[Samba] reverse DNS not working for some reason ...

Christopher Cox chriscox at endlessnow.com
Tue Nov 2 22:13:00 UTC 2021 

On 11/2/21 4:59 PM, Patrick Goetz via samba wrote:
> 
> 
> On 11/2/21 16:29, Rowland Penny via samba wrote:
>> On Tue, 2021-11-02 at 16:14 -0500, Patrick Goetz via samba wrote:
>>>
>>> On 11/2/21 16:09, Rowland Penny via samba wrote:
>>>> On Tue, 2021-11-02 at 15:53 -0500, Patrick Goetz via samba wrote:
>>>>> On 11/2/21 15:32, Rowland Penny via samba wrote:
>>>>>> On Tue, 2021-11-02 at 15:25 -0500, Patrick Goetz via samba
>>>>>> wrote:
>>>>>>> As per the Wiki instructions for setting up a Samba DC, I ran
>>>>>>>
>>>>>>>       # samba-tool dns zonecreate samba-dc 1.168.192.in-
>>>>>>> addr.arpa
>>>>>>> -U
>>>>>>> administrator
>>>>>>>
>>>>>>> (while samba-ad-dc was running)
>>>>>>
>>>>>> That is how you are supposed to do it.
>>>>>>
>>>>>>> on my domain controller.  Everything seems to work; I can
>>>>>>> bind
>>>>>>> W10
>>>>>>> machines to this domain, use RSAT, etc., but reverse DNS
>>>>>>> searches
>>>>>>> aren't
>>>>>>> working:
>>>>>>
>>>>>> I refer you to my last reply, well sort of :-D
>>>>>>
>>>>>> You have to tell your Windows clients to update their dns
>>>>>> records,
>>>>>> they
>>>>>> do not do it as standard.
>>>>>>
>>>>>
>>>>> I set static IP/DNS entries on my Windows clients -- that's not
>>>>> sufficient?
>>>>
>>>> If you just set the forward (A) records, then no, you also have to
>>>> set
>>>> the reverse (PTR) records in AD and tell your Windows clients to
>>>> use
>>>> the reverse records.
>>>>
>>>
>>> The forward records are created automatically (I thought); I'm not
>>> doing
>>> anything I know of to facilitate this. You're saying the PTR records
>>> have to be entered by hand?  How does one go about doing this?  And
>>> if
>>> it's not necessary for anything, no reason to bother with it?
>>
>> No, Windows will do it, you just have to tick a box on the Windows
>> network device gui (if I remember correctly), something along the lines
>> of 'update this clients IP in dns'
>>
> 
> What do I do for my linux domain members?
> 
> Also, I just checked on my domain bound W10 machine. Under
> 
>     Adapter Properties -> Internet Protocol version 4 (TCP/IPv4) -> Advanced -> 
> DNS Tab
> 
>     "Register this connector's addresses in DNS" is checked, but no go on the 
> reverse search:
> 
> root at samba-dc:~# host 192.168.1.83
> Host 83.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
> 
> If nothing uses the reverse search, I'm not going to worry about it.

While this was somewhat true 10-15 years ago (maybe more), there are plenty of 
network applications that do reverse lookups now.  While they may not "fail", 
there will be latency while they attempt the reverse lookups.  So, it is 
important to have PTR records nowadays.  In Windows when creating A records, 
there is an option to add the corresponding PTR, but it has to be selected.

DHCP servers likewise can be configured to set not just the A, but the PTR as 
well (where the DHCP server is in charge).

Windows is "weird" in that the "clients" (sic) manage their DNS records.  In a 
Linux world, you would leave this up to something like DHCP.  Everything else is 
"static" and managed directly.  In Windows, the clients have a lot of power over 
the namespace (which IMHO, is wrong).  Btw, you can have locked down DNS zones, 
the Windows clients will try to manipulate it, and fail.  But maybe ok if DHCP 
is really doing the work and you don't want Windows just "willy nilly" 
manipulating your DNS.

More information about the samba mailing list