[Samba] Recommended DNS configuration on Domain Controllers causes share by IP name to fail

Izan Díez Sánchez ids at empre.es
Wed Nov 30 12:17:18 UTC 2016 

Hi,

Following DNS configuration of multiple DCs recommended on the wiki
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Di
rectory#DNS_Configuration_on_Domain_Controllers , clients are unable to open
windows shares based on the server IP, for example \\133.1.1.24 . However
they work fine opening either the netbios name or the DNS name, for example
\\FILESERVER1 or \\FILESERVER1.domain.local 

Here it is what the article says:

------------------------------------------------------------------
DNS Configuration on Domain Controllers

The DNS configuration on domain controllers (DC) is important, because if it
is unable to locate other DCs the replication will fail. The following is a
best practice for DNS configuration on domain controllers (DC):
Set the local IP of a DC as secondary or tertiary nameserver entry in its
/etc/resolv.conf file and use a different Active Directory (AD) DNS server
IP from the forest as primary name server. For example:
On the new joined DC, use the 10.99.0.1 IP of the existing DC as primary and
the local 10.99.0.2 IP as secondary nameserver entry:
nameserver 10.99.0.1
nameserver 10.99.0.2       # IP of the new joined DC as secondary entry
search samdom.example.com
If you are running more than two DCs, you can configure the IPs in crosswise
direction.
------------------------------------------------------------------

This only occurs with Windows File Servers and never with other Samba
members of the AD. If tried to access via the graphical interface the
explorer just takes forever and hangs. The following error is thrown in the
command line:

C:\Users\ids>net view \\133.1.1.24
System error 53.

The network path was not found.


Changing the configuration of /etc/resolv.conf to the following:

nameserver 10.99.0.2 	# IP of the new joined DC as secondary entry
nameserver 10.99.0.1       
search samdom.example.com

That is, always the first name server as itself in every DC of the domain.
Makes the shares referred as the IP to work as expected. I tested in a pure
Windows AD and this is the normal behavior.

It seems that is some kind of dns query loop trying to do the reverse name
resolution, but I wasn’t able to debug further.

Has anyone experienced something similar? 

Izan Díez Sánchez 
ids at empre.es
Empresarios Agrupados 
+34 91 309 80 00 (ext: 8813) 
Magallanes 3
28015 Madrid 
www.empresariosagrupados.es




This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message by mistake, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. Visit our Web page:(http://www.empre.es)

Este mensaje puede contener información confidencial o privilegiada. Si Vd. no es el destinatario ni está autorizado por el mismo para recibir este mensaje, Vd. no debe usar, copiar, revelar ni tomar ninguna medida basada en este mensaje o en la información que contiene. Si Vd. ha recibido este mensaje por error, notifíquelo de forma inmediata al remitente por correo electrónico y borre el mensaje. Gracias por su cooperación.Visite nuestra página web:(http://www.empre.es)

Please, Do not print this message unless it is necessary.Our environment is in our hands. Antes de imprimir este mensaje, asegúrese de que es necesario. El medio ambiente está en nuestra mano.

More information about the samba mailing list