[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname

Sat Jan 12 09:35:59 UTC 2019

Thank You, Luis, Rowland,

for the initial hints. I checked them all.

As of system, it is Debian Strech, Bind 9.10.3, Samba 4.5.12 (I know it 
is old, but is native for distribution, and should work in such simple 
setup I suppose). I used this howto:

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

As of hosts.conf, there are only localhost and server itself, because 
everything else should be resolved by DNS anyway...

127.0.0.1    localhost.interbronz.local    localhost
10.20.1.1    blacktux.interbronz.local    blacktux

--------

I also checked resolv.conf, there is no typo in search or nameserver.

search interbronz.local
nameserver 10.20.1.1

--------

There is not much in named.conf and surroundings. This is Debian, so the 
config is scattered here and there, but if I put all includes together, 
we get this:

options {
     directory "/var/cache/bind";

     // External DNS forwarder

     forwarders {
          10.10.10.1;
      };

     dnssec-validation auto;

     auth-nxdomain no;    # conform to RFC1035
     listen-on-v6 { any; };
};

// The RFC1918 zones file is modified by commenting out 10. section 
becouse this is our subnet and we don't want it to fall to empty zones

include "/etc/bind/zones.rfc1918";

zone "." {
     type hint;
     file "/etc/bind/db.root";
};

zone "localhost" {
     type master;
     file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
     type master;
     file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
     type master;
     file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
     type master;
     file "/etc/bind/db.255";
};

dlz "AD DNS Zone" {
      database "dlopen 
/usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_10.so";
};

--------------

As of smb.conf, it is also very sparse and mostly auto-created during 
domain provisioning, except the template options

[global]
     netbios name = BLACKTUX
     realm = INTERBRONZ.LOCAL
     server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
winbindd, ntp_signd, kcc, dnsupdate
     workgroup = INTERBRONZ
     server role = active directory domain controller
     idmap_ldb:use rfc2307 = yes

     template shell = /bin/bash
     template homedir = /home/%U

[netlogon]
     path = /var/lib/samba/sysvol/interbronz.local/scripts
     read only = No

[sysvol]
     path = /var/lib/samba/sysvol
     read only = No

-------

Since there is BIND DLZ in use, I assume that it is up to Samba DNS 
module to resolve local domain issues for BIND, thus BIND config is of 
little interest here anyway, it simply gives whatever it takes from 
Samba. Correct?

So, it would seem that if anything unusual, it should take place inside 
Samba DNS records. That is area I have no expertise in. When I do

samba-tool dns query -U administrator 10.20.1.1 interbronz.local @ ALL

I get this:

   Name=, Records=8, Children=0
     SOA: serial=27, refresh=900, retry=600, expire=86400, minttl=3600, 
ns=blacktux.interbronz.local., email=hostmaster.interbronz.local. 
(flags=600000f0, serial=27, ttl=3600)
     NS: blacktux.interbronz.local. (flags=600000f0, serial=1, ttl=900)
     A: 10.10.10.101 (flags=600000f0, serial=1, ttl=900)
     A: 10.20.1.1 (flags=600000f0, serial=3, ttl=900)
     A: 10.20.2.1 (flags=600000f0, serial=9, ttl=900)
     A: 10.20.3.1 (flags=600000f0, serial=10, ttl=900)
     A: 10.20.4.1 (flags=600000f0, serial=11, ttl=900)
     A: 10.30.1.1 (flags=600000f0, serial=23, ttl=900)
   Name=_msdcs, Records=0, Children=0
   Name=_sites, Records=0, Children=1
   Name=_tcp, Records=0, Children=4
   Name=_udp, Records=0, Children=2
   Name=asus, Records=1, Children=0
     A: 10.20.4.69 (flags=f0, serial=27, ttl=900)
   Name=blacktux, Records=6, Children=0
     A: 10.10.10.101 (flags=f0, serial=1, ttl=900)
     A: 10.20.1.1 (flags=f0, serial=2, ttl=900)
     A: 10.30.1.1 (flags=f0, serial=22, ttl=900)
   Name=boss, Records=1, Children=0
     A: 10.20.3.78 (flags=f0, serial=18, ttl=900)
   Name=DomainDnsZones, Records=0, Children=2
   Name=ForestDnsZones, Records=0, Children=2
   Name=intelhd, Records=1, Children=0
     A: 10.20.1.82 (flags=f0, serial=20, ttl=900)
   Name=w7-virt, Records=1, Children=0
     A: 10.10.10.102 (flags=f0, serial=21, ttl=900)

The question is, whether Samba even knows how to, or should it ever, 
resolve FQDNs.

I see there are more NS records for server itself, of whom some belong 
to interfaces no longer active. But still first 2 are valid, and the 
hostnames are resolved anyway, so that doesn't seem like the culprit.

Dňa 11. 1. 2019 o 15:06 Rowland Penny via samba napísal(a):
> On Fri, 11 Jan 2019 14:55:08 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
>>>> Please, does somebody have a clue, what goes wrong here?
>>>>
>>>>
>>>>
>>> Nope, haven't got a clue ;-)
>> Not? Rowland not? really.. ;-)
> Well okay, I could take a guess, but I could be wide of the mark.
>   
>> I'm a gambler so here you go ;-)
>>
>> Hmm, first 3 guesses..
>> Typos in primary DNS/Search domain.  ( /etc/resolv.conf )
>> Typos in /etc/hosts
> My crystal ball is on the fritz ;-)
>   
>> Why.
>> Ping host works	( host file ) ip host.fqdn host
>> Ping host.fqdn does not, (host file or resolv.conf or typo in bind
>> config. ) Search dns.domain.tld domain.tld. <-> mismatch with bind
>> config.
>>
>> Something like this is my guess.
>>
>>> I might have said this before, but I will say it again, why do you
>>> think we can help you, if you do not give us anything but 'it
>>> doesn't work' ?
>>>
>>> What OS ?
>>> What Samba version ?
>>> What Bind version ?
>>> What is in smb.conf ?
>>> What is in your named.conf files ?
>> The configs will tell whats going on.. :-)
> Exactly, we will only be able to try to find the problem with something
> to work with.
>
> Rowland
>
>
>