[Samba] How to determine DNS anomaly

Hakim Liso liso at frauenarzt.gmbh
Thu May 5 09:37:32 UTC 2022 

Hello, and thanks for your help
I’ve just sent another mail according the dns anomalies.
INTERNAL_SAMBA with DNS Forwarder 8.8.8.8 set on both in the smb.conf.


Von: Rowland Penny via samba
Gesendet: Mittwoch, 4. Mai 2022 16:43
An: samba at lists.samba.org
Cc: Rowland Penny
Betreff: Re: [Samba] How to determine DNS anomaly

On Wed, 2022-05-04 at 16:15 +0200, Hakim Liso via samba wrote:
> Hello im back, i managed to fix the sysvol Problem. replication
> aswell as the backup scripts works properly now.
> Still something with dns entries or sites must’ve messed up while
> rejoining, and moving dbs.
> 
> I can repl everything and Clients connected to dc02 are fully working
> EXCEPT
> The Network showing no Internet Access = dns Problem i guess.
> 
> administrator at dc02:/etc/rsync$ host -t SRV
> _ldap._tcp.MYSITE2._sites.dc02._msdcs.MY.DOMAIN
> Host _ldap._tcp.MYSITE2._sites.ggdc01._msdcs.MY.DOMAIN not found:
> 3(NXDOMAIN)
> 
> Same for _Kerberos._ . Ive checked on double entries, what ive got
> now is 
> 
> Looking for DNS entry A dc01.my.domain 10.0.1.9 as dc01.my.domain.
> Looking for DNS entry CNAME a452ed54-667a-43d3-9182-
> 21d84a4919a4._msdcs.my.domain dc01.my.domain as a452ed54-667a-43d3-
> 9182-21d84a4919a4._msdcs.my.domain.
> Looking for DNS entry NS my.domain dc01.my.domain as my.domain.
> Looking for DNS entry NS _msdcs.my.domain dc01.my.domain as
> _msdcs.my.domain.
> Looking for DNS entry A my.domain 10.0.1.9 as my.domain.
> Looking for DNS entry SRV _ldap._tcp.my.domain dc01.my.domain 389 as
> _ldap._tcp.my.domain.
> Checking 0 100 389 dc01.my.domain. against SRV _ldap._tcp.my.domain
> dc01.my.domain 389
> Looking for DNS entry SRV _ldap._tcp.dc._msdcs.my.domain
> dc01.my.domain 389 as _ldap._tcp.dc._msdcs.my.domain.
> Checking 0 100 389 dc01.my.domain. against SRV
> _ldap._tcp.dc._msdcs.my.domain dc01.my.domain 389
> Looking for DNS entry SRV _ldap._tcp.32052c12-4458-47f7-adb0-
> 95f7c16fc694.domains._msdcs.my.domain dc01.my.domain 389 as
> _ldap._tcp.32052c12-4458-47f7-adb0-
> 95f7c16fc694.domains._msdcs.my.domain.
> Checking 0 100 389 dc01.my.domain. against SRV _ldap._tcp.32052c12-
> 4458-47f7-adb0-95f7c16fc694.domains._msdcs.my.domain dc01.my.domain
> 389
> Looking for DNS entry SRV _kerberos._tcp.my.domain dc01.my.domain 88
> as _kerberos._tcp.my.domain.
> Checking 0 100 88 dc01.my.domain. against SRV
> _kerberos._tcp.my.domain dc01.my.domain 88
> Looking for DNS entry SRV _kerberos._udp.my.domain dc01.my.domain 88
> as _kerberos._udp.my.domain.
> Checking 0 100 88 dc01.my.domain. against SRV
> _kerberos._udp.my.domain dc01.my.domain 88
> Looking for DNS entry SRV _kerberos._tcp.dc._msdcs.my.domain
> dc01.my.domain 88 as _kerberos._tcp.dc._msdcs.my.domain.
> Checking 0 100 88 dc01.my.domain. against SRV
> _kerberos._tcp.dc._msdcs.my.domain dc01.my.domain 88
> Looking for DNS entry SRV _kpasswd._tcp.my.domain dc01.my.domain 464
> as _kpasswd._tcp.my.domain.
> Checking 0 100 464 dc01.my.domain. against SRV
> _kpasswd._tcp.my.domain dc01.my.domain 464
> Looking for DNS entry SRV _kpasswd._udp.my.domain dc01.my.domain 464
> as _kpasswd._udp.my.domain.
> Checking 0 100 464 dc01.my.domain. against SRV
> _kpasswd._udp.my.domain dc01.my.domain 464
> Looking for DNS entry SRV _ldap._tcp.Location1._sites.my.domain
> dc01.my.domain 389 as _ldap._tcp.Location1._sites.my.domain.
> Checking 0 100 389 dc01.my.domain. against SRV
> _ldap._tcp.Location1._sites.my.domain dc01.my.domain 389
> Looking for DNS entry SRV
> _ldap._tcp.Location1._sites.dc._msdcs.my.domain dc01.my.domain 389 as
> _ldap._tcp.Location1._sites.dc._msdcs.my.domain.
> Checking 0 100 389 dc01.my.domain. against SRV
> _ldap._tcp.Location1._sites.dc._msdcs.my.domain dc01.my.domain 389
> Looking for DNS entry SRV _kerberos._tcp.Location1._sites.my.domain
> dc01.my.domain 88 as _kerberos._tcp.Location1._sites.my.domain.
> Checking 0 100 88 dc01.my.domain. against SRV
> _kerberos._tcp.Location1._sites.my.domain dc01.my.domain 88
> Looking for DNS entry SRV
> _kerberos._tcp.Location1._sites.dc._msdcs.my.domain dc01.my.domain 88
> as _kerberos._tcp.Location1._sites.dc._msdcs.my.domain.
> Checking 0 100 88 dc01.my.domain. against SRV
> _kerberos._tcp.Location1._sites.dc._msdcs.my.domain dc01.my.domain 88
> Looking for DNS entry SRV _ldap._tcp.pdc._msdcs.my.domain
> dc01.my.domain 389 as _ldap._tcp.pdc._msdcs.my.domain.
> Checking 0 100 389 dc01.my.domain. against SRV
> _ldap._tcp.pdc._msdcs.my.domain dc01.my.domain 389
> Looking for DNS entry A gc._msdcs.my.domain 10.0.1.9 as
> gc._msdcs.my.domain.
> Looking for DNS entry SRV _gc._tcp.my.domain dc01.my.domain 3268 as
> _gc._tcp.my.domain.
> Checking 0 100 3268 dc01.my.domain. against SRV _gc._tcp.my.domain
> dc01.my.domain 3268
> Looking for DNS entry SRV _ldap._tcp.gc._msdcs.my.domain
> dc01.my.domain 3268 as _ldap._tcp.gc._msdcs.my.domain.
> Checking 0 100 3268 dc01.my.domain. against SRV
> _ldap._tcp.gc._msdcs.my.domain dc01.my.domain 3268
> Looking for DNS entry SRV _gc._tcp.Location1._sites.my.domain
> dc01.my.domain 3268 as _gc._tcp.Location1._sites.my.domain.
> Checking 0 100 3268 dc01.my.domain. against SRV
> _gc._tcp.Location1._sites.my.domain dc01.my.domain 3268
> Looking for DNS entry SRV
> _ldap._tcp.Location1._sites.gc._msdcs.my.domain dc01.my.domain 3268
> as _ldap._tcp.Location1._sites.gc._msdcs.my.domain.
> Checking 0 100 3268 dc01.my.domain. against SRV
> _ldap._tcp.Location1._sites.gc._msdcs.my.domain dc01.my.domain 3268
> Looking for DNS entry A DomainDnsZones.my.domain 10.0.1.9 as
> DomainDnsZones.my.domain.
> Looking for DNS entry SRV _ldap._tcp.DomainDnsZones.my.domain
> dc01.my.domain 389 as _ldap._tcp.DomainDnsZones.my.domain.
> Checking 0 100 389 dc01.my.domain. against SRV
> _ldap._tcp.DomainDnsZones.my.domain dc01.my.domain 389
> Looking for DNS entry SRV
> _ldap._tcp.Location1._sites.DomainDnsZones.my.domain dc01.my.domain
> 389 as _ldap._tcp.Location1._sites.DomainDnsZones.my.domain.
> Checking 0 100 389 dc01.my.domain. against SRV
> _ldap._tcp.Location1._sites.DomainDnsZones.my.domain dc01.my.domain
> 389
> Looking for DNS entry A ForestDnsZones.my.domain 10.0.1.9 as
> ForestDnsZones.my.domain.
> Looking for DNS entry SRV _ldap._tcp.ForestDnsZones.my.domain
> dc01.my.domain 389 as _ldap._tcp.ForestDnsZones.my.domain.
> Checking 0 100 389 dc01.my.domain. against SRV
> _ldap._tcp.ForestDnsZones.my.domain dc01.my.domain 389
> Looking for DNS entry SRV
> _ldap._tcp.Location1._sites.ForestDnsZones.my.domain dc01.my.domain
> 389 as _ldap._tcp.Location1._sites.ForestDnsZones.my.domain.
> Checking 0 100 389 dc01.my.domain. against SRV
> _ldap._tcp.Location1._sites.ForestDnsZones.my.domain dc01.my.domain
> 389
> No DNS updates needed
> 
> On the Dc02 samba_dnsupdate
> Im Pretty sure this is not samba specific, some help would still be
> appreciated. 
> 
> Samba tool dns query:
> 
>   Name=, Records=5, Children=0
>     SOA: serial=117, refresh=900, retry=600, expire=86400,
> minttl=3600, ns=dc01.my.domain., email=hostmaster.my.domain.
> (flags=600000f0, serial=110, ttl=3600)
>     NS: dc01.my.domain. (flags=600000f0, serial=110, ttl=900)
>     NS: dc02.my.domain. (flags=600000f0, serial=110, ttl=900)
>     A: 192.168.50.11 (flags=600000f0, serial=110, ttl=900)
>     A: 10.0.1.9 (flags=600000f0, serial=110, ttl=900)
>   Name=_msdcs, Records=0, Children=0
>   Name=_sites, Records=0, Children=2
>   Name=_tcp, Records=0, Children=4
>   Name=_udp, Records=0, Children=2
>   Name=CTG-INTEL, Records=1, Children=0
>     A: 192.168.50.231 (flags=f0, serial=110, ttl=1200)
>   Name=DA-Anmeldung-Li, Records=1, Children=0
>     A: 192.168.50.182 (flags=f0, serial=110, ttl=1200)
>   Name=DA-Anmeldung-re, Records=1, Children=0
>     A: 192.168.50.181 (flags=f0, serial=110, ttl=1200)
>   Name=DA-CTG, Records=1, Children=0
>     A: 192.168.50.231 (flags=f0, serial=110, ttl=1200)
>   Name=DA-Labor, Records=1, Children=0
>     A: 192.168.50.3 (flags=f0, serial=110, ttl=1200)
>   Name=DA-Monitoring, Records=1, Children=0
>     A: 192.168.50.164 (flags=f0, serial=110, ttl=1200)
>   Name=DA-Telefonzentrale, Records=1, Children=0
>     A: 192.168.50.243 (flags=f0, serial=110, ttl=1200)
>   Name=DA-U1, Records=1, Children=0
>     A: 192.168.50.8 (flags=f0, serial=110, ttl=1200)
>   Name=DA-U2, Records=1, Children=0
>     A: 192.168.50.174 (flags=f0, serial=110, ttl=1200)
>   Name=DA-U3, Records=1, Children=0
>     A: 192.168.50.176 (flags=f0, serial=110, ttl=1200)
>   Name=dc01, Records=1, Children=0
>     A: 192.168.50.11 (flags=f0, serial=1, ttl=900)
>   Name=DomainDnsZones, Records=0, Children=2
>   Name=ForestDnsZones, Records=0, Children=2
>   Name=dc02, Records=1, Children=0
>     A: 10.0.1.9 (flags=f0, serial=117, ttl=900)
>   Name=nasdd7fef, Records=1, Children=0
>     A: 192.168.50.232 (flags=f0, serial=110, ttl=3600)
>   Name=PC-Bakk, Records=1, Children=0
>     A: 10.0.1.182 (flags=f0, serial=110, ttl=1200)
> 
> I spotted the anomaly at the top of the query where both dc ips are
> listed as A record under each other but cannot delete them. Not in
> the RSAT Tools nor with the samba-tool.

What anomaly ? that is correct, both DCs should be nameservers for the
domain, everything else looks okay to me.

Do you have a forwarder set in smb.conf (if using the internal dns
server) or in the Bind conf files (if using Bind9) ?

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list