[Samba] Samba DNS fails when queried with nslookup commands
L.P.H. van Belle
belle at bazuin.nl
Thu Aug 13 13:57:49 UTC 2020
Hai James,
Thanks, thats exactly what we needed.
I'll comment below.
> -----Oorspronkelijk bericht-----
> Van: James Atwell [mailto:james.atwell365 at gmail.com]
> Verzonden: donderdag 13 augustus 2020 14:46
> Aan: samba at lists.samba.org
> CC: L.P.H. van Belle
> Onderwerp: Re: [Samba] Samba DNS fails when queried with
> nslookup commands
>
> Hi Louis and Rowland,
>
> Thanks for the help. Below is the information
> requested before I change anything.
>
> nameserver 172.16.23.30
> nameserver 172.16.23.28
> nameserver 127.0.0.53 < or on top or remove..
Now its never used. Best. Remove it.
And if its used, then its because the 2 above are failing
and 127.0.0.53 most probely will query them or root servers on the internet.
Resulting in both will fail..
> search domain.local (I know)
At least you know ;-)
>
>
> @soldc4:~$ cat /etc/hosts
> 127.0.0.1 localhost
> #127.0.1.1 soldc4 # you can remove this line.
> 172.16.23.30 soldc4.domain.local soldc4
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 ip6-localhost ip6-loopback # re-add localhost i front.
::1 localhost ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
Because some internal service do run in ::1
this is fine.
This..
> #127.0.1.1 soldc4 # you can remove this line.
Verify the DNS A and PTR for the servername.
If this was there at startup, then this might be the source of your problems.
>
>
> @soldc4:~$ cat /etc/network/interfaces
> # ifupdown has been replaced by netplan(5) on this system. See
> # /etc/netplan for current configuration.
> # To re-enable ifupdown on this system, you can run:
> # sudo apt install ifupdown
>
>
> @soldc4:~$ cat /etc/netplan/50-cloud-init.yaml
> # This file is generated from information provided by
> # the datasource. Changes to it will not persist across an instance.
> # To disable cloud-init's network configuration capabilities,
> write a file
> # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with
> the following:
> # network: {config: disabled}
> network:
> ethernets:
> enp0s3:
> addresses: [172.16.23.30/24]
> gateway4: 172.16.23.201
> dhcp4: no
> nameservers:
> addresses: [172.16.23.30,172.16.23.28]
> search: [domain.local]
>
> version: 2
>
Great that looks fine.
Not using : /etc/netplan/01-netcfg.yaml ?
That ok if not..
>
> @soldc4:~$ ls -la /etc/systemd/network/
> total 8
> drwxr-xr-x 2 root root 4096 Apr 20 2018 .
> drwxr-xr-x 5 root root 4096 Jun 29 09:54 ..
>
>
> @soldc4:~$ cat /etc/systemd/resolved.conf
> # This file is part of systemd.
> #
> # systemd is free software; you can redistribute it and/or modify it
> # under the terms of the GNU Lesser General Public License
> as published by
> # the Free Software Foundation; either version 2.1 of the License, or
> # (at your option) any later version.
> #
> # Entries in this file show the compile time defaults.
> # You can change settings by editing this file.
> # Defaults can be restored by simply deleting this file.
> #
> # See resolved.conf(5) for details
>
> [Resolve]
> #DNS=
> #FallbackDNS=
> #Domains=
> #LLMNR=no
> #MulticastDNS=no
> #DNSSEC=no
> #Cache=yes
> #DNSStubListener=yes
>
>
> 1 at soldc4:~$ cat /usr/local/samba/etc/smb.conf
> # Global parameters
> [global]
> netbios name = SOLDC4
> realm = DOMAIN.LOCAL
> server role = active directory domain controller
> workgroup = DOMAIN
> dns forwarder = 75.75.75.75 208.67.222.222
> idmap_ldb:use rfc2307 = Yes
>
> log file = /usr/local/samba/var/log.samba
> log level = 1 auth_audit:3 auth_json_audit:3
> debug timestamp = Yes
> debug uid = Yes
> debug pid = Yes
>
> ldap server require strong auth = no
>
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
> read only = No
>
>
> Thanks again for any help.
Remove the DNS forwarders in smb.conf
Reboot
Test again.
Then if it now works. Re-add the dns forwarders.
Beside the few points your config look fine.
Im guessing the hostname was set to 127.0.1.1 when you started the ad-dc for the first time.
Greetz,
Louis
>
> On 8/13/2020 3:19 AM, L.P.H. van Belle via samba wrote:
> > Hai,
> >
> > Only the forwarder is running in this systemd setup.
> > This : 127.0.0.53:53 does NOT conflict with normaly
> resolv.conf setting
> > Because samba or any dns server does not run on 127.0.0.53
> > Dont make the mistake to see this for : 127.0.0.1
> >
> > Please show :
> > /etc/hosts
> > /etc/resolv.conf
> >
> > Depending on which one your using:
> >
> > /etc/network/interfaces and/or
> >
> >
> > /etc/netplan/01-netcfg.yaml
> > /etc/systemd/network/.. Output of all files in this folder.
> > /etc/systemd/resolved.conf
> >
> > On one (or more) of these files is a misconfiguration.
> >
> > Greetz,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> Rowland penny via samba
> >> Verzonden: donderdag 13 augustus 2020 8:19
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Samba DNS fails when queried with
> >> nslookup commands
> >>
> >> On 12/08/2020 21:49, James Atwell via samba wrote:
> >>> Hello,
> >>>
> >>> Having issues with a DC not responding to DNS
> requests. OS is
> >>> Ubuntu 18.04.4 LTS. Samba version 4.12.2 compiled from source.
> >>> Checking to see what is listening on port 53 reports;
> >>>
> >>> @soldc4:~# netstat -tulpn | grep ":53"
> >>> tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
> >>> 2935/systemd-resolv
> >>> tcp6 0 0 :::53 :::* LISTEN
> >> 2694/samba:
> >>> task[dn
> >>> udp 0 0 127.0.0.53:53 0.0.0.0:*
> >>
> >>> 2935/systemd-resolv
> >>> udp6 0 0 :::53 :::* 2694/samba: task[dn
> >>>
> >>>
> >>> How do I disable systemd-resolve and ensure only samba is
> >> listening on
> >>> port 53 for DNS requests? You can see below nslookup
> succeeds when
> >>> querying another server in the network but fails on this one.
> >>>
> >>> root at soldc4:~# nslookup google.com soldc1
> >>> Server: soldc1
> >>> Address: 172.16.23.28#53
> >>>
> >>> Non-authoritative answer:
> >>> Name: google.com
> >>> Address: 172.217.7.238
> >>> Name: google.com
> >>> Address: 2607:f8b0:4004:806::200e
> >>>
> >>> root at soldc4:~# nslookup google.com soldc4
> >>> ;; connection timed out; no servers could be reached
> >>>
> >> Last time I set up a DC on 18.04 I did this:
> >>
> >> sudo systemctl stop systemd-resolved
> >> sudo systemctl disable systemd-resolved.service
> >>
> >> Rowland
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >>
> >>
> >
>
>
More information about the samba
mailing list