[Samba] DNS sometimes give error/timeout or works fine

L.P.H. van Belle belle at bazuin.nl
Tue May 12 12:26:11 UTC 2020 

 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Miguel Angel Coa M. via samba
> Verzonden: dinsdag 12 mei 2020 13:31
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] DNS sometimes give error/timeout or works fine
> 
> Hi,
> i've three samba DC's with BIND9_DLZ backend . The DNS 
> queryes is erratic,
> sometimes from pc lan the DNS resolution work fine and on another
> occasion give timeout or fail
> 
> My DC's are:
> 
> [............]
> [root at sambadc03 ~]# host -t A mydomain.com
> mydomain.com has address 10.13.250.128
> mydomain.com has address 10.13.250.110
> mydomain.com has address 10.13.250.111
> mydomain.com has address 10.13.250.112
> [............]
> 
> Note: The .110 and .111 are the same DC (this server have 2 ip's)

Verify : 
dig -x 10.13.250.110
dig -x 10.13.250.111

dig A hostname1.mydomain.com
dig A hostname2.mydomain.com

> 
> Example:
> 
> Query fail from pc
> 
> [............]
> mcoa at mcoa-new-air:~|???  nslookup mydomain.com 10.13.250.112
> ;; connection timed out; no servers could be reached
> [............]
> 
> From the same pc and the same query .... result is ok
> 
> [............]
> mcoa at mcoa-new-air:~|???  nslookup mydomain.com 10.13.250.112
> Server: 10.13.250.112
> Address: 10.13.250.112#53
> 
> Name: mydomain.com
> Address: 10.13.250.112
> Name: mydomain.com
> Address: 10.13.250.111
> Name: mydomain.com
> Address: 10.13.250.128
> Name: mydomain.com
> Address: 10.13.250.110
> [............]
> 
> If i check inside DC i've similar behavior
> 
> Fail
> 
> [............]
> [root at sambadc02 ~]# dig @10.13.250.112 mydomain.com ns
> ;; connection timed out; no servers could be reached
> [............]
> 

So, you "might" have firwalled the outgoing traffic to allow only from your AD-DC's? 
Or, /etc/resolv.conf contains a wrong first domainname in search or domain line. 

Most probely one of these 2, at least the first i would check. 


> 
> Works fine
> [............]
> [root at sambadc02 ~]# dig @10.13.250.112 mydomain.com ns +short
> sambadc01.mydomain.com.
> sambadc02.mydomain.com.
> sambadc03.mydomain.com.
> [............]
> 
> Inside the DC consulting to 127.0.0.1 the query and resulte is fine
> 
> 
> What could be happening?

> Query fail from pc ... 

CMD : ipconfig /all verify the primary and domain dns suffix. 

> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Greetz, 

Louis

More information about the samba mailing list