samba - Jan 2021 - How to Properly Configure Samba's Internal DNS

I have what though was a working Samba4 AD setup.
However, in trying to troubleshoot a user's issues while
connecting via a VPN, I begun to question if DNS
is properly setup up.

Each linux server has the following entries in
resolv.conf:

search ad-domain.company.com
nameserver ip-of-FSMO-server

Each linux server has a hosts file with an entry:

unique-ip-address  machine#.ad-doamin.company.com machine#

However, if I do nnslookup -> set type=SRV -> 
_ldap._tcp.ad-domain.company.com.

instead of getting the results shown here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Resolving_SRV_Records

I get:

Server:         ip-of-FSMO-server
Address:        ip-of-FSMO-server#53

_ldap._tcp.ad-domain.company.com       service = 0 100 389 
machine1.ad-domain.company.com.
_ldap._tcp.ad-domain.company.com       service = 0 100 389 
machine1.ad-domain.company.com.

Further, if I try pinging hostnames on the FSMO-server, I only get 
positive
results on 3 of 4 of my servers:

ping ad-domain.company.com -> success

ping machine1.ad-domain.company.com -> success
ping machine2.ad-domain.company.com -> success
ping machine3.ad-domain.company.com -> success
ping machine4 -> fails with unknown host

ping machine1 -> success
ping machine2 -> success
ping machine3 -> success
ping machine4 -> fails with unknown host

If I try the same from "machine4", it all returns positive results.
As far as I can tell, hosts, resolve.conf is correct on all four 
machines.

Not sure where the configuration error is & after much googling,
I'm not sure where to even start looking.

Any ideas?  Thank You.

On 30/01/2021 13:48, Marco Shmerykowsky via samba wrote:
> I have what though was a working Samba4 AD setup.
> However, in trying to troubleshoot a user's issues while
> connecting via a VPN, I begun to question if DNS
> is properly setup up.
>
> Each linux server has the following entries in
> resolv.conf:

What do mean by 'linux server' ? are you referring to a Unix domain 
member or a Samba AD DC ?
>
> search ad-domain.company.com
> nameserver ip-of-FSMO-server
I would list all Samba AD DC's on the Unix domain members and set each 
DC to use itself.
>
> Each linux server has a hosts file with an entry:
>
> unique-ip-address? machine#.ad-doamin.company.com machine#
>
> However, if I do nnslookup -> set type=SRV -> 
> _ldap._tcp.ad-domain.company.com.
>
> instead of getting the results shown here:
>
>
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Resolving_SRV_Records
>
>
> I get:
>
> Server:???????? ip-of-FSMO-server
> Address:??????? ip-of-FSMO-server#53
>
> _ldap._tcp.ad-domain.company.com?????? service = 0 100 389 
> machine1.ad-domain.company.com.
> _ldap._tcp.ad-domain.company.com?????? service = 0 100 389 
> machine1.ad-domain.company.com.

I get something similar, only my difference is that mine lists both of 
my DC's, yours should list all your DC's
>
> Further, if I try pinging hostnames on the FSMO-server, I only get 
> positive
> results on 3 of 4 of my servers:
>
> ping ad-domain.company.com -> success
>
> ping machine1.ad-domain.company.com -> success
> ping machine2.ad-domain.company.com -> success
> ping machine3.ad-domain.company.com -> success
> ping machine4 -> fails with unknown host

They should all work, you seem to have dns problems.

Rowland