[Samba] no DNS functionality on second subnet

Rowland penny rpenny at samba.org
Fri Aug 30 09:16:48 UTC 2019 

On 30/08/2019 09:42, Andreas Habel via samba wrote:
>
>> -----Original Message-----
>> From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland penny via
>> samba
>> Sent: fredag 30. august 2019 09:57
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] no DNS functionality on second subnet
>>
>> On 30/08/2019 07:00, Andreas Habel via samba wrote:
>>> -----Original Message-----
>>> From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland penny
>>> via samba
>>> Sent: torsdag 29. august 2019 16:33
>>> To: samba at lists.samba.org
>>> Subject: Re: [Samba] no DNS functionality on second subnet
>>>
>>> On 29/08/2019 13:50, Andreas Habel via samba wrote:
>>>> Hi,  > > we have successfully installed our samba4 AD domain with AD
>>>> DC,
>>> smb > file server and Windows/Linux clients in the same subnet. > >
>>> Now we try to add a couple of Windows PCs to the domain that are >
>>> located in a different subnet. As soon as the AD DC is added as the >
>>> DNS server on the Windows clients it is no longer possible to resolve
>>>> ip addresses. In other words, for those PCs DNS is not working. > >
>>> We added - the new clients to our DNS using samba-tool dns add > - a
>>> new reverse lookup zone for the new subnet and filled it > using
>>> samba-tool dns add - a new subnet in RSAT Active > Directory Sites and
>>> Services > > Routing seems to be OK - we can run telnet <IP of AD DC>
>>> 53 from one > of the "new" Windows clients and a connection will be
>>> established. > However, analyses from wireshark/tshark show that on
>>> DNS requests > there is never an answer from our AD DC. > > It seems
>>> that we are missing something here - any help would be > appreciated.
>>>>> Andreas [[AH:]]
>>> Does 'telnet <DC short hostname> 53' work ?
>>>
>>> Rowland
>>>
>>> No, neither short name or FQDN work:
>>>
>>> C:\Users\Administrator>telnet smbdc 53 Connecting To smbdc...Could not
>>> open connection to the host, on port 53: Connect failed
>>>
>>> C:\Users\Administrator>telnet smbdc.ier.ux.uis.no 53 Connecting To
>>> smbdc.ier.ux.uis.no...Could not open connection to the host, on port
>>> 53: Connect failed
>>>
>>>
>>> Andreas
>> Then you have DNS problems, is a firewall running blocking port 53 ?
>>
>> Do dns lookup commands on the client work ?
>>
> No, all kind of lookups (to the DC, intern or external hosts) fail with a timeout. This applies to clients on the "new" subnet. Lookups work on clients that are on the same subnet as the DC.
>
> Andreas
>
This sounds more and more like a dns problem, are the clients set to use 
the DC as their nameserver ?

Until you get basic dns commands working, AD will not work.

Are you using a router ?

Rowland

More information about the samba mailing list