Peter Tuharsky
2019-Feb-09 08:12 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
Thank You Rowland. I did it like You say, killed avahi, added the record without domain suffix, but nothing changed, and the record seems no different compared to other records added with the suffix some time before. My Samba DNS record looks like this (and I see nothing special in there): Name=, Records=3, Children=0 SOA: serial=39, refresh=900, retry=600, expire=86400, minttl=3600, ns=blacktux.interbronz.local., email=hostmaster.interbronz.local. (flags=600000f0, serial=39, ttl=3600) NS: blacktux.interbronz.local. (flags=600000f0, serial=1, ttl=900) A: 10.20.1.1 (flags=600000f0, serial=3, ttl=900) Name=_msdcs, Records=0, Children=0 Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=4 Name=_udp, Records=0, Children=2 Name=asus, Records=1, Children=0 A: 10.20.4.69 (flags=f0, serial=27, ttl=900) Name=blacktux, Records=1, Children=0 A: 10.20.1.1 (flags=f0, serial=2, ttl=900) Name=boss, Records=1, Children=0 A: 10.20.3.78 (flags=f0, serial=39, ttl=900) Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=intelhd, Records=1, Children=0 A: 10.20.1.82 (flags=f0, serial=20, ttl=900) Name=w7-virt, Records=1, Children=0 A: 10.10.10.102 (flags=f0, serial=21, ttl=900) Dňa 8. 2. 2019 o 21:56 Rowland Penny via samba napísal(a):> On Fri, 8 Feb 2019 21:19:20 +0100 > Peter Tuharsky via samba <samba at lists.samba.org> wrote: > >> like this, Rowland: >> >> samba-tool dns add -U administrator 10.20.1.1 interbronz.local >> asus.interbronz.local A 10.20.4.69 >> > The syntax is: > samba-tool dns add <server> <zone> <name> A <data> > > From the above: > > <server> = 10.20.1.1 > <zone> = interbronz.local > <name> = asus.interbronz.local > <data> = 10.20.4.69 > > Provided '10.20.1.1' is a Samba AD DC, this is okay. > Provided 'interbronz.local' is the forward zone, this is okay. > Provided '10.20.4.69' is the IP of 'asus.interbronz.local', this is okay. > > The <name> is wrong, it should just be 'asus' > > If 'local' is your TLD, then turn off Avahi if it is running, this > means anywhere in your Samba AD domain > > Rowland >
Rowland Penny
2019-Feb-09 09:24 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
On Sat, 9 Feb 2019 09:12:28 +0100 Peter Tuharsky via samba <samba at lists.samba.org> wrote:> Thank You Rowland. I did it like You say, killed avahi, added the > record without domain suffix, but nothing changed, and the record > seems no different compared to other records added with the suffix > some time before. > > My Samba DNS record looks like this (and I see nothing special in > there): > > Name=, Records=3, Children=0 > SOA: serial=39, refresh=900, retry=600, expire=86400, > minttl=3600, ns=blacktux.interbronz.local., > email=hostmaster.interbronz.local. (flags=600000f0, serial=39, > ttl=3600) NS: blacktux.interbronz.local. (flags=600000f0, serial=1, > ttl=900) A: 10.20.1.1 (flags=600000f0, serial=3, ttl=900) > Name=_msdcs, Records=0, Children=0 > Name=_sites, Records=0, Children=1 > Name=_tcp, Records=0, Children=4 > Name=_udp, Records=0, Children=2 > Name=asus, Records=1, Children=0 > A: 10.20.4.69 (flags=f0, serial=27, ttl=900) > Name=blacktux, Records=1, Children=0 > A: 10.20.1.1 (flags=f0, serial=2, ttl=900) > Name=boss, Records=1, Children=0 > A: 10.20.3.78 (flags=f0, serial=39, ttl=900) > Name=DomainDnsZones, Records=0, Children=2 > Name=ForestDnsZones, Records=0, Children=2 > Name=intelhd, Records=1, Children=0 > A: 10.20.1.82 (flags=f0, serial=20, ttl=900) > Name=w7-virt, Records=1, Children=0 > A: 10.10.10.102 (flags=f0, serial=21, ttl=900) >Hmm, mine look different: If I run (on a DC): samba-tool dns query 127.0.0.1 samdom.example.com @ SOA I get: Name=, Records=1, Children=0 SOA: serial=3658, refresh=900, retry=600, expire=86400, minttl=3600, ns=dc4.samdom.example.com., email=hostmaster.samdom.example.com. (flags=600000f0, serial=3657, ttl=3600) Name=_sites, Records=0, Children=1 Name=_tcp, Records=0, Children=5 Name=_udp, Records=0, Children=2 Name=EAP-WIN7, Records=0, Children=0 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=EAPDEV-PC, Records=0, Children=0 Name=DC4, Records=0, Children=0 Name=................. ........... and so on The '_msdcs' record isn't there. There are no 'A' records. If I run (again