[Samba] DNS (bind_dlz) forwarding not working

Elias Pereira empbilly at gmail.com
Wed May 17 14:59:21 UTC 2017 

>
> Is anything else listening on port 53 ?


I don't think so.

# netstat -npl |grep 53
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
     27882/samba
tcp6       0      0 :::53                   :::*                    LISTEN
     27882/samba
udp        0      0 0.0.0.0:53              0.0.0.0:*
    27882/samba
udp6       0      0 :::53                   :::*
     27882/samba

If I use a public DNS, for example, "dns forwarder = 8.8.8.8" necessarily
must work, right?


On Wed, May 17, 2017 at 4:52 AM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Tue, 16 May 2017 19:27:33 -0300
> Elias Pereira via samba <samba at lists.samba.org> wrote:
>
> > >
> > > Sorry, must have missed that.
> >
> >
> > No problem! :D
> >
> >  OK, your dns domain is 'mydomain.edu' and your AD dns domain is
> >
> > 'addc.mydomain.edu', so far so good, but is the AD REALM set to
> > 'ADDC.MYDOMAIN.EDU <http://addc.mydomain.edu/>' ?
> >
> > Yes, my AD REALM is ADDC.MYDOMAIN.EDU
> >
> > Yes, your AD DC should be the authoritative dns server for the AD dns
> > > domain.
> >
> >
> > ok.
> >
> > No, all your AD clients etc should use the DC for their nameserver,
> > > anything it doesn't know about (anything outside the ad dns domain)
> > > it should ask the forwarder for (I think you are trying to do this
> > > the other way around)
> >
> >
> >  ok.
> >
> > Now I migrate to SAMBA_INTERNAL and set on smb.conf,
> >
> > server services = ... dns
> > dns forwarder = xxx.xxx.xxx.10 # DNS server
> > allow dns updates = nonsecure and secure
> >
> > I can not see where I'm going wrong. Our DNS server is authoritative
> > for our internal services, but on the machine I am testing, do not
> > open any of the services. Any other site I can access. This machine
> > is in the domain with the primary dns the IP of the AD.
> >
>
> All I can say is that it should work and swapping the dns server
> shouldn't make any difference.
>
> As long as all your AD clients are in the AD dns and nowhere else, it
> should work.
>
> You can remove the 'server services' line you have added, not having
> one is the same as having one with all the servers listed.
>
> Is anything else listening on port 53 ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Elias Pereira

More information about the samba mailing list