On 28/02/2021 20:30, K. R. Foley wrote:> > Contents of /etc/named.conf > > # Global Configuration Options > options { > > ??? # Forward queries that can not be answered from own zones > ??? # to these DNS servers: > #??? forwarders { > #??????? 8.8.8.8; > #??????? 8.8.4.4; > #??? }; >Are your clients using something else for their nameserver and if so, what ? If there is another nameserver is this forwarding the AD dns domain to the DC ? If none of the above applies and you want your clients to have internet access, uncomment the 'forwarders' lines. This is Centos, so is Selinux enabled ? Rowland
On 2/28/21 2:52 PM, Rowland penny via samba wrote:> On 28/02/2021 20:30, K. R. Foley wrote: >> >> Contents of /etc/named.conf >> >> # Global Configuration Options >> options { >> >> ??? # Forward queries that can not be answered from own zones >> ??? # to these DNS servers: >> #??? forwarders { >> #??????? 8.8.8.8; >> #??????? 8.8.4.4; >> #??? }; >> > > Are your clients using something else for their nameserver and if so, > what ?No. Currently only this server so I can control everything.> > If there is another nameserver is this forwarding the AD dns domain to > the DC ? > > If none of the above applies and you want your clients to have > internet access, uncomment the 'forwarders' lines.The client already has access to the internet. The name server on this server acts as a caching name server and resolves names itself. That is why I have the forwarders disabled. Just as a test to make sure this isn't part of the problem I uncommented the forwarders and retested. No change.> > This is Centos, so is Selinux enabled ?No. Disabled.> > Rowland > > > >
On 28/02/2021 21:23, K. R. Foley wrote:> > On 2/28/21 2:52 PM, Rowland penny via samba wrote: >> On 28/02/2021 20:30, K. R. Foley wrote: >>> >>> Contents of /etc/named.conf >>> >>> # Global Configuration Options >>> options { >>> >>> ??? # Forward queries that can not be answered from own zones >>> ??? # to these DNS servers: >>> #??? forwarders { >>> #??????? 8.8.8.8; >>> #??????? 8.8.4.4; >>> #??? }; >>> >> >> Are your clients using something else for their nameserver and if so, >> what ? > No. Currently only this server so I can control everything. >> >> If there is another nameserver is this forwarding the AD dns domain >> to the DC ? >> >> If none of the above applies and you want your clients to have >> internet access, uncomment the 'forwarders' lines. > > The client already has access to the internet. The name server on this > server acts as a caching name server and resolves names itself. That > is why I have the forwarders disabled.Your DC must be authoritative for the AD dns domain and whilst your clients can use another dns server as a caching name server, the caching name server must forward anything? for your AD dns domain to a DC. Rowland