on a DC): ldbsearch --cross-ncs --show-binary -H '/var/lib/samba/private/sam.ldb' -b 'DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com' -s sub '(&(objectClass=dnsNode)(DC=@))' NOTE: the above should all be on one line. I get: # record 1 dn: DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20151106115624.0Z uSNCreated: 4060 showInAdvancedViewOnly: TRUE name: @ objectGUID: 7ad014c4-c1e9-4cb4-9f0d-96d0272af23d objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com dc: @ whenChanged: 20190209090653.0Z dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x004f (79) wType : DNS_TYPE_SOA (6) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000e4d (3661) dwTtlSeconds : 0x00000e10 (3600) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0037ec99 (3665049) data : union dnsRecordData(case 6) soa: struct dnsp_soa serial : 0x00000e4e (3662) refresh : 0x00000384 (900) retry : 0x00000258 (600) expire : 0x00015180 (86400) minimum : 0x00000e10 (3600) mname : dc4.samdom.example.com rname : hostmaster.samdom.example.com dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x001a (26) wType : DNS_TYPE_NS (2) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000e4d (3661) dwTtlSeconds : 0x00000384 (900) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0037a459 (3646553) data : union dnsRecordData(case 2) ns : dc3.samdom.example.com dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x001a (26) wType : DNS_TYPE_NS (2) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000e4d (3661) dwTtlSeconds : 0x00000384 (900) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0037ceba (3657402) data : union dnsRecordData(case 2) ns : dc4.samdom.example.com dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0004 (4) wType : DNS_TYPE_A (1) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000e4d (3661) dwTtlSeconds : 0x00000384 (900) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0037a459 (3646553) data : union dnsRecordData(case 1) ipv4 : 192.168.0.7 dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0004 (4) wType : DNS_TYPE_A (1) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000e4d (3661) dwTtlSeconds : 0x00000384 (900) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0037ceba (3657402) data : union dnsRecordData(case 1) ipv4 : 192.168.0.6 uSNChanged: 402651 distinguishedName: DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com # returned 1 records # 1 entries # 0 referrals Rowland
Peter Tuharsky
2019-Feb-09 10:13 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
For me it's similar: # record 1 dn: DC=@,DC=interbronz.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=interbronz,DC=local objectClass: top objectClass: dnsNode instanceType: 4 whenCreated: 20190102232229.0Z uSNCreated: 3657 showInAdvancedViewOnly: TRUE name: @ objectGUID: 54d20bc1-1700-4464-a778-4fe77967d5fa objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=interbronz,DC=local dc: @ dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0050 (80) wType : DNS_TYPE_SOA (6) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000027 (39) dwTtlSeconds : 0x00000e10 (3600) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0037ec98 (3665048) data : union dnsRecordData(case 6) soa: struct dnsp_soa serial : 0x00000027 (39) refresh : 0x00000384 (900) retry : 0x00000258 (600) expire : 0x00015180 (86400) minimum : 0x00000e10 (3600) mname : blacktux.interbronz.local rname : hostmaster.interbronz.local dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x001d (29) wType : DNS_TYPE_NS (2) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000001 (1) dwTtlSeconds : 0x00000384 (900) dwReserved : 0x00000000 (0) dwTimeStamp : 0x00000000 (0) data : union dnsRecordData(case 2) ns : blacktux.interbronz.local dnsRecord: NDR: struct dnsp_DnssrvRpcRecord wDataLength : 0x0004 (4) wType : DNS_TYPE_A (1) version : 0x05 (5) rank : DNS_RANK_ZONE (240) flags : 0x0000 (0) dwSerial : 0x00000003 (3) dwTtlSeconds : 0x00000384 (900) dwReserved : 0x00000000 (0) dwTimeStamp : 0x0037e917 (3664151) data : union dnsRecordData(case 1) ipv4 : 10.20.1.1 whenChanged: 20190209080809.0Z uSNChanged: 4066 distinguishedName: DC=@,DC=interbronz.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=interbronz,DC=local # returned 1 records # 1 entries # 0 referrals Dňa 9. 