[Samba] no DNS functionality on second subnet
L.P.H. van Belle
belle at bazuin.nl
Fri Aug 30 11:59:30 UTC 2019
Ah, you gave the solution yourselve..
> client on "different" subnet:
>
> Host Name . . . . . . . . . . . . : pitter35
> Primary Dns Suffix . . . . . . . : <<< your missing ..
> DNS Suffix Search List. . . . . . : ier.ux.uis.no
> client on same subnet as DC:
>
> Host Name . . . . . . . . . . . . : geoah
> Primary Dns Suffix . . . . . . . : ier.ux.uis.no
> DNS Suffix Search List. . . . . . : ier.ux.uis.no
> ux.uis.no
Add Primary Dns Suffix for the other domain.
Then try again.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Andreas Habel [mailto:andreas.habel at uis.no]
> Verzonden: vrijdag 30 augustus 2019 13:51
> Aan: L.P.H. van Belle
> Onderwerp: RE: [Samba] no DNS functionality on second subnet
>
> > -----Original Message-----
> > From: samba <samba-bounces at lists.samba.org> On Behalf Of
> L.P.H. van Belle
> > via samba
> > Sent: fredag 30. august 2019 12:20
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] no DNS functionality on second subnet
> >
> > What for OS is the server and windows clients?
>
> DC: Ubuntu 18.04 with samba 4.7.6-Ubuntu
> Client: W10 1903
>
> >
> > The VPN tunnel, are you lowering MTU sizes?
> > Something like:
> > -A FORWARD -m policy --pol ipsec --dir in -s 192.168.0.0/24
> -o eth1 -p tcp
> > -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j
> TCPMSS --set-
> > mss 1360
>
> There is no VPN tunnel.
>
> >
> > On the client PC's, have you checkout the windows firewall
> and are you
> > allowing the remote subnets.
>
> The Windows firewall on the client is currently switched off.
>
> > The samba server on the remote site, check if replicatiosn
> is correct.
> > Are the "remote" zones in the AD-DC's DNS configured?
>
> The A records of the clients from the new subnet are in the
> same zone as the A records of the clients that are in the
> DC's subnet. A new reverse lookup zone has been created for
> the reverse records.
>
>
> > Try adding
> > option edns0 to resolv.conf
>
> It's already there.
>
> > So few things more to checkout.
> >
> > I also suggest on a pc local and remote.
> > Run: ipconfig /all
> > Checkout the primary dns suffix and search suffixes
>
> client on "different" subnet:
>
> Host Name . . . . . . . . . . . . : pitter35
> Primary Dns Suffix . . . . . . . :
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ier.ux.uis.no
>
> client on same subnet as DC:
>
> Host Name . . . . . . . . . . . . : geoah
> Primary Dns Suffix . . . . . . . : ier.ux.uis.no
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : ier.ux.uis.no
> ux.uis.no
>
>
>
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Andreas Habel
> > > via samba
> > > Verzonden: vrijdag 30 augustus 2019 11:38
> > > Aan: samba at lists.samba.org
> > > Onderwerp: Re: [Samba] no DNS functionality on second subnet
> > >
> > > > -----Original Message-----
> > > > From: samba <samba-bounces at lists.samba.org> On Behalf Of
> > > Rowland penny via
> > > > samba
> > > > Sent: fredag 30. august 2019 11:17
> > > > To: samba at lists.samba.org
> > > > Subject: Re: [Samba] no DNS functionality on second subnet
> > > >
> > > > On 30/08/2019 09:42, Andreas Habel via samba wrote:
> > > > >
> > > > >> -----Original Message-----
> > > > >> From: samba <samba-bounces at lists.samba.org> On
> Behalf Of Rowland
> > > > >> penny via samba
> > > > >> Sent: fredag 30. august 2019 09:57
> > > > >> To: samba at lists.samba.org
> > > > >> Subject: Re: [Samba] no DNS functionality on second subnet
> > > > >>
> > > > >> On 30/08/2019 07:00, Andreas Habel via samba wrote:
> > > > >>> -----Original Message-----
> > > > >>> From: samba <samba-bounces at lists.samba.org> On
> Behalf Of Rowland
> > > > >>> penny via samba
> > > > >>> Sent: torsdag 29. august 2019 16:33
> > > > >>> To: samba at lists.samba.org
> > > > >>> Subject: Re: [Samba] no DNS functionality on second subnet
> > > > >>>
> > > > >>> On 29/08/2019 13:50, Andreas Habel via samba wrote:
> > > > >>>> Hi, > > we have successfully installed our samba4 AD
> > > domain with
> > > > >>>> AD DC,
> > > > >>> smb > file server and Windows/Linux clients in the same
> > > subnet. > >
> > > > >>> Now we try to add a couple of Windows PCs to the domain
> > > that are >
> > > > >>> located in a different subnet. As soon as the AD DC is
> > > added as the
> > > > >>> > DNS server on the Windows clients it is no longer
> possible to
> > > > >>> resolve
> > > > >>>> ip addresses. In other words, for those PCs DNS is not
> > > working. > >
> > > > >>> We added - the new clients to our DNS using samba-tool
> > > dns add > - a
> > > > >>> new reverse lookup zone for the new subnet and
> filled it > using
> > > > >>> samba-tool dns add - a new subnet in RSAT Active >
> > > Directory Sites
> > > > >>> and Services > > Routing seems to be OK - we can run
> > > telnet <IP of
> > > > >>> AD DC>
> > > > >>> 53 from one > of the "new" Windows clients and a
> > > connection will be
> > > > >>> established. > However, analyses from wireshark/tshark
> > > show that on
> > > > >>> DNS requests > there is never an answer from our AD DC.
> > > > > It seems
> > > > >>> that we are missing something here - any help would be
> > > > appreciated.
> > > > >>>>> Andreas [[AH:]]
> > > > >>> Does 'telnet <DC short hostname> 53' work ?
> > > > >>>
> > > > >>> Rowland
> > > > >>>
> > > > >>> No, neither short name or FQDN work:
> > > > >>>
> > > > >>> C:\Users\Administrator>telnet smbdc 53 Connecting To
> > > smbdc...Could
> > > > >>> not open connection to the host, on port 53: Connect failed
> > > > >>>
> > > > >>> C:\Users\Administrator>telnet smbdc.ier.ux.uis.no 53
> > > Connecting To
> > > > >>> smbdc.ier.ux.uis.no...Could not open connection to the
> > > host, on port
> > > > >>> 53: Connect failed
> > > > >>>
> > > > >>>
> > > > >>> Andreas
> > > > >> Then you have DNS problems, is a firewall running
> > > blocking port 53 ?
> > > > >>
> > > > >> Do dns lookup commands on the client work ?
> > > > >>
> > > > > No, all kind of lookups (to the DC, intern or external
> > > hosts) fail with
> > > > a timeout. This applies to clients on the "new" subnet.
> > > Lookups work on
> > > > clients that are on the same subnet as the DC.
> > > > >
> > > > > Andreas
> > > > >
> > > > This sounds more and more like a dns problem, are the
> > > clients set to use
> > > > the DC as their nameserver ?
> > >
> > > Yes
> > >
> > > > Until you get basic dns commands working, AD will not work.
> > > >
> > > > Are you using a router ?
> > > >
> > >
> > > Yes -- all ip traffic to and from the DC is allowed.
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> > >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list