samba - Aug 2020 - Samba DNS fails when queried with nslookup commands

Hello,

 ???? Having issues with a DC not responding to DNS requests. OS is 
Ubuntu 18.04.4 LTS. Samba version 4.12.2 compiled from source. Checking 
to see what is listening on port 53 reports;

@soldc4:~# netstat -tulpn | grep ":53"
tcp??????? 0????? 0 127.0.0.53:53 0.0.0.0:*?????????????? LISTEN????? 
2935/systemd-resolv
tcp6?????? 0????? 0 :::53 :::*??????????????????? LISTEN????? 
2694/samba: task[dn
udp??????? 0????? 0 127.0.0.53:53 0.0.0.0:*?????????????????????????? 
2935/systemd-resolv
udp6?????? 0????? 0 :::53 :::*??????????????????????????????? 
2694/samba: task[dn


How do I disable systemd-resolve and ensure only samba is listening on 
port 53 for DNS requests?? You can see below nslookup succeeds when 
querying another server in the network but fails on this one.

root at soldc4:~# nslookup google.com soldc1
Server:???????? soldc1
Address:??????? 172.16.23.28#53

Non-authoritative answer:
Name:?? google.com
Address: 172.217.7.238
Name:?? google.com
Address: 2607:f8b0:4004:806::200e

root at soldc4:~# nslookup google.com soldc4
;; connection timed out; no servers could be reached


Thanks in advance for any help.

-James

On 12/08/2020 21:49, James Atwell via samba wrote:
> Hello,
>
> ???? Having issues with a DC not responding to DNS requests. OS is 
> Ubuntu 18.04.4 LTS. Samba version 4.12.2 compiled from source. 
> Checking to see what is listening on port 53 reports;
>
> @soldc4:~# netstat -tulpn | grep ":53"
> tcp??????? 0????? 0 127.0.0.53:53 0.0.0.0:* LISTEN????? 
> 2935/systemd-resolv
> tcp6?????? 0????? 0 :::53 :::*??????????????????? LISTEN 2694/samba: 
> task[dn
> udp??????? 0????? 0 127.0.0.53:53 0.0.0.0:*?????????????????????????? 
> 2935/systemd-resolv
> udp6?????? 0????? 0 :::53 :::* 2694/samba: task[dn
>
>
> How do I disable systemd-resolve and ensure only samba is listening on 
> port 53 for DNS requests?? You can see below nslookup succeeds when 
> querying another server in the network but fails on this one.
>
> root at soldc4:~# nslookup google.com soldc1
> Server:???????? soldc1
> Address:??????? 172.16.23.28#53
>
> Non-authoritative answer:
> Name:?? google.com
> Address: 172.217.7.238
> Name:?? google.com
> Address: 2607:f8b0:4004:806::200e
>
> root at soldc4:~# nslookup google.com soldc4
> ;; connection timed out; no servers could be reached
>
Last time I set up a DC on 18.04 I did this:

sudo systemctl stop systemd-resolved
sudo systemctl disable systemd-resolved.service

Rowland

Hai,

Only the forwarder is running in this systemd setup. 
This :  127.0.0.53:53 does NOT conflict with normaly resolv.conf setting
Because samba or any dns server does not run on 127.0.0.53  
Dont make the mistake to see this for : 127.0.0.1 

Please show : 
/etc/hosts 
/etc/resolv.conf 

Depending on which one your using:

/etc/network/interfaces and/or 


/etc/netplan/01-netcfg.yaml 
/etc/systemd/network/..  Output of all files in this folder. 
/etc/systemd/resolved.conf 

On one (or more)  of these files is a misconfiguration. 