2. 2019 o 10:24 Rowland Penny via samba napísal(a):> On Sat, 9 Feb 2019 09:12:28 +0100 > Peter Tuharsky via samba <samba at lists.samba.org> wrote: > >> Thank You Rowland. I did it like You say, killed avahi, added the >> record without domain suffix, but nothing changed, and the record >> seems no different compared to other records added with the suffix >> some time before. >> >> My Samba DNS record looks like this (and I see nothing special in >> there): >> >> Name=, Records=3, Children=0 >> SOA: serial=39, refresh=900, retry=600, expire=86400, >> minttl=3600, ns=blacktux.interbronz.local., >> email=hostmaster.interbronz.local. (flags=600000f0, serial=39, >> ttl=3600) NS: blacktux.interbronz.local. (flags=600000f0, serial=1, >> ttl=900) A: 10.20.1.1 (flags=600000f0, serial=3, ttl=900) >> Name=_msdcs, Records=0, Children=0 >> Name=_sites, Records=0, Children=1 >> Name=_tcp, Records=0, Children=4 >> Name=_udp, Records=0, Children=2 >> Name=asus, Records=1, Children=0 >> A: 10.20.4.69 (flags=f0, serial=27, ttl=900) >> Name=blacktux, Records=1, Children=0 >> A: 10.20.1.1 (flags=f0, serial=2, ttl=900) >> Name=boss, Records=1, Children=0 >> A: 10.20.3.78 (flags=f0, serial=39, ttl=900) >> Name=DomainDnsZones, Records=0, Children=2 >> Name=ForestDnsZones, Records=0, Children=2 >> Name=intelhd, Records=1, Children=0 >> A: 10.20.1.82 (flags=f0, serial=20, ttl=900) >> Name=w7-virt, Records=1, Children=0 >> A: 10.10.10.102 (flags=f0, serial=21, ttl=900) >> > > Hmm, mine look different: > > If I run (on a DC): > > samba-tool dns query 127.0.0.1 samdom.example.com @ SOA > > I get: > > Name=, Records=1, Children=0 > SOA: serial=3658, refresh=900, retry=600, expire=86400, minttl=3600, ns=dc4.samdom.example.com., email=hostmaster.samdom.example.com. (flags=600000f0, serial=3657, ttl=3600) > Name=_sites, Records=0, Children=1 > Name=_tcp, Records=0, Children=5 > Name=_udp, Records=0, Children=2 > Name=EAP-WIN7, Records=0, Children=0 > Name=DomainDnsZones, Records=0, Children=2 > Name=ForestDnsZones, Records=0, Children=2 > Name=EAPDEV-PC, Records=0, Children=0 > Name=DC4, Records=0, Children=0 > Name=................. > ........... > and so on > > The '_msdcs' record isn't there. > There are no 'A' records. > > If I run (again on a DC): > > ldbsearch --cross-ncs --show-binary -H '/var/lib/samba/private/sam.ldb' > -b > 'DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com' > -s sub '(&(objectClass=dnsNode)(DC=@))' > > NOTE: the above should all be on one line. > > I get: > > # record 1 > dn: DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > objectClass: top > objectClass: dnsNode > instanceType: 4 > whenCreated: 20151106115624.0Z > uSNCreated: 4060 > showInAdvancedViewOnly: TRUE > name: @ > objectGUID: 7ad014c4-c1e9-4cb4-9f0d-96d0272af23d > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com > dc: @ > whenChanged: 20190209090653.0Z > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x004f (79) > wType : DNS_TYPE_SOA (6) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000e10 (3600) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037ec99 (3665049) > data : union dnsRecordData(case 6) > soa: struct dnsp_soa > serial : 0x00000e4e (3662) > refresh : 0x00000384 (900) > retry : 0x00000258 (600) > expire : 0x00015180 (86400) > minimum : 0x00000e10 (3600) > mname : dc4.samdom.example.com > rname : hostmaster.samdom.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x001a (26) > wType : DNS_TYPE_NS (2) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037a459 (3646553) > data : union dnsRecordData(case 2) > ns : dc3.samdom.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x001a (26) > wType : DNS_TYPE_NS (2) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037ceba (3657402) > data : union dnsRecordData(case 2) > ns : dc4.samdom.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0004 (4) > wType : DNS_TYPE_A (1) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037a459 (3646553) > data : union dnsRecordData(case 1) > ipv4 : 192.168.0.7 > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0004 (4) > wType : DNS_TYPE_A (1) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037ceba (3657402) > data : union dnsRecordData(case 1) > ipv4 : 192.168.0.6 > > uSNChanged: 402651 > distinguishedName: DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > # returned 1 records > # 1 entries > # 0 referrals > > Rowland >
