[Samba] Problems with internal DNS

Thomas Schweikle tschweikle at gmail.com
Tue Oct 22 15:09:29 UTC 2019 

On Mon, Oct 21, 2019 at 5:02 PM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:

>
> apt update
> > Err:1 http://cdn-fastly.deb.debian.org/debian testing InRelease
> >   Could not connect to proxy.ada.de:8080 (10.169.16.3),
> What is set in /etc/apt/apt.conf.d  or better said, is proxy defined.
>
> If nothing is definded, try this :
>
> editor /etc/apt/apt.conf.d/proxy.conf
> Acquire {
>   HTTP::proxy "http://10.169.16.3:8080";
>   HTTPS::proxy "http://10.169.16.3:8080";
> }
>
> And which of these modes is you proxy running:
> NAT intercepted HTTP Socket
> NAT intercepted SSL bumped HTTPS Socket
> HTTP Socket
> SSL bumped HTTP Socket
>
> Im asumming, HTTP Socket, since thats the most used.
> No funny things in the proxy logs or Firewall rules?
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Thomas Schweikle via samba
> > Verzonden: maandag 21 oktober 2019 16:47
> > Aan: Samba
> > Onderwerp: [Samba] Problems with internal DNS
> >
> > Hi!
> >
> > Samba server set up for domain rufus.ada.de a proxy is reachable in
> > proxy.ada.de.
> >
> > resolv.conf is configured to be:
> >
> > domain rufus.ada.de.
> > search rufus.ada.de. miri.ada.de. ada.de.
> > nameserver 127.0.0.1
> >
> > Internal servers are handled (by an external DNS, our
> > internal samba DNS
> > forwards to):
> > # host proxy.ada.de
> > proxy.ada.de has address 10.169.16.3
> >
> > For deb.debian.org:
> > # host deb.debian.org
> > deb.debian.org is an alias for static.debian.org.
> > static.debian.org has address 130.89.148.77
> > static.debian.org has address 128.31.0.62
> > static.debian.org has address 149.20.4.15
> > static.debian.org has IPv6 address 2001:4f8:1:c::15
> > static.debian.org has IPv6 address 2603:400a:ffff:bb8::801f:3e
> > static.debian.org has IPv6 address 2001:67c:2564:a119::77
> > static.debian.org mail is handled by 0 .
> >
> > But now:
> > # LANG=C apt update
> > Err:1 http://cdn-fastly.deb.debian.org/debian testing InRelease
> >   Could not connect to proxy.ada.de:8080 (10.169.16.3),
> > connection timed out
> > Err:2 http://cdn-fastly.deb.debian.org/debian testing-updates
> > InRelease
> >   Unable to connect to proxy.ada.de:8080:
> > Err:3 http://deb.debian.org/debian testing InRelease
> >   Could not connect to proxy.ada.de:8080 (10.169.16.3),
> > connection timed out
> > Err:4 http://deb.debian.org/debian testing-updates InRelease
> >   Unable to connect to proxy.ada.de:8080:
> > Reading package lists... Done
> > Building dependency tree
> > Reading state information... Done
> > All packages are up to date.
> > W: Failed to fetch
> > http://cdn-fastly.deb.debian.org/debian/dists/testing/InReleas
> > e  Could not
> > connect to proxy.ada.de:8080 (10.169.16.3), connection timed out
> > W: Failed to fetch
> > http://deb.debian.org/debian/dists/testing/InRelease
> >  Could not connect to proxy.ada.de:8080 (10.169.16.3),
> > connection timed out
> > W: Failed to fetch
> > http://cdn-fastly.deb.debian.org/debian/dists/testing-updates/
> > InRelease
> >  Unable to connect to proxy.ada.de:8080:
> > W: Failed to fetch
> > http://deb.debian.org/debian/dists/testing-updates/InRelease
> > Unable to
> > connect to proxy.ada.de:8080:
> > W: Some index files failed to download. They have been
> > ignored, or old ones
> > used instead.
> >
> > If I replace /etc/resolv.conf nameserver line
> > "nameserver 127.0.0.1" with "nameserver 172.18.8.1" and stop
> > samba it works.
> >
> > Any idea what is going wrong here? Shouldn't the internal DNS
> > just forward
> > everything it does not know about to the upstream, resolving DNS?
> > --
> > Thomas
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba


A proxy is defined in /etc/environment (global to all):
no_proxy="localhost,127.0.0.1,::1"
ftp_proxy=http://proxy.ada.de:3128
http_proxy=http://proxy.ada.de:3128
https_proxy=http://proxy.ada.de:3128
gopher_proxy=http://proxy.ada.de:3128
rsync_proxy=http://proxy.ada.de:3128
RSYNC_PROXY=proxy.ada.de:3128

and in /etc/apt/apt.conf.d/90proxy:
Acquire::http::Proxy "http://proxy.ada.de:3128/";
Acquire::ftp
{
  Proxy "ftp://proxy.ada.de:3128/";
  ProxyLogin
  {
    "USER $(SITE_USER)@$(SITE)";
    "PASS $(SITE_PASS)";
  }
}

The environment variables seemed not used by apt, apt-get. The defined
proxy in /etc/apt/apt.conf.d/90proxy indeed was used, but did not work.
Changing it to
Acquire::http::Proxy "http://localhost:8081";
Acquire::ftp
{
  Proxy "ftp://localhost:8081/";
  ProxyLogin
  {
    "USER $(SITE_USER)@$(SITE)";
    "PASS $(SITE_PASS)";
  }
}

then logging in with "ssh -R 8081:proxy.ada.de:3128 -l root rufus.ada.de"
made it work. Tus I guess it has something to do with names resolution. But:
# host proxy.ada.de
proxy.ada.de has address 10.169.16.3

is resolveable from rufus. As is:
# host deb.debian.org
deb.debian.org is an alias for static.debian.org.
static.debian.org has address 128.31.0.62
static.debian.org has address 130.89.148.77
static.debian.org has address 149.20.4.15
static.debian.org mail is handled by 0 .

-- 
Thomas

More information about the samba mailing list