Zdravko Zdravkov
2018-Jun-01 10:39 UTC
[Samba] DNS not resolving particular host from queries from particular subnet
Hi all. Our setup is samba+dlz AD DC. Since last week the DNS doesn't resolve the delegated record for our storage *storage.domain.ltd* (192.168.26.xx) when being queried from clients in 192.168.29.0 which is our openvpn designated network. The OpenVPN is configured to push the DNS of our network, and also successfully resolves other hosts in the 192.168.26.0 subnet. I have no memory of changing anything. Last friday just some of our remote clients reported that the access to the storage has been lost. Any ideas will be appreciated!
Rowland Penny
2018-Jun-01 10:48 UTC
[Samba] DNS not resolving particular host from queries from particular subnet
On Fri, 1 Jun 2018 11:39:33 +0100 Zdravko Zdravkov via samba <samba at lists.samba.org> wrote:> Hi all. > > Our setup is samba+dlz AD DC. Since last week the DNS doesn't resolve > the delegated record for our storage *storage.domain.ltd* > (192.168.26.xx) when being queried from clients in 192.168.29.0 which > is our openvpn designated network. The OpenVPN is configured to push > the DNS of our network, and also successfully resolves other hosts in > the 192.168.26.0 subnet. I have no memory of changing anything. Last > friday just some of our remote clients reported that the access to > the storage has been lost. > > Any ideas will be appreciated!Might be a good idea to post your smb.conf and bind9 conf files. Rowland
Zdravko Zdravkov
2018-Jun-01 11:12 UTC
[Samba] DNS not resolving particular host from queries from particular subnet
True that! Sorry smb.conf> [global] > netbios name = AD > realm = XXXX.CO.UK > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbindd, ntp_signd, kcc, dnsupdate > workgroup = XXXX > idmap config XXXX:unix_nss_info = yes > idmap_ldb:use rfc2307 = yes > log file = /var/log/samba/samba.log > log level = 3named.conf include "/usr/local/samba/private/named.conf";> options { > listen-on port 53 { 127.0.0.1; 192.168.26.2; }; > // listen-on-v6 port 53 { ::1; }; > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > allow-query { any; }; > /* > - If you are building an AUTHORITATIVE DNS server, do NOT enable > recursion. > - If you are building a RECURSIVE (caching) DNS server, you need > to enable > recursion. > - If your recursive DNS server has a public IP address, you MUST > enable access > control to limit queries to your legitimate users. Failing to > do so will > cause your server to become part of large scale DNS > amplification > attacks. Implementing BCP38 within your network would greatly > reduce such attack surface > */ > allow-recursion { > 127.0.0.1; > 192.168.26.0/24; > 192.168.27.0/24; > }; > > > //recursion yes; > tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab"; > dnssec-enable yes; > dnssec-validation yes; > /* Path to ISC DLV key */ > bindkeys-file "/etc/named.iscdlv.key"; > managed-keys-directory "/var/named/dynamic"; > pid-file "/run/named/named.pid"; > session-keyfile "/run/named/session.key"; > }; > logging { > channel default_debug { > file "data/named.run"; > severity dynamic; > }; > }; > zone "." IN { > type hint; > file "named.ca"; > }; > //include "/etc/named.rfc1912.zones"; > //include "/etc/named.root.key";On Fri, Jun 1, 2018 at 11:48 AM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 1 Jun 2018 11:39:33 +0100 > Zdravko Zdravkov via samba <samba at lists.samba.org> wrote: > > > Hi all. > > > > Our setup is samba+dlz AD DC. Since last week the DNS doesn't resolve > > the delegated record for our storage *storage.domain.ltd* > > (192.168.26.xx) when being queried from clients in 192.168.29.0 which > > is our openvpn designated network. The OpenVPN is configured to push > > the DNS of our network, and also successfully resolves other hosts in > > the 192.168.26.0 subnet. I have no memory of changing anything. Last > > friday just some of our remote clients reported that the access to > > the storage has been lost. > > > > Any ideas will be appreciated! > > Might be a good idea to post your smb.conf and bind9 conf files. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Maybe Matching Threads
- DNS not resolving particular host from queries from particular subnet
- DNS not resolving particular host from queries from particular subnet
- DNS not resolving particular host from queries from particular subnet
- DNS not resolving particular host from queries from particular subnet
- Samba 4.7.4 + bind9 DLZ /backend/ dropping delegated domain