Greetz, 

Louis
 
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: donderdag 13 augustus 2020 8:19
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba DNS fails when queried with 
> nslookup commands
> 
> On 12/08/2020 21:49, James Atwell via samba wrote:
> > Hello,
> >
> > ???? Having issues with a DC not responding to DNS requests. OS is 
> > Ubuntu 18.04.4 LTS. Samba version 4.12.2 compiled from source. 
> > Checking to see what is listening on port 53 reports;
> >
> > @soldc4:~# netstat -tulpn | grep ":53"
> > tcp??????? 0????? 0 127.0.0.53:53 0.0.0.0:* LISTEN????? 
> > 2935/systemd-resolv
> > tcp6?????? 0????? 0 :::53 :::*??????????????????? LISTEN 
> 2694/samba: 
> > task[dn
> > udp??????? 0????? 0 127.0.0.53:53 0.0.0.0:*?????????????????
> ????????? 
> > 2935/systemd-resolv
> > udp6?????? 0????? 0 :::53 :::* 2694/samba: task[dn
> >
> >
> > How do I disable systemd-resolve and ensure only samba is 
> listening on 
> > port 53 for DNS requests?? You can see below nslookup succeeds when 
> > querying another server in the network but fails on this one.
> >
> > root at soldc4:~# nslookup google.com soldc1
> > Server:???????? soldc1
> > Address:??????? 172.16.23.28#53
> >
> > Non-authoritative answer:
> > Name:?? google.com
> > Address: 172.217.7.238
> > Name:?? google.com
> > Address: 2607:f8b0:4004:806::200e
> >
> > root at soldc4:~# nslookup google.com soldc4
> > ;; connection timed out; no servers could be reached
> >
> Last time I set up a DC on 18.04 I did this:
> 
> sudo systemctl stop systemd-resolved
> sudo systemctl disable systemd-resolved.service
> 
> Rowland
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

On 13/08/2020 08:19, L.P.H. van Belle via samba wrote:
> Hai,
>
> Only the forwarder is running in this systemd setup.
> This :  127.0.0.53:53 does NOT conflict with normaly resolv.conf setting
> Because samba or any dns server does not run on 127.0.0.53
> Dont make the mistake to see this for : 127.0.0.1
Problem with that is (and it is what myself and Louis fall out over), 
this is a DC and, in my opinion, there shouldn't be anything between the 
client and DC. Turning off systemd-resolved is probably a good idea, but 
Louis is correct, Samba apparently isn't listening on IPv4_address:53

Might be an idea to see the smb.conf and resolv.conf from the DC.

Rowland

Hi Rowland, 

Thats not the point here, if this is a AD-DC or not.. ;-) 
I'll explain. 

This is about, how DNS requests are done on the system and accepted by the
"dns service"
You can install unlimited DNS servers on the AD-DC and chain them, but wize..
No offcourse not. :-) Turning off systemd-resolved is probably a good idea, yes,
it is.
But it does not harm if its on as long as the DNS settings are done correctly. 

Below is a path to follow to find and know where to look to fix resolving
problems.
Keep these 2 (*3) in mind. 
A "client : dns request" think in CLI commands. 
A "client : dns service" think in a PC => IP:53 DNS requests.
(*also not included here, IPv6 .. And ipv6 prefers over IPv4 if both are
set/used.)

First, 
His resolv.conf or the assigned DNS server in the network setting is simply
wrong.
*(there is/was a know bug related to DNS in : /etc/netplan/01-netcfg.yaml  For
example.
*( which is adressed, in the manual i have online.
Biggest chance this is the problem. Non DNS is set in the netconf.yaml. 
If netplan is used (default on ubuntu) 
editor /etc/netplan/01-netcfg.yaml 
netplan --debug generate
And check again. 

Second, 
Even if systemd-resolved is running it only runs on and with setting : 
127.0.0.51:53
No other DNS server is running on that adress and port. 
If above (1) is correct, then this points to errors in /etc/resolv.conf 
Most probley the first DNS nameserver in resolv.conf is set to 127.0.0.51:53 
* do note, you might have a symlinked resolv.conf, which is fine but the setup
must be correctly done.
Think in : Which program is filling the symlinked resolv.conf? Then that where
it needs fixing.

Thirth, (most important) 
This is how a client and server its DNS request are done. 
Per example, ON the AD-DC, running on cli host/nslookup etc. is a
"client" DNS request.
This uses /etc/resolv.conf and the path is should follow.

