[Samba] Recommended DNS configuration on Domain Controllers causes share by IP name to fail
Rowland Penny
rpenny at samba.org
Wed Nov 30 13:09:45 UTC 2016
On Wed, 30 Nov 2016 13:17:18 +0100
Izan Díez Sánchez via samba <samba at lists.samba.org> wrote:
> Hi,
>
> Following DNS configuration of multiple DCs recommended on the wiki
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Di
> rectory#DNS_Configuration_on_Domain_Controllers , clients are unable
> to open windows shares based on the server IP, for example
> \\133.1.1.24 . However they work fine opening either the netbios name
> or the DNS name, for example \\FILESERVER1 or
> \\FILESERVER1.domain.local
>
> Here it is what the article says:
>
> ------------------------------------------------------------------
> DNS Configuration on Domain Controllers
>
> The DNS configuration on domain controllers (DC) is important,
> because if it is unable to locate other DCs the replication will
> fail. The following is a best practice for DNS configuration on
> domain controllers (DC): Set the local IP of a DC as secondary or
> tertiary nameserver entry in its /etc/resolv.conf file and use a
> different Active Directory (AD) DNS server IP from the forest as
> primary name server. For example: On the new joined DC, use the
> 10.99.0.1 IP of the existing DC as primary and the local 10.99.0.2 IP
> as secondary nameserver entry: nameserver 10.99.0.1
> nameserver 10.99.0.2 # IP of the new joined DC as secondary
> entry search samdom.example.com
> If you are running more than two DCs, you can configure the IPs in
> crosswise direction.
> ------------------------------------------------------------------
>
> This only occurs with Windows File Servers and never with other Samba
> members of the AD. If tried to access via the graphical interface the
> explorer just takes forever and hangs. The following error is thrown
> in the command line:
>
> C:\Users\ids>net view \\133.1.1.24
> System error 53.
>
> The network path was not found.
>
>
> Changing the configuration of /etc/resolv.conf to the following:
>
> nameserver 10.99.0.2 # IP of the new joined DC as secondary
> entry nameserver 10.99.0.1
> search samdom.example.com
>
> That is, always the first name server as itself in every DC of the
> domain. Makes the shares referred as the IP to work as expected. I
> tested in a pure Windows AD and this is the normal behavior.
>
> It seems that is some kind of dns query loop trying to do the reverse
> name resolution, but I wasnt able to debug further.
>
> Has anyone experienced something similar?
I am now beginning to think the wiki is wrong. The new DC needs to
point to an existing DC during the join, this way it will replicate
correctly, but once the replication has occurred, it should point to
its own IP.
The wiki was written the way it is because of concerns over
'islanding', I do not think this is a real concern, because every DC
holds all the domain DNS records and should be able to find any other
machine in the domain.
Rowland
More information about the samba
mailing list