[Samba] Samba DNS fails when queried with nslookup commands

L.P.H. van Belle belle at bazuin.nl
Thu Aug 13 13:57:49 UTC 2020 

Hai James, 

Thanks, thats exactly what we needed. 
I'll comment below. 


> -----Oorspronkelijk bericht-----
> Van: James Atwell [mailto:james.atwell365 at gmail.com] 
> Verzonden: donderdag 13 augustus 2020 14:46
> Aan: samba at lists.samba.org
> CC: L.P.H. van Belle
> Onderwerp: Re: [Samba] Samba DNS fails when queried with 
> nslookup commands
> 
> Hi Louis and Rowland,
> 
>         Thanks for the help. Below is the information 
> requested before I change anything.
> 


> nameserver 172.16.23.30	
> nameserver 172.16.23.28	
> nameserver 127.0.0.53		< or on top or remove.. 
Now its never used. Best. Remove it. 

  And if its used, then its because the 2 above are failing 
  and 127.0.0.53 most probely will query them or root servers on the internet. 
  Resulting in both will fail.. 

> search domain.local  (I know)
At least you know ;-) 


> 
> 
> @soldc4:~$ cat /etc/hosts
> 127.0.0.1 localhost
> #127.0.1.1 soldc4		# you can remove this line. 
> 172.16.23.30    soldc4.domain.local       soldc4
> 
> # The following lines are desirable for IPv6 capable hosts
> ::1     ip6-localhost ip6-loopback  # re-add localhost i front.  
  ::1     localhost ip6-localhost ip6-loopback 
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters

Because some internal service do run in ::1 
this is fine. 

This.. 
> #127.0.1.1 soldc4		# you can remove this line.  
Verify the DNS A and PTR for the servername. 
If this was there at startup, then this might be the source of your problems. 



> 
> 
> @soldc4:~$ cat /etc/network/interfaces
> # ifupdown has been replaced by netplan(5) on this system.  See
> # /etc/netplan for current configuration.
> # To re-enable ifupdown on this system, you can run:
> #    sudo apt install ifupdown
> 
> 
> @soldc4:~$ cat /etc/netplan/50-cloud-init.yaml
> # This file is generated from information provided by
> # the datasource.  Changes to it will not persist across an instance.
> # To disable cloud-init's network configuration capabilities, 
> write a file
> # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with 
> the following:
> # network: {config: disabled}
> network:
>      ethernets:
>          enp0s3:
>              addresses: [172.16.23.30/24]
>              gateway4: 172.16.23.201
>              dhcp4: no
>              nameservers:
>                      addresses: [172.16.23.30,172.16.23.28]
>                      search: [domain.local]
> 
>      version: 2
> 
Great that looks fine. 
Not using : /etc/netplan/01-netcfg.yaml ? 
That ok if not.. 

> 
> @soldc4:~$ ls -la /etc/systemd/network/
> total 8
> drwxr-xr-x 2 root root 4096 Apr 20  2018 .
> drwxr-xr-x 5 root root 4096 Jun 29 09:54 ..
> 
> 
> @soldc4:~$ cat /etc/systemd/resolved.conf
> #  This file is part of systemd.
> #
> #  systemd is free software; you can redistribute it and/or modify it
> #  under the terms of the GNU Lesser General Public License 
> as published by
> #  the Free Software Foundation; either version 2.1 of the License, or
> #  (at your option) any later version.
> #
> # Entries in this file show the compile time defaults.
> # You can change settings by editing this file.
> # Defaults can be restored by simply deleting this file.
> #
> # See resolved.conf(5) for details
> 
> [Resolve]
> #DNS=
> #FallbackDNS=
> #Domains=
> #LLMNR=no
> #MulticastDNS=no
> #DNSSEC=no
> #Cache=yes
> #DNSStubListener=yes
> 
> 
> 1 at soldc4:~$ cat /usr/local/samba/etc/smb.conf
> # Global parameters
> [global]
>          netbios name = SOLDC4
>          realm = DOMAIN.LOCAL
>          server role = active directory domain controller
>          workgroup = DOMAIN
>          dns forwarder = 75.75.75.75 208.67.222.222
>          idmap_ldb:use rfc2307 = Yes
> 
>          log file = /usr/local/samba/var/log.samba
>          log level = 1 auth_audit:3 auth_json_audit:3
>          debug timestamp = Yes
>          debug uid = Yes
>          debug pid = Yes
> 
>          ldap server require strong auth = no
> 
> 
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
> 
> [netlogon]
>          path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
>          read only = No
> 
> 
> Thanks again for any help.