If a pc contacts the DC-DNS it just connects to the server DNS at IP:53 
No resolv.conf is involved here, its just quering the DNS itself. A
"client(pc)" 2 "DNS service (ip:port)" request.
This points to (if systemd networking is used) its network config files. 
It also 'might' hit incorrect resolv.conf here. 

Can you use systemd-resolved on an AD-DC, yes, you can, wize, thats an other
question.
Why "would" we use it. If you do lots of scripting and resolving from
CLI, then it can be used.
But chaining the DNS resolving must be perfectly set. 

nslookup hostname  # if failes, ip dns servers to check and search/domain in
resolv.conf
nslookup hostname.fqdn  # if failes, ip dns servers to check in resolv.conf 
	(or where these are set, like 01-netcfg.yaml or systemd-networkd folder/files )
nslookup hostname.fqdn @hostname.fqdn 
  # if fails, firewall if dns is external queried. Fix firewall.
  # if fails, dns is intern queried. (ad-dns) not running fix internal DNS, or
wrong IP.
Verify /etc/hosts and DNS A/PTR records. 
Verify if any DNS is running and on this ip/port. 

A) nslookup hostname.fqdn @ip-AD-DNS 
B) nslookup hostname.fqdn @ip-any-internet DNS (test 1.1.1.1 and 8.8.8.8) 
a) fails, DNS not running on AD-DC. 
b) fails, a firewall is blocking your requests. 

I hope this helps othere also in howto find/detect where the error is make. 
Offcourse there are more ways to test, above is a guidance.. 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: donderdag 13 augustus 2020 9:35
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba DNS fails when queried with 
> nslookup commands
> 
> On 13/08/2020 08:19, L.P.H. van Belle via samba wrote:
> > Hai,
> >
> > Only the forwarder is running in this systemd setup.
> > This :  127.0.0.53:53 does NOT conflict with normaly 
> resolv.conf setting
> > Because samba or any dns server does not run on 127.0.0.53
> > Dont make the mistake to see this for : 127.0.0.1
> Problem with that is (and it is what myself and Louis fall out over), 
> this is a DC and, in my opinion, there shouldn't be anything 
> between the 
> client and DC. Turning off systemd-resolved is probably a 
> good idea, but 
> Louis is correct, Samba apparently isn't listening on IPv4_address:53
> 
> Might be an idea to see the smb.conf and resolv.conf from the DC.
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Hi Louis and Rowland,

 ?????? Thanks for the help. Below is the information requested before I 
change anything.

nameserver 172.16.23.30
nameserver 172.16.23.28
nameserver 127.0.0.53
search domain.local? (I know)


@soldc4:~$ cat /etc/hosts
127.0.0.1 localhost
#127.0.1.1 soldc4
172.16.23.30??? soldc4.domain.local?????? soldc4

# The following lines are desirable for IPv6 capable hosts
::1???? ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


@soldc4:~$ cat /etc/network/interfaces
# ifupdown has been replaced by netplan(5) on this system.? See
# /etc/netplan for current configuration.
# To re-enable ifupdown on this system, you can run:
#??? sudo apt install ifupdown


@soldc4:~$ cat /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by
# the datasource.? Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
 ??? ethernets:
 ??????? enp0s3:
 ??????????? addresses: [172.16.23.30/24]
 ??????????? gateway4: 172.16.23.201
 ??????????? dhcp4: no
 ??????????? nameservers:
 ??????????????????? addresses: [172.16.23.30,172.16.23.28]
 ??????????????????? search: [domain.local]

 ??? version: 2


@soldc4:~$ ls -la /etc/systemd/network/
total 8
drwxr-xr-x 2 root root 4096 Apr 20? 2018 .
drwxr-xr-x 5 root root 4096 Jun 29 09:54 ..


