Werthmuller, Derek
2013-Nov-19 18:24 UTC
[Samba] Samba internal DNS strange behavior to ssh client lookup request
Running a new install of samba 4.1 AD, also using winbind to handle Linux user, group authorizing users. I'm have problems with DNS lookups for ssh client don't work nslookup on the same AD and member system works fine. For example: I can run nslookup example.com and it returns a valid answer right way. If I try to ssh -l username example.com , ssh returns "ssh: Could not resolve hostname example.com : Name or service not known" Samba is configured with dns forwarder = external DNS server. Samba DNS tests work. Such as host -t SRV _ldap._tcp.example.com /etc/resolve.conf Configured with nameserver of the DC as the top item in list. If I move the DC nameserver entry lower in the list and place the external DNS at the top then ssh dns lookups work fine. (but then the samba lookups don't work properly) Any Advice here? Thanks Derek
Rowland Penny
2013-Nov-19 18:33 UTC
[Samba] Samba internal DNS strange behavior to ssh client lookup request
On 19/11/13 18:24, Werthmuller, Derek wrote:> Running a new install of samba 4.1 AD, also using winbind to handle Linux user, group authorizing users. > > I'm have problems with DNS lookups for ssh client don't work nslookup on the same AD and member system works fine. > For example: I can run nslookup example.com and it returns a valid answer right way. If I try to ssh -l username example.com , ssh returns "ssh: Could not resolve hostname example.com : Name or service not known" > > Samba is configured with dns forwarder = external DNS server. > > Samba DNS tests work. > Such as host -t SRV _ldap._tcp.example.com > /etc/resolve.conf > Configured with nameserver of the DC as the top item in list. If I move the DC nameserver entry lower in the list and place the external DNS at the top then ssh dns lookups work fine. (but then the samba lookups don't work properly) > Any Advice here? > > Thanks > Derek > > >Not that it helps you, but it works from an LM15 client to an S4 server with bind9 dns Rowland
Werthmuller, Derek
2013-Nov-22 15:13 UTC
[Samba] Samba internal DNS strange behavior to ssh client lookup request
Answers to my own question. Understand why this behaves this way. No its not a bug in samba internal DNS. I believe its how the resolver libraries work in the ssh client (ssh client didn't chek multiple nameserver resources). It also points out a bit how the Samba AD DNS setup works. 1) my incorrect assumption was that the DNS forwarder address, found in smb.conf, would be used for any address space the AD DNS was not authority for and if it didn't have an entry for a system within its authority space. The last part about forwarding to another DNS server if the internal AD DNS doesn't have an entry for it doesn't work, and appears to be by design. 2) My plan was to use the samba DNS only for sort of the windows network, and leave webservers and such to the other already existing DNS server. This case only works if the client resolver will check multiple DNS resources if the first( being the AD DNS) fails. Nslookup resolver does check multiple DNS resources often found in /etc/resolv.conf. Samab AD documentation states to place the AD address in the first nameserver entry for the resolv.conf. 3) my new plan is to place more hosts in the samba AD DNS than originally anticipated. I've seen posts suggesting creating a separate DNS domain for AD so that you don't have to pull all DNS in the AD for a given domain/subnet. Not sure if this is a good idea - it seems that if a host have multiple roles and would be found in both DNS server than the clients resolvers and cache could become confused. Cheers Derek -----Original Message----- From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Werthmuller, Derek Sent: Tuesday, November 19, 2013 1:25 PM To: samba at lists.samba.org Subject: [Samba] Samba internal DNS strange behavior to ssh client lookup request Running a new install of samba 4.1 AD, also using winbind to handle Linux user, group authorizing users. I'm have problems with DNS lookups for ssh client don't work nslookup on the same AD and member system works fine. For example: I can run nslookup example.com and it returns a valid answer right way. If I try to ssh -l username example.com , ssh returns "ssh: Could not resolve hostname example.com : Name or service not known" Samba is configured with dns forwarder = external DNS server. Samba DNS tests work. Such as host -t SRV _ldap._tcp.example.com /etc/resolve.conf Configured with nameserver of the DC as the top item in list. If I move the DC nameserver entry lower in the list and place the external DNS at the top then ssh dns lookups work fine. (but then the samba lookups don't work properly) Any Advice here? Thanks Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Possibly Parallel Threads
- NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still
- gidNumber's and ldap backed samba PDC
- Samba4 AD DC Domain name question
- NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still
- Winbind backend = ldap pull uid-number and gid-number ldap values ?