[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname

Sun Jan 20 10:51:21 UTC 2019

Rowland, thank You for advice.

I can manage standard A records, but not sure, what to do with the NS. I 
can't figure out, how to delete invalid A subrecord of NS record.

I'm afraid to experiment much. Please, could You point me to some 
working example?

Peter

Dňa 12. 1. 2019 o 15:00 Rowland Penny via samba napísal(a):
> On Sat, 12 Jan 2019 10:35:59 +0100
> Peter Tuharsky via samba <samba at lists.samba.org> wrote:
>
>> Thank You, Luis, Rowland,
>>
>> for the initial hints. I checked them all.
>>
>>
>> As of system, it is Debian Strech, Bind 9.10.3, Samba 4.5.12 (I know
>> it is old, but is native for distribution, and should work in such
>> simple setup I suppose). I used this howto:
>>
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
> The problem with 4.5.12 is that it is, as far as Samba is concerned,
> EOL. it will be even more EOL when 4.10.0 is released at the beginning
> of March. The only Samba supported versions (at the moment) are 4.9.x,
> 4.8.x and 4.7.x. When 4.10.0 is released, 4.7.x will reach EOL.
>
> This is easily fixed on Debian, see here:
>
> http://apt.van-belle.nl/
>
>>
>> As of hosts.conf, there are only localhost and server itself, because
>> everything else should be resolved by DNS anyway...
>>
>> 127.0.0.1    localhost.interbronz.local    localhost
> The above should just be:
>
> 127.0.0.1	localhost
>
> You also shouldn't have used '.local', bit late now, so you should stop
> Avahi from running.
>
>> --------
>>
>> There is not much in named.conf and surroundings. This is Debian, so
>> the config is scattered here and there, but if I put all includes
>> together, we get this:
>>
>> options {
>>       directory "/var/cache/bind";
>>
>>       // External DNS forwarder
>>
>>       forwarders {
>>            10.10.10.1;
>>        };
>>
>>       dnssec-validation auto;
>>
>>       auth-nxdomain no;    # conform to RFC1035
>>       listen-on-v6 { any; };
>> };
>>
> This is my /etc/bind/named.conf.options:
> options {
>      directory "/var/cache/bind";
>      version "0.0.7";
>      notify no;
>      empty-zones-enable no;
>      allow-query { 127.0.0.1; 192.168.0.0/24; };
>      allow-recursion {  192.168.0.0/24; 127.0.0.1/32; };
>      forwarders { 8.8.8.8; 8.8.4.4; };
>      allow-transfer { none; };
>
>      dnssec-validation no;
>      dnssec-enable no;
>      dnssec-lookaside no;
>      listen-on-v6 { none; };
>      listen-on port 53 { 192.168.0.6; 127.0.0.1; };
>
>      tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
> };
>
>> --------------
>>
>> Since there is BIND DLZ in use, I assume that it is up to Samba DNS
>> module to resolve local domain issues for BIND, thus BIND config is
>> of little interest here anyway, it simply gives whatever it takes
>> from Samba. Correct?
> Very Wrong.
>
>> So, it would seem that if anything unusual, it should take place
>> inside Samba DNS records. That is area I have no expertise in. When I
>> do
>>
>> samba-tool dns query -U administrator 10.20.1.1 interbronz.local @ ALL
> The only problem with that is (as far as I am aware), samba-tool goes
> direct to AD bypassing Bind9
>
>> The question is, whether Samba even knows how to, or should it ever,
>> resolve FQDNs.
> It does, or rather, Bind9 with AD does.
>
>> I see there are more NS records for server itself, of whom some
>> belong to interfaces no longer active. But still first 2 are valid,
>> and the hostnames are resolved anyway, so that doesn't seem like the
>> culprit.
> If you have NS records that do not exist, you need to delete them.
>
> Rowland
>   
>