[Samba] Problems after DC upgrade
Rowland Penny
rpenny at samba.org
Mon Feb 10 15:30:15 UTC 2025
On Mon, 10 Feb 2025 14:56:02 +0000
Stephen Brandli <steve at brandli.com> wrote:
> It was systemd-resolved. I disabled that. Now samba is binding to
> the port.
>
> But I'm still getting the dnsupdate failure.
>
> And, I can't ping anything. I get the "unknown host or service"
> error. So names are not getting resolved on the machine. I have to
> admit to complete ignorance about how this part of linux works. When
> running systemd-networkd, what normally does name resolution? Or can
> systemd-networkd do it without listening on port 53? This works on
> my older dc's, which are not running system-resolved.
On a Samba AD DC, it is the DC that is authoritative for the AD dns
domain, that is, every DC must use itself as its nameserver, so if your
dns domain is 'samdom.example.com' and the DC IP address is
192.168.1.2, then /etc/resolv.conf should just contain this:
search samdom.example,com
nameserver 192.168.1.2
If you are using the Samba internal dns server, you will require a line
like 'dns forwarder = 8.8.8.8' in the DCs smb.conf file (other
internet nameservers are available). If using Bind9, you require a
similar line in its named.conf file.
You should only run either Bind9 or the Samba internal dns server on a
Samba AD DC, they are the only ones able to 'talk' to the DNS records
stored in AD.
Rowland
PS Please do not 'CC' me, just reply to the list.
More information about the samba
mailing list