@soldc4:~$ cat /etc/systemd/resolved.conf
#? This file is part of systemd.
#
#? systemd is free software; you can redistribute it and/or modify it
#? under the terms of the GNU Lesser General Public License as published by
#? the Free Software Foundation; either version 2.1 of the License, or
#? (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See resolved.conf(5) for details

[Resolve]
#DNS#FallbackDNS#Domains#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#Cache=yes
#DNSStubListener=yes


1 at soldc4:~$ cat /usr/local/samba/etc/smb.conf
# Global parameters
[global]
 ??????? netbios name = SOLDC4
 ??????? realm = DOMAIN.LOCAL
 ??????? server role = active directory domain controller
 ??????? workgroup = DOMAIN
 ??????? dns forwarder = 75.75.75.75 208.67.222.222
 ??????? idmap_ldb:use rfc2307 = Yes

 ??????? log file = /usr/local/samba/var/log.samba
 ??????? log level = 1 auth_audit:3 auth_json_audit:3
 ??????? debug timestamp = Yes
 ??????? debug uid = Yes
 ??????? debug pid = Yes

 ??????? ldap server require strong auth = no


[sysvol]
 ??????? path = /usr/local/samba/var/locks/sysvol
 ??????? read only = No

[netlogon]
 ??????? path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
 ??????? read only = No


Thanks again for any help.

On 8/13/2020 3:19 AM, L.P.H. van Belle via samba wrote:
> Hai,
>
> Only the forwarder is running in this systemd setup.
> This :  127.0.0.53:53 does NOT conflict with normaly resolv.conf setting
> Because samba or any dns server does not run on 127.0.0.53
> Dont make the mistake to see this for : 127.0.0.1
>
> Please show :
> /etc/hosts
> /etc/resolv.conf
>
> Depending on which one your using:
>
> /etc/network/interfaces and/or
>
>
> /etc/netplan/01-netcfg.yaml
> /etc/systemd/network/..  Output of all files in this folder.
> /etc/systemd/resolved.conf
>
> On one (or more)  of these files is a misconfiguration.
>
> Greetz,
>
> Louis
>   
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Rowland penny via samba
>> Verzonden: donderdag 13 augustus 2020 8:19
>> Aan: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Samba DNS fails when queried with
>> nslookup commands
>>
>> On 12/08/2020 21:49, James Atwell via samba wrote:
>>> Hello,
>>>
>>>  ???? Having issues with a DC not responding to DNS requests. OS is
>>> Ubuntu 18.04.4 LTS. Samba version 4.12.2 compiled from source.
>>> Checking to see what is listening on port 53 reports;
>>>
>>> @soldc4:~# netstat -tulpn | grep ":53"
>>> tcp??????? 0????? 0 127.0.0.53:53 0.0.0.0:* LISTEN
>>> 2935/systemd-resolv
>>> tcp6?????? 0????? 0 :::53 :::*??????????????????? LISTEN
>> 2694/samba:
>>> task[dn
>>> udp??????? 0????? 0 127.0.0.53:53 0.0.0.0:*
>>            
>>> 2935/systemd-resolv
>>> udp6?????? 0????? 0 :::53 :::* 2694/samba: task[dn
>>>
>>>
>>> How do I disable systemd-resolve and ensure only samba is
>> listening on
>>> port 53 for DNS requests?? You can see below nslookup succeeds when
>>> querying another server in the network but fails on this one.
>>>
>>> root at soldc4:~# nslookup google.com soldc1
>>> Server:???????? soldc1
>>> Address:??????? 172.16.23.28#53
>>>
>>> Non-authoritative answer:
>>> Name:?? google.com
>>> Address: 172.217.7.238
>>> Name:?? google.com
>>> Address: 2607:f8b0:4004:806::200e
>>>
>>> root at soldc4:~# nslookup google.com soldc4
>>> ;; connection timed out; no servers could be reached
>>>
>> Last time I set up a DC on 18.04 I did this:
>>
>> sudo systemctl stop systemd-resolved
>> sudo systemctl disable systemd-resolved.service
>>
>> Rowland
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>

Hai James, 

Thanks, thats exactly what we needed. 
I'll comment below. 

