[Samba] no DNS functionality on second subnet

L.P.H. van Belle belle at bazuin.nl
Fri Aug 30 11:59:30 UTC 2019


Ah, you gave the solution yourselve.. 

> client on "different" subnet:
> 
>    Host Name . . . . . . . . . . . . : pitter35
>    Primary Dns Suffix  . . . . . . . :			<<< your missing .. 
>    DNS Suffix Search List. . . . . . : ier.ux.uis.no

> client on same subnet as DC:
> 
>    Host Name . . . . . . . . . . . . : geoah
>    Primary Dns Suffix  . . . . . . . : ier.ux.uis.no
>    DNS Suffix Search List. . . . . . : ier.ux.uis.no
>                                        ux.uis.no

Add Primary Dns Suffix for the other domain. 
Then try again. 

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: Andreas Habel [mailto:andreas.habel at uis.no] 
> Verzonden: vrijdag 30 augustus 2019 13:51
> Aan: L.P.H. van Belle
> Onderwerp: RE: [Samba] no DNS functionality on second subnet
> 
> > -----Original Message-----
> > From: samba <samba-bounces at lists.samba.org> On Behalf Of 
> L.P.H. van Belle
> > via samba
> > Sent: fredag 30. august 2019 12:20
> > To: samba at lists.samba.org
> > Subject: Re: [Samba] no DNS functionality on second subnet
> > 
> > What for OS is the server and windows clients?
> 
> DC: Ubuntu 18.04 with samba 4.7.6-Ubuntu
> Client: W10 1903
> 
> > 
> > The VPN tunnel, are you lowering MTU sizes?
> > Something like:
> > -A FORWARD -m policy --pol ipsec --dir in -s 192.168.0.0/24 
> -o eth1 -p tcp
> > -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j 
> TCPMSS --set-
> > mss 1360
> 
> There is no VPN tunnel.
> 
> > 
> > On the client PC's, have you checkout the windows firewall 
> and are you
> > allowing the remote subnets.
> 
> The Windows firewall on the client is currently switched off.
> 
> > The samba server on the remote site, check if replicatiosn 
> is correct.
> > Are the "remote" zones in the AD-DC's DNS configured?
> 
> The A records of the clients from the new subnet are in the 
> same zone as the A records of the clients that are in the 
> DC's subnet. A new reverse lookup zone has been created for 
> the reverse records.
> 
>  
> > Try adding
> > option edns0 to resolv.conf
> 
> It's already there.
> 
> > So few things more to checkout.
> > 
> > I also suggest on a pc local and remote.
> > Run: ipconfig /all
> > Checkout the primary dns suffix and search suffixes
> 
> client on "different" subnet:
> 
>    Host Name . . . . . . . . . . . . : pitter35
>    Primary Dns Suffix  . . . . . . . :
>    Node Type . . . . . . . . . . . . : Hybrid
>    IP Routing Enabled. . . . . . . . : No
>    WINS Proxy Enabled. . . . . . . . : No
>    DNS Suffix Search List. . . . . . : ier.ux.uis.no
> 
> client on same subnet as DC:
> 
>    Host Name . . . . . . . . . . . . : geoah
>    Primary Dns Suffix  . . . . . . . : ier.ux.uis.no
>    Node Type . . . . . . . . . . . . : Hybrid
>    IP Routing Enabled. . . . . . . . : No
>    WINS Proxy Enabled. . . . . . . . : No
>    DNS Suffix Search List. . . . . . : ier.ux.uis.no
>                                        ux.uis.no
> 
> 
>  
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Andreas Habel
> > > via samba
> > > Verzonden: vrijdag 30 augustus 2019 11:38
> > > Aan: samba at lists.samba.org
> > > Onderwerp: Re: [Samba] no DNS functionality on second subnet
> > >
> > > > -----Original Message-----
> > > > From: samba <samba-bounces at lists.samba.org> On Behalf Of
> > > Rowland penny via
> > > > samba
> > > > Sent: fredag 30. august 2019 11:17
> > > > To: samba at lists.samba.org
> > > > Subject: Re: [Samba] no DNS functionality on second subnet