Mgr. Peter Tuharsky
2019-Feb-20 09:28 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
Well, the mystery is solved. It WAS Avahi, in a way... Eventhough it was disabled as a daemon, it still haunted the system by the means of nsswitch.conf In the 'hosts' line, the Debian default entry 'mdns4_minimal [NOTFOUND=return]' does exactly what we don't want - for .local domains it asks Avahi and if it dosen't know, it never asks the other services, such as dns etc. I hope the documentation (Wiki) should be more vocal about that - that if the domain is .local, the 'dns' entry MUST precede 'mdns4_minimal' and 'mdns4' entries. Dňa 9. 2. 2019 o 10:24 Rowland Penny via samba napísal(a):> On Sat, 9 Feb 2019 09:12:28 +0100 > Peter Tuharsky via samba <samba at lists.samba.org> wrote: > >> Thank You Rowland. I did it like You say, killed avahi, added the >> record without domain suffix, but nothing changed, and the record >> seems no different compared to other records added with the suffix >> some time before. >> >> My Samba DNS record looks like this (and I see nothing special in >> there): >> >> Name=, Records=3, Children=0 >> SOA: serial=39, refresh=900, retry=600, expire=86400, >> minttl=3600, ns=blacktux.interbronz.local., >> email=hostmaster.interbronz.local. (flags=600000f0, serial=39, >> ttl=3600) NS: blacktux.interbronz.local. (flags=600000f0, serial=1, >> ttl=900) A: 10.20.1.1 (flags=600000f0, serial=3, ttl=900) >> Name=_msdcs, Records=0, Children=0 >> Name=_sites, Records=0, Children=1 >> Name=_tcp, Records=0, Children=4 >> Name=_udp, Records=0, Children=2 >> Name=asus, Records=1, Children=0 >> A: 10.20.4.69 (flags=f0, serial=27, ttl=900) >> Name=blacktux, Records=1, Children=0 >> A: 10.20.1.1 (flags=f0, serial=2, ttl=900) >> Name=boss, Records=1, Children=0 >> A: 10.20.3.78 (flags=f0, serial=39, ttl=900) >> Name=DomainDnsZones, Records=0, Children=2 >> Name=ForestDnsZones, Records=0, Children=2 >> Name=intelhd, Records=1, Children=0 >> A: 10.20.1.82 (flags=f0, serial=20, ttl=900) >> Name=w7-virt, Records=1, Children=0 >> A: 10.10.10.102 (flags=f0, serial=21, ttl=900) >> > > Hmm, mine look different: > > If I run (on a DC): > > samba-tool dns query 127.0.0.1 samdom.example.com @ SOA > > I get: > > Name=, Records=1, Children=0 > SOA: serial=3658, refresh=900, retry=600, expire=86400, minttl=3600, ns=dc4.samdom.example.com., email=hostmaster.samdom.example.com. (flags=600000f0, serial=3657, ttl=3600) > Name=_sites, Records=0, Children=1 > Name=_tcp, Records=0, Children=5 > Name=_udp, Records=0, Children=2 > Name=EAP-WIN7, Records=0, Children=0 > Name=DomainDnsZones, Records=0, Children=2 > Name=ForestDnsZones, Records=0, Children=2 > Name=EAPDEV-PC, Records=0, Children=0 > Name=DC4, Records=0, Children=0 > Name=................. > ........... > and so on > > The '_msdcs' record isn't there. > There are no 'A' records. > > If I run (again on a DC): > > ldbsearch --cross-ncs --show-binary -H '/var/lib/samba/private/sam.ldb' > -b > 'DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com' > -s sub '(&(objectClass=dnsNode)(DC=@))' > > NOTE: the above should all be on one line. > > I get: > > # record 1 > dn: DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > objectClass: top > objectClass: dnsNode > instanceType: 4 > whenCreated: 20151106115624.0Z > uSNCreated: 4060 > showInAdvancedViewOnly: TRUE > name: @ > objectGUID: 7ad014c4-c1e9-4cb4-9f0d-96d0272af23d > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com > dc: @ > whenChanged: 20190209090653.0Z > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x004f (79) > wType : DNS_TYPE_SOA (6) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000e10 (3600) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037ec99 (3665049) > data : union dnsRecordData(case 6) > soa: struct dnsp_soa > serial : 0x00000e4e (3662) > refresh : 0x00000384 (900) > retry : 0x00000258 (600) > expire : 0x00015180 (86400) > minimum : 0x00000e10 (3600) > mname : dc4.samdom.example.com > rname : hostmaster.samdom.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x001a (26) > wType : DNS_TYPE_NS (2) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037a459 (3646553) > data : union dnsRecordData(case 2) > ns : dc3.samdom.