> -----Oorspronkelijk bericht-----
> Van: James Atwell [mailto:james.atwell365 at gmail.com] 
> Verzonden: donderdag 13 augustus 2020 14:46
> Aan: samba at lists.samba.org
> CC: L.P.H. van Belle
> Onderwerp: Re: [Samba] Samba DNS fails when queried with 
> nslookup commands
> 
> Hi Louis and Rowland,
> 
>  ?????? Thanks for the help. Below is the information 
> requested before I change anything.
> 
> nameserver 172.16.23.30	
> nameserver 172.16.23.28	
> nameserver 127.0.0.53		< or on top or remove.. 
Now its never used. Best. Remove it. 

  And if its used, then its because the 2 above are failing 
  and 127.0.0.53 most probely will query them or root servers on the internet. 
  Resulting in both will fail.. 
> search domain.local? (I know)
At least you know ;-) 

> 
> 
> @soldc4:~$ cat /etc/hosts
> 127.0.0.1 localhost
> #127.0.1.1 soldc4		# you can remove this line. 
> 172.16.23.30??? soldc4.domain.local?????? soldc4
> 
> # The following lines are desirable for IPv6 capable hosts
> ::1???? ip6-localhost ip6-loopback  # re-add localhost i front.  
  ::1???? localhost ip6-localhost ip6-loopback 
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
Because some internal service do run in ::1 
this is fine. 

This.. 
> #127.0.1.1 soldc4		# you can remove this line.  
Verify the DNS A and PTR for the servername. 
If this was there at startup, then this might be the source of your problems. 


> 
> 
> @soldc4:~$ cat /etc/network/interfaces
> # ifupdown has been replaced by netplan(5) on this system.? See
> # /etc/netplan for current configuration.
> # To re-enable ifupdown on this system, you can run:
> #??? sudo apt install ifupdown
> 
> 
> @soldc4:~$ cat /etc/netplan/50-cloud-init.yaml
> # This file is generated from information provided by
> # the datasource.? Changes to it will not persist across an instance.
> # To disable cloud-init's network configuration capabilities, 
> write a file
> # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with 
> the following:
> # network: {config: disabled}
> network:
>  ??? ethernets:
>  ??????? enp0s3:
>  ??????????? addresses: [172.16.23.30/24]
>  ??????????? gateway4: 172.16.23.201
>  ??????????? dhcp4: no
>  ??????????? nameservers:
>  ??????????????????? addresses: [172.16.23.30,172.16.23.28]
>  ??????????????????? search: [domain.local]
> 
>  ??? version: 2
> 
Great that looks fine. 
Not using : /etc/netplan/01-netcfg.yaml ? 
That ok if not.. 
> 
> @soldc4:~$ ls -la /etc/systemd/network/
> total 8
> drwxr-xr-x 2 root root 4096 Apr 20? 2018 .
> drwxr-xr-x 5 root root 4096 Jun 29 09:54 ..
> 
> 
> @soldc4:~$ cat /etc/systemd/resolved.conf
> #? This file is part of systemd.
> #
> #? systemd is free software; you can redistribute it and/or modify it
> #? under the terms of the GNU Lesser General Public License 
> as published by
> #? the Free Software Foundation; either version 2.1 of the License, or
> #? (at your option) any later version.
> #
> # Entries in this file show the compile time defaults.
> # You can change settings by editing this file.
> # Defaults can be restored by simply deleting this file.
> #
> # See resolved.conf(5) for details
> 
> [Resolve]
> #DNS> #FallbackDNS> #Domains> #LLMNR=no
> #MulticastDNS=no
> #DNSSEC=no
> #Cache=yes
> #DNSStubListener=yes
> 
> 
> 1 at soldc4:~$ cat /usr/local/samba/etc/smb.conf
> # Global parameters
> [global]
>  ??????? netbios name = SOLDC4
>  ??????? realm = DOMAIN.LOCAL
>  ??????? server role = active directory domain controller
>  ??????? workgroup = DOMAIN
>  ??????? dns forwarder = 75.75.75.75 208.67.222.222
>  ??????? idmap_ldb:use rfc2307 = Yes
> 
>  ??????? log file = /usr/local/samba/var/log.samba
>  ??????? log level = 1 auth_audit:3 auth_json_audit:3
>  ??????? debug timestamp = Yes
>  ??????? debug uid = Yes
>  ??????? debug pid = Yes
> 
>  ??????? ldap server require strong auth = no
> 
> 
> [sysvol]
>  ??????? path = /usr/local/samba/var/locks/sysvol
>  ??????? read only = No
> 
> [netlogon]
>  ??????? path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
>  ??????? read only = No
> 
> 
> Thanks again for any help.
Remove the DNS forwarders in smb.conf 
Reboot
Test again. 
Then if it now works. Re-add the dns forwarders. 


Beside the few points your config look fine. 
Im guessing the hostname was set to 127.0.1.1 when you started the ad-dc for the
first time.

Greetz, 

Louis


> 
> On 8/13/2020 3:19 AM, L.P.H. van Belle via samba wrote:
> > Hai,
> >
> > Only the forwarder is running in this systemd setup.
> > This :  127.0.0.53:53 does NOT conflict with normaly 
> resolv.conf setting
> > Because samba or any dns server does not run on 127.0.0.53
> > Dont make the mistake to see this for : 127.0.0.1
> >
> > Please show :
> > /etc/hosts
> > /etc/resolv.conf
> >
> > Depending on which one your using:
> >
> > /etc/network/interfaces and/or
> >
> >
> > /etc/netplan/01-netcfg.yaml
> > /etc/systemd/network/..  Output of all files in this folder.
> > /etc/systemd/resolved.conf
> >
> > On one (or more)  of these files is a misconfiguration.
> >
> > Greetz,
> >
> > Louis
> >   
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> >> Rowland penny via samba
> >> Verzonden: donderdag 13 augustus 2020 8:19
> >> Aan: samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Samba DNS fails when queried with
> >> nslookup commands
> >>
> >> On 12/08/2020 21:49, James Atwell via samba wrote:
> >>> Hello,
> >>>
> >>>  ???? Having issues with a DC not responding to DNS 
> requests. OS is
> >>> Ubuntu 18.04.4 LTS. Samba version 4.12.2 compiled from source.
> >>> Checking to see what is listening on port 53 reports;
> >>>
> >>> @soldc4:~# netstat -tulpn | grep ":53"
> >>> tcp??????? 0????? 0 127.0.0.53:53 0.0.0.0:* LISTEN
> >>> 2935/systemd-resolv
> >>> tcp6?????? 0????? 0 :::53 :::*??????????????????? LISTEN
> >> 2694/samba:
> >>> task[dn
> >>> udp??????? 0????? 0 127.0.0.53:53 0.0.0.0:*
> >>            
> >>> 2935/systemd-resolv
> >>> udp6?????? 0????? 0 :::53 :::* 2694/samba: task[dn
> >>>
> >>>
> >>> How do I disable systemd-resolve and ensure only samba is
> >> listening on
> >>> port 53 for DNS requests?? You can see below nslookup 
> succeeds when
> >>> querying another server in the network but fails on this one.
> >>>
> >>> root at soldc4:~# nslookup google.com soldc1
> >>> Server:???????? soldc1
> >>> Address:??????? 172.16.23.28#53
> >>>
> >>> Non-authoritative answer:
> >>> Name:?? google.com
> >>> Address: 172.217.7.238
> >>> Name:?? google.com
> >>> Address: 2607:f8b0:4004:806::200e
> >>>
> >>> root at soldc4:~# nslookup google.com soldc4
> >>> ;; connection timed out; no servers could be reached
> >>>
> >> Last time I set up a DC on 18.04 I did this:
> >>
> >> sudo systemctl stop systemd-resolved
> >> sudo systemctl disable systemd-resolved.service
> >>
> >> Rowland
> >>
> >>
> >> -- 
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> >>
> >
> 
>

Hello list, I have noticed a problem in my domain for some time, it is normal
that any user can put a pc to the domain ?????. That is, normally that should
not be put by a user with administrative privilege .. ?????. What can you say to
me.
Version 4.12.5