Thank you, Robert You understood my waiting. What is about if I add nameserver line to resolve.conf like this nameserver ThisSambaDcIp nameserver 8.8.8.8 and samba dns returns negative answer? Algorithm the same? Second line will never be used? On Wed, 31 Mar 2021 at 20:24, Robert Marcano via samba < samba at lists.samba.org> wrote:> On 3/31/21 12:02 PM, Yakov Revyakin via samba wrote: > > Hi all, > > Could you help me to understand why my setting for Dns Forwarder doesn't > > work as waiting? > > I have: > > dns forwarder = 8.8.8.8 11.0.0.3 > > > > This way I can resolve names of samba domain as well as internet names, > but > > I can't get resolved names from 11.0.0.3 external AD domain. > > > > I thought that google dns is recursive. Any explanation on? > > If I understand correctly, you expect responses from both forwarders. > That isn't how forwarding works. It ask one of them and get a response. > Positive or negative, it will be the only response to the client. You > can put more than one there for redundancy. > > If you expect a response from 11.0.0.3, when the server first asked > 8.8.8.8, if it get a negative response, 11.0.0.3 will not be asked, it > will only if there is a problem (timeout for example) using 8.8.8.8 > > > > > Thanks, > > J > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
We suggest pointing your clients at another DNS server, which knows about all the things you care about, both Samba and otherwise. If using BIND9 I would set up zones of type 'forward' for this purpose, then set the generic forwarder to upstream 8.8.8.8 if you want to use Google. https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Recommended_Arc hitecture Andrew Bartlett On Wed, 2021-03-31 at 23:24 +0300, Yakov Revyakin via samba wrote:> Thank you, Robert > You understood my waiting. > > What is about if I add nameserver line to resolve.conf like this > > nameserver ThisSambaDcIp > nameserver 8.8.8.8 > > and samba dns returns negative answer? Algorithm the same? Second > line will > never be used? > > > > > On Wed, 31 Mar 2021 at 20:24, Robert Marcano via samba < > samba at lists.samba.org> wrote: > > > On 3/31/21 12:02 PM, Yakov Revyakin via samba wrote: > > > Hi all, > > > Could you help me to understand why my setting for Dns Forwarder > > > doesn't > > > work as waiting? > > > I have: > > > dns forwarder = 8.8.8.8 11.0.0.3 > > > > > > This way I can resolve names of samba domain as well as internet > > > names, > > but > > > I can't get resolved names from 11.0.0.3 external AD domain. > > > > > > I thought that google dns is recursive. Any explanation on? > > > > If I understand correctly, you expect responses from both > > forwarders. > > That isn't how forwarding works. It ask one of them and get a > > response. > > Positive or negative, it will be the only response to the client. > > You > > can put more than one there for redundancy. > > > > If you expect a response from 11.0.0.3, when the server first asked > > 8.8.8.8, if it get a negative response, 11.0.0.3 will not be asked, > > it > > will only if there is a problem (timeout for example) using 8.8.8.8 > > > > > Thanks, > > > J > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > >-- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions
In your `/etc/resolv.conf` file working with AD, you want only your DCs listed. If you have multiple DCs (i.e. dc1 and dc2), you want the other one listed first, then itself. For example: DC1 = 10.1.0.1 / DC2 = 10.1.0.2 root at dc1: cat /etc/resolv.conf nameserver 10.1.0.2 nameserver 10.1.0.1 root at dc2: cat /etc/resolv.conf nameserver 10.1.0.1 nameserver 10.1.0.2 If your DC name servers can't resolve the name, then *they* should be the ones to forward the request on. On Wed, Mar 31, 2021 at 1:25 PM Yakov Revyakin via samba < samba at lists.samba.org> wrote:> Thank you, Robert > You understood my waiting. > > What is about if I add nameserver line to resolve.conf like this > > nameserver ThisSambaDcIp > nameserver 8.8.8.8 > > and samba dns returns negative answer? Algorithm the same? Second line will > never be used? > > > > > On Wed, 31 Mar 2021 at 20:24, Robert Marcano via samba < > samba at lists.samba.org> wrote: > > > On 3/31/21 12:02 PM, Yakov Revyakin via samba wrote: > > > Hi all, > > