[Samba] no DNS functionality on second subnet
Andreas Habel
andreas.habel at uis.no
Fri Aug 30 09:37:59 UTC 2019
> -----Original Message-----
> From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland penny via
> samba
> Sent: fredag 30. august 2019 11:17
> To: samba at lists.samba.org
> Subject: Re: [Samba] no DNS functionality on second subnet
>
> On 30/08/2019 09:42, Andreas Habel via samba wrote:
> >
> >> -----Original Message-----
> >> From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland
> >> penny via samba
> >> Sent: fredag 30. august 2019 09:57
> >> To: samba at lists.samba.org
> >> Subject: Re: [Samba] no DNS functionality on second subnet
> >>
> >> On 30/08/2019 07:00, Andreas Habel via samba wrote:
> >>> -----Original Message-----
> >>> From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland
> >>> penny via samba
> >>> Sent: torsdag 29. august 2019 16:33
> >>> To: samba at lists.samba.org
> >>> Subject: Re: [Samba] no DNS functionality on second subnet
> >>>
> >>> On 29/08/2019 13:50, Andreas Habel via samba wrote:
> >>>> Hi, > > we have successfully installed our samba4 AD domain with
> >>>> AD DC,
> >>> smb > file server and Windows/Linux clients in the same subnet. > >
> >>> Now we try to add a couple of Windows PCs to the domain that are >
> >>> located in a different subnet. As soon as the AD DC is added as the
> >>> > DNS server on the Windows clients it is no longer possible to
> >>> resolve
> >>>> ip addresses. In other words, for those PCs DNS is not working. > >
> >>> We added - the new clients to our DNS using samba-tool dns add > - a
> >>> new reverse lookup zone for the new subnet and filled it > using
> >>> samba-tool dns add - a new subnet in RSAT Active > Directory Sites
> >>> and Services > > Routing seems to be OK - we can run telnet <IP of
> >>> AD DC>
> >>> 53 from one > of the "new" Windows clients and a connection will be
> >>> established. > However, analyses from wireshark/tshark show that on
> >>> DNS requests > there is never an answer from our AD DC. > > It seems
> >>> that we are missing something here - any help would be > appreciated.
> >>>>> Andreas [[AH:]]
> >>> Does 'telnet <DC short hostname> 53' work ?
> >>>
> >>> Rowland
> >>>
> >>> No, neither short name or FQDN work:
> >>>
> >>> C:\Users\Administrator>telnet smbdc 53 Connecting To smbdc...Could
> >>> not open connection to the host, on port 53: Connect failed
> >>>
> >>> C:\Users\Administrator>telnet smbdc.ier.ux.uis.no 53 Connecting To
> >>> smbdc.ier.ux.uis.no...Could not open connection to the host, on port
> >>> 53: Connect failed
> >>>
> >>>
> >>> Andreas
> >> Then you have DNS problems, is a firewall running blocking port 53 ?
> >>
> >> Do dns lookup commands on the client work ?
> >>
> > No, all kind of lookups (to the DC, intern or external hosts) fail with
> a timeout. This applies to clients on the "new" subnet. Lookups work on
> clients that are on the same subnet as the DC.
> >
> > Andreas
> >
> This sounds more and more like a dns problem, are the clients set to use
> the DC as their nameserver ?
Yes
> Until you get basic dns commands working, AD will not work.
>
> Are you using a router ?
>
Yes -- all ip traffic to and from the DC is allowed.
More information about the samba
mailing list