Remove the DNS forwarders in smb.conf 
Reboot
Test again. 
Then if it now works. Re-add the dns forwarders. 


Beside the few points your config look fine. 
Im guessing the hostname was set to 127.0.1.1 when you started the ad-dc for the first time. 

Greetz, 

Louis



> 
> On 8/13/2020 3:19 AM, L.P.H. van Belle via samba wrote:
> > Hai,
> >
> > Only the forwarder is running in this systemd setup.
> > This :  127.0.0.53:53 does NOT conflict with normaly 
> resolv.conf setting
> > Because samba or any dns server does not run on 127.0.0.53
> > Dont make the mistake to see this for : 127.0.0.1
> >
> > Please show :
> > /etc/hosts
> > /etc/resolv.conf
> >
> > Depending on which one your using:
> >
> > /etc/network/interfaces and/or
> >
> >
> > /etc/netplan/01-netcfg.yaml
> > /etc/systemd/network/..  Output of all files in this folder.
> > /etc/systemd/resolved.conf
> >
> > On one (or more)  of these files is a misconfiguration.
> >
> > Greetz,
> >
> > Louis
> >   
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> Rowland penny via samba
> >> Verzonden: donderdag 13 augustus 2020 8:19
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Samba DNS fails when queried with
> >> nslookup commands
> >>
> >> On 12/08/2020 21:49, James Atwell via samba wrote:
> >>> Hello,
> >>>
> >>>       Having issues with a DC not responding to DNS 
> requests. OS is
> >>> Ubuntu 18.04.4 LTS. Samba version 4.12.2 compiled from source.
> >>> Checking to see what is listening on port 53 reports;
> >>>
> >>> @soldc4:~# netstat -tulpn | grep ":53"
> >>> tcp        0      0 127.0.0.53:53 0.0.0.0:* LISTEN
> >>> 2935/systemd-resolv
> >>> tcp6       0      0 :::53 :::*                    LISTEN
> >> 2694/samba:
> >>> task[dn
> >>> udp        0      0 127.0.0.53:53 0.0.0.0:*
> >>            
> >>> 2935/systemd-resolv
> >>> udp6       0      0 :::53 :::* 2694/samba: task[dn
> >>>
> >>>
> >>> How do I disable systemd-resolve and ensure only samba is
> >> listening on
> >>> port 53 for DNS requests?  You can see below nslookup 
> succeeds when
> >>> querying another server in the network but fails on this one.
> >>>
> >>> root at soldc4:~# nslookup google.com soldc1
> >>> Server:         soldc1
> >>> Address:        172.16.23.28#53
> >>>
> >>> Non-authoritative answer:
> >>> Name:   google.com
> >>> Address: 172.217.7.238
> >>> Name:   google.com
> >>> Address: 2607:f8b0:4004:806::200e
> >>>
> >>> root at soldc4:~# nslookup google.com soldc4
> >>> ;; connection timed out; no servers could be reached
> >>>
> >> Last time I set up a DC on 18.04 I did this:
> >>
> >> sudo systemctl stop systemd-resolved
> >> sudo systemctl disable systemd-resolved.service
> >>
> >> Rowland
> >>
> >>
> >> -- 
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >>
> >
> 
>

More information about the samba mailing list