[Samba] AD DC generating a lot of dns requests

hummbla hummbla at gmail.com
Tue May 25 20:13:30 UTC 2021 

I have set up an ad dc server on debian (4.19.0-16-amd64 #1 SMP Debian
4.19.181-1 (2021-03-19) x86_64 GNU/Linux), joining the domain using windows
10 is possible and gpo's get pushed accordingly.
As i utilize the Internal_DNS i had the opportunity to look at the dns
requests which get forwarded to my pihole (192.168.178.159).
As pihole gives a nice graphical representation of the requests it receives
i noticed that per currently online domain pc, my requests go up my
1000/hour.
The source of these requests is the domain controller trying to lookup any
given client (A-Lookup).

# What i tried already
- I have tried to use a public dns server (such as google's 8.8.8.8), this
did not solve the issue,      the requests still get made but google does
(of course) not know what im asking it :P
- Adding an A Record to the hosts file of the domain controller containing
all pcs currently in the    domain did not make any effect

# Environment
Samba version: 2:4.9.5+dfsg-5+deb10u1
Operating system:  4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19)
x86_64 GNU/Linux
Virtual machine settings (If these even matter): 1 CPU, 4 GB RAM, 32 GB
Storage
Maybe something obvious is wrong with my configuration, the following is my
smb.conf (i have changed the names, of course :)):
```
# Global parameters
[global]
        dns forwarder = 192.168.178.159
        netbios name = dc001
        realm = example.net
        server role = active directory domain controller
        workgroup = example.net
        tls enabled = yes

[netlogon]
        path = /var/lib/samba/sysvol/example.net/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No
```
Everytime i restart the server/the samba-ad-dc process the following lines
get appended to the log.samba:
```
[2021/05/25 21:49:46.758439,  0]
../source4/smbd/server.c:773(binary_smbd_main)
  binary_smbd_main: samba: using 'standard' process model
```
At the same time these two logs are added to the log.winbindd
```
[2021/05/25 21:49:47.206929,  0]
../source3/winbindd/winbindd_cache.c:3160(initialize_winbindd_cache)
  initialize_winbindd_cache: clearing cache and re-creating with version
number 2
[2021/05/25 21:49:47.217379,  0]
../lib/util/become_daemon.c:138(daemon_ready)
  daemon_ready: STATUS=daemon 'winbindd' finished starting up and ready to
serve connections
```
The syslog does not have any relevant information (nothing failing or
complaining)

These dns requests are slowly (as i add more pc's to the domain) going to
ddos the pihole server (or atleast pollute its query logs), is this
expected behavior? If so, can the request interval be reduced?

Thanks in advance :)!

More information about the samba mailing list