> > > >
> > > > On 30/08/2019 09:42, Andreas Habel via samba wrote:
> > > > >
> > > > >> -----Original Message-----
> > > > >> From: samba <samba-bounces at lists.samba.org> On 
> Behalf Of Rowland
> > > > >> penny via samba
> > > > >> Sent: fredag 30. august 2019 09:57
> > > > >> To: samba at lists.samba.org
> > > > >> Subject: Re: [Samba] no DNS functionality on second subnet
> > > > >>
> > > > >> On 30/08/2019 07:00, Andreas Habel via samba wrote:
> > > > >>> -----Original Message-----
> > > > >>> From: samba <samba-bounces at lists.samba.org> On 
> Behalf Of Rowland
> > > > >>> penny via samba
> > > > >>> Sent: torsdag 29. august 2019 16:33
> > > > >>> To: samba at lists.samba.org
> > > > >>> Subject: Re: [Samba] no DNS functionality on second subnet
> > > > >>>
> > > > >>> On 29/08/2019 13:50, Andreas Habel via samba wrote:
> > > > >>>> Hi,  > > we have successfully installed our samba4 AD
> > > domain with
> > > > >>>> AD DC,
> > > > >>> smb > file server and Windows/Linux clients in the same
> > > subnet. > >
> > > > >>> Now we try to add a couple of Windows PCs to the domain
> > > that are >
> > > > >>> located in a different subnet. As soon as the AD DC is
> > > added as the
> > > > >>> > DNS server on the Windows clients it is no longer 
> possible to
> > > > >>> resolve
> > > > >>>> ip addresses. In other words, for those PCs DNS is not
> > > working. > >
> > > > >>> We added - the new clients to our DNS using samba-tool
> > > dns add > - a
> > > > >>> new reverse lookup zone for the new subnet and 
> filled it > using
> > > > >>> samba-tool dns add - a new subnet in RSAT Active >
> > > Directory Sites
> > > > >>> and Services > > Routing seems to be OK - we can run
> > > telnet <IP of
> > > > >>> AD DC>
> > > > >>> 53 from one > of the "new" Windows clients and a
> > > connection will be
> > > > >>> established. > However, analyses from wireshark/tshark
> > > show that on
> > > > >>> DNS requests > there is never an answer from our AD DC.
> > > > > It seems
> > > > >>> that we are missing something here - any help would be
> > > > appreciated.
> > > > >>>>> Andreas [[AH:]]
> > > > >>> Does 'telnet <DC short hostname> 53' work ?
> > > > >>>
> > > > >>> Rowland
> > > > >>>
> > > > >>> No, neither short name or FQDN work:
> > > > >>>
> > > > >>> C:\Users\Administrator>telnet smbdc 53 Connecting To
> > > smbdc...Could
> > > > >>> not open connection to the host, on port 53: Connect failed
> > > > >>>
> > > > >>> C:\Users\Administrator>telnet smbdc.ier.ux.uis.no 53
> > > Connecting To
> > > > >>> smbdc.ier.ux.uis.no...Could not open connection to the
> > > host, on port
> > > > >>> 53: Connect failed
> > > > >>>
> > > > >>>
> > > > >>> Andreas
> > > > >> Then you have DNS problems, is a firewall running
> > > blocking port 53 ?
> > > > >>
> > > > >> Do dns lookup commands on the client work ?
> > > > >>
> > > > > No, all kind of lookups (to the DC, intern or external
> > > hosts) fail with
> > > > a timeout. This applies to clients on the "new" subnet.
> > > Lookups work on
> > > > clients that are on the same subnet as the DC.
> > > > >
> > > > > Andreas
> > > > >
> > > > This sounds more and more like a dns problem, are the
> > > clients set to use
> > > > the DC as their nameserver ?
> > >
> > > Yes
> > >
> > > > Until you get basic dns commands working, AD will not work.
> > > >
> > > > Are you using a router ?
> > > >
> > >
> > > Yes -- all ip traffic to and from the DC is allowed.
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > >
> > 
> > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list