[Samba] How to Properly Configure Samba's Internal DNS

Rowland penny rpenny at samba.org
Sat Jan 30 16:09:06 UTC 2021


On 30/01/2021 16:03, Marco Shmerykowsky via samba wrote:
>
> On 2021-01-30 10:59 am, Rowland penny via samba wrote:
>> On 30/01/2021 15:52, Marco Shmerykowsky via samba wrote:
>>>
>>> On 2021-01-30 10:35 am, Rowland penny via samba wrote:
>>>> On 30/01/2021 15:19, Marco Shmerykowsky via samba wrote:
>>>>> On 2021-01-30 9:31 am, Rowland penny via samba wrote:
>>>>>> On 30/01/2021 13:48, Marco Shmerykowsky via samba wrote:
>>>>>>> I have what though was a working Samba4 AD setup.
>>>>>>> However, in trying to troubleshoot a user's issues while
>>>>>>> connecting via a VPN, I begun to question if DNS
>>>>>>> is properly setup up.
>>>>>>>
>>>>>>> Each linux server has the following entries in
>>>>>>> resolv.conf:
>>>>>>
>>>>>>
>>>>>> What do mean by 'linux server' ? are you referring to a Unix domain
>>>>>> member or a Samba AD DC ?
>>>>>
>>>>> Two Samba AD DC's
>>>>> Two Samba Domain Member Servers
>>>>>
>>>>>>
>>>>>>>
>>>>>>> search ad-domain.company.com
>>>>>>> nameserver ip-of-FSMO-server
>>>>>>
>>>>>> I would list all Samba AD DC's on the Unix domain members and set 
>>>>>> each
>>>>>> DC to use itself.
>>>>>
>>>>> I'll make the change and see what results
>>>>>
>>>>>>>
>>>>>>> Each linux server has a hosts file with an entry:
>>>>>>>
>>>>>>> unique-ip-address  machine#.ad-doamin.company.com machine#
>>>>>>>
>>>>>>> However, if I do nnslookup -> set type=SRV -> 
>>>>>>> _ldap._tcp.ad-domain.company.com.
>>>>>>>
>>>>>>> instead of getting the results shown here:
>>>>>>>
>>>>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Resolving_SRV_Records 
>>>>>>> I get:
>>>>>>>
>>>>>>> Server:         ip-of-FSMO-server
>>>>>>> Address:        ip-of-FSMO-server#53
>>>>>>>
>>>>>>> _ldap._tcp.ad-domain.company.com       service = 0 100 389 
>>>>>>> machine1.ad-domain.company.com.
>>>>>>> _ldap._tcp.ad-domain.company.com       service = 0 100 389 
>>>>>>> machine1.ad-domain.company.com.
>>>>>>
>>>>>>
>>>>>> I get something similar, only my difference is that mine lists 
>>>>>> both of
>>>>>> my DC's, yours should list all your DC's
>>>>>>
>>>>>>>
>>>>>>> Further, if I try pinging hostnames on the FSMO-server, I only 
>>>>>>> get positive
>>>>>>> results on 3 of 4 of my servers:
>>>>>>>
>>>>>>> ping ad-domain.company.com -> success
>>>>>>>
>>>>>>> ping machine1.ad-domain.company.com -> success
>>>>>>> ping machine2.ad-domain.company.com -> success
>>>>>>> ping machine3.ad-domain.company.com -> success
>>>>>>> ping machine4 -> fails with unknown host
>>>>>>
>>>>>>
>>>>>> They should all work, you seem to have dns problems.
>>>>>
>>>>> Agreed.  I never noticed it because GPO's and Drive Shares have
>>>>> been working well for two years. I just noticed something was
>>>>> amiss when we deployed a VPN.
>>>>>
>>>>> DNS is being provided by Samba.  How should I trouble shoot this?
>>>>>
>>>>>>
>>>>>> Rowland
>>>>>
>>>> are you using Bind9 ?
>>>>
>>>> if so, it could be the dns.keytab problem (it isn't created in the
>>>> bind-dns dir when you join a DC)
>>>
>>> No. SAMBA_INTERNAL
>>>
>> Pity, it easy to fix bind9 😂
>
> Should I switch?


Entirely up to you, do you need Bind9 ?


>
>> You will just have to double check everything 🙁
>
> Other than hostname, hosts and resolv.conf, what should I check?
>
The actual records in AD, are they all there for each DC ?

Does a forward & reverse record exist for all computers in AD ?

Is replication working correctly ?

Rowland





More information about the samba mailing list