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x001a (26) > wType : DNS_TYPE_NS (2) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037ceba (3657402) > data : union dnsRecordData(case 2) > ns : dc4.samdom.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0004 (4) > wType : DNS_TYPE_A (1) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037a459 (3646553) > data : union dnsRecordData(case 1) > ipv4 : 192.168.0.7 > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0004 (4) > wType : DNS_TYPE_A (1) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037ceba (3657402) > data : union dnsRecordData(case 1) > ipv4 : 192.168.0.6 > > uSNChanged: 402651 > distinguishedName: DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > # returned 1 records > # 1 entries > # 0 referrals > > Rowland >
L.P.H. van Belle
2019-Feb-20 10:17 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
Hai,> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mgr. > Peter Tuharsky via samba > Verzonden: woensdag 20 februari 2019 10:28 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Samba + BIND9 DLZ. DNS dosen't resolve > FQDN, only short hostname > > Well, the mystery is solved. It WAS Avahi, in a way...This is said wrong. ...> Eventhough it was disabled as a daemon, > it still haunted the system by the means of nsswitch.conf > > In the 'hosts' line, the Debian default entry 'mdns4_minimal > [NOTFOUND=return]' does exactly what we don't want - for > .local domains > it asks Avahi and if it dosen't know, it never asks the other > services, > such as dns etc.And wrong is `the domain is .local` Why o why is .local use. That is a reserved name for mDNS (avahi).. Yes. So what happend here is TOTALY CORRECT. Here the problem is you are using .local> > I hope the documentation (Wiki) should be more vocal about that - that > if the domain is .local, the 'dns' entry MUST precede 'mdns4_minimal' > and 'mdns4' entries.Possible yes, but if correctly setup, not needed. And a bit ahead thinking people... Future systems, will mostly use systemd, if we like it or not. Then if systemd is use correctly and you use the systemd-resolvd, you get this. A random new server im setting up, not a samba server, but that not the point, the point is resolving, And what you see in this output. sudo resolvectl ( the defaults ) Global LLMNR setting: yes MulticastDNS setting: yes DNSOverTLS setting: no DNSSEC setting: no DNSSEC supported: no Fallback DNS Servers: 8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844 DNSSEC NTA: 10.in-addr.arpa 16.172.in-addr.arpa 168.192.in-addr.arpa 17.172.in-addr.arpa 18.172.in-addr.arpa 19.172.in-addr.arpa 20.172.in-addr.arpa 21.172.in-addr.arpa 22.172.in-addr.arpa 23.172.in-addr.arpa 24.172.in-addr.arpa 25.172.in-addr.arpa 26.172.in-addr.arpa 27.172.in-addr.arpa 28.172.in-addr.arpa 29.172.in-addr.arpa 30.172.in-addr.arpa 31.172.in-addr.arpa corp d.f.ip6.arpa home internal intranet lan local private test So what you shouldn't be using for samba domains: .corp .home .internal .intranet .lan .local .private .test More ahead, about LLMNR https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution See also.. Network Basic Input/Output System (NetBIOS) Peer Name Resolution Protocol (Pt DNS (mDNS) Zero-configuration networking (Zeroconf) Now mix this and what do you get. Samba + avahi and the use for LLMNR to replace netbios. But is this what you want.. I dont think so. Read : https://www.blackhillsinfosec.com/how-to-disable-llmnr-why-you-want-to/ https://www.crowe.com/cybersecurity-watch/netbios-llmnr-giving-away-credentials https://attack.mitre.org/techniques/T1171/ So why again is it so important to have a perfect dns setup..... So you dont have to use LLMNR or netbios anymore. But if you setup correct, avahi and dns can exist fine on a samba network. But again, this is my personal opinion, not recommended. Greetz, Louis
Possibly Parallel Threads
- Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
- Phantom DNS records visible with dig, but not samba-tool dns
- Authentication to Secondary Domain Controller initially fails when PDC is offline
- Phantom DNS records visible with dig, but not samba-tool dns
- which DNS backend ?