> >> <garland at linear.nyc>:
> >>
> >> It's samba internal DNS. Only one DNS zone,
> >> and it's
> >> domain.domain.tld.
> >> It'll function perfectly, and then cease to
> >> function
> >> at a random time.
> >>
> >> On Thu, Jun 30, 2016 at 5:31 AM, Mueller
> >> <mueller at tropenklinik.de
> >> <mailto:mueller at tropenklinik.de>
> >> <mailto:mueller at tropenklinik.de
> >> <mailto:mueller at tropenklinik.de>>> wrote:
> >>
> >> What kind of DNS, bind or internal?
> >> With bind an samba 4.3.4 I have an issue
> and I
> >> have to restart bind an
> >> avahi:
> >> s4slave named-sdb[8750]: error (connection
> >> refused) resolving '
> >> thefreelanceforum.com/AAAA/IN
> >> <http://thefreelanceforum.com/AAAA/IN>
> >> <http://thefreelanceforum.com/AAAA/IN>':
> >> 192.12.94.30#53.
> >>
> >> Only a restart of bind resolves this.
> >>
> >>
> >> EDV Daniel Müller
> >>
> >> Leitung EDV
> >> Tropenklinik Paul-Lechler-Krankenhaus
> >> Paul-Lechler-Str. 24
> >> 72076 Tübingen
> >> Tel.: 07071/206-463, Fax: 07071/206-499
> >> Email: mueller at tropenklinik.de
> >> <mailto:mueller at tropenklinik.de>
> >> <mailto:mueller at tropenklinik.de
> >> <mailto:mueller at tropenklinik.de>>
> >> www.tropenklinik.de <http://www.tropenklinik.de>
> >> <http://www.tropenklinik.de>
> >> www.bauen-sie-mit.tropenklinik.de
> >> <http://www.bauen-sie-mit.tropenklinik.de>
> >> <http://www.bauen-sie-mit.tropenklinik.de>
> >>
> >>
> >>
> >>
> >> -----Ursprüngliche Nachricht-----
> >> Von: Garland McAlexander
> >> [mailto:garland at linear.nyc
> >> <mailto:garland at linear.nyc>
> >> <mailto:garland at linear.nyc
> >> <mailto:garland at linear.nyc>>]
> >> Gesendet: Donnerstag, 30. Juni 2016 10:52
> >> An: samba at lists.samba.org
> >> <mailto:samba at lists.samba.org>
> >> <mailto:samba at lists.samba.org
> >>
> >> <mailto:samba at lists.samba.org>>
> >>
> >> Betreff: [Samba] DNS Suddenly breaking
> >>
> >> Hi All,
> >>
> >> I've got a newly created Samba4 domain. I'm
> >> running into a strange
> >>
> >> issue
> >>
> >> where my internal DNS on my first domain
> >> controller is "breaking"
> >>
> >> causing
> >>
> >> it to not resolve any external hosts.
> >> It'll still
> >> resolve internal hosts
> >> without issue. This is only on the first
> >> DC, the
> >> second DC is running
> >> perfectly fine and can access external hosts
> >> without issue.
> >>
> >> There is absolutely NOTHING in the logs
> about
> >> this. I cannot find where
> >> this is going wrong, and sometimes it
> >> seems that
> >> it'll randomly fix
> >>
> >> itself.
> >>
> >> Any help is sincerely appreciated.
> >> --
> >> To unsubscribe from this list go to the
> >> following
> >> URL and read the
> >> instructions:
> >> https://lists.samba.org/mailman/options/samba
> >>
> >>
> >>
> >> --
> >> *Sincerely,*
> >> *Garland McAlexander*
> >> *O: 212-271-0198 <tel:212-271-0198>
> >> <tel:212-271-0198 <tel:212-271-0198>>*
> >> *C: 321-315-9948 <tel:321-315-9948>
> >> <tel:321-315-9948 <tel:321-315-9948>>*
> >> --
> >> To unsubscribe from this list go to the
> >> following URL
> >> and read the
> >> instructions:
> >> https://lists.samba.org/mailman/options/samba
> >>
> >>
> >>
> >>
> >> Can you post your hosts file, resolv.conf and smb.conf
> >> from DC1?
> >>
> >> -- -James
> >>
> >>
> >>
> >> -- To unsubscribe from this list go to the following
> >> URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >>
> >>
> >>
> >> -- /Sincerely,/
> >> /Garland McAlexander/
> >> /O: 212-271-0198 <tel:212-271-0198>/
> >> /C: 321-315-9948 <tel:321-315-9948>/
> >>
> >> Nothing out of the ordinary. Does the issue happen on the server
> >> side or client side? Can you run 'nslookup google.com
> >> <http://google.com>' from the DC? It should look similar to this.
> >>
> >> nslookup google.com <http://google.com>
> >> Server: 192.168.1.236
> >> Address: 192.168.1.236#53
> >>
> >> Non-authoritative answer:
> >> Name: google.com <http://google.com>
> >> Address: 172.217.2.206
> >>
> >> Can you rerun the same if it also happens from the client side?
> >>
> >>
> >>
> >> -- -James
> >>
> >> -- To unsubscribe from this list go to the following URL and
> read
> >> the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >>
> >>
> >>
> >> --
> >> /Sincerely,/
> >> /Garland McAlexander/
> >> /O: 212-271-0198/
> >> /C: 321-315-9948/
> >>
> >> This tells me the issue is on DC2 and not DC1. Can you post the same
> > configs from DC2?
> >
> >
> >
> > --
> > -James
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
*Sincerely,*
*Garland McAlexander*
*O: 212-271-0198*
*C: 321-315-9948*
More information about the samba
mailing list