[Samba] AD/DNS: Cannot Create a CNAME record with a blank name...

John R. Graham john at graham-family.org
Sat Oct 12 15:15:03 UTC 2024


On 10/12/24 05:15, Kees van Vloten via samba wrote:
>
> On 12-10-2024 02:25, John R. Graham via samba wrote:
>> ...as recommended on the Samba Wiki here: 
>> https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ#I_have_to_Use_Different_Names_to_Resolve_Host_Names_Internally_and_Externally 
>>
>>
>> I'm trying to use the "clever trick" to make a certain internal 
>> server resolve to the name I'm forced to use to resolve it 
>> externally. I successfully created the new zone (fictionalizing the 
>> names for inclusion here):
>>
>> ~ # samba-tool dns zonecreate "dc1" "myserver.example.com" -U 
>> administrator
>> Zone myserver.example.com created successfully
>>
>> ...but I get a runtime error when I try to create the CNAME record in 
>> the zone "...leaving the name of the record blank." Here's what I did:
>>
>> ~ # samba-tool dns add "dc1" "myserver.example.com" "" CNAME 
>> "myserver.samdom.example.com"  -U Administrator
>> ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
>>   File "/usr/lib/python3.12/site-packages/samba/netcmd/__init__.py", 
>> line 279, in _run
>>     return self.run(*args, **kwargs)
>>            ^^^^^^^^^^^^^^^^^^^^^^^^^
>>   File "/usr/lib/python3.12/site-packages/samba/netcmd/dns.py", line 
>> 1186, in run
>> dns_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN,
>>   File "/usr/lib/python3.12/site-packages/samba/netcmd/dns.py", line 
>> 119, in f
>>     return attr(*args)
>>            ^^^^^^^^^^^
>> Have I misinterpreted the instructions and done it wrong? Thanks in 
>> advance for the help.
>
> I have a similar need, but I create an A record at zone level with:
>
> samba-tool dns add localhost myserver.example.com myserver.example.com 
> A 10.2.3.4 -U Administrator
>
> The trick is to specify zone-name and record-name with the same value.
> I have not tried to create a CNAME but given the syntax above that 
> should be:
>
> samba-tool dns add localhost myserver.example.com myserver.example.com 
> CNAME myserver.samdom.example.com -U Administrator
>
> If it turns out that it does not work with a CNAME record, I would 
> guess an A record also solves the issue.
>
> - Kees.
>
Hi, Kees.

Thank you; that worked perfectly! The CNAME variant, I mean. As an 
aside, although described as a "trick" in the wiki, it doesn't seem to 
be a particularly dirty or onerous one. After all, the overwhelming 
majority of a typical organization's machines _will not_ need to be 
externally accessible.

A question for you (and perhaps Rowland). Would creating a zone of just 
"example.com"  _without_ the "samdom" subdomain and then creating DNS 
records with the individual machine names not work for some structural 
reason? For example:

~ # samba-tool dns zonecreate localhost "example.com" -U administrator
~ # samba-tool dns add localhost example.com myserver 
CNAME myserver.samdom.example.com -U administrator
~ # samba-tool dns add localhost example.com myotherserver 
CNAME myotherserver.samdom.example.com -U administrator

This would have the advantage that a single dummy zone would be able to 
contain aliases for _all_ externally visible machines. (I haven't tried 
this yet; it just occurred to me...and struck me as being "tidier".)

I still don't completely get the gestalt of the strong recommendation of 
having a subdomain, even for smaller organizations, unless it's just a 
best practice designed to future proof an organization which might 
become more complex and hierarchical over time.

Thanks again for the help.

- John





More information about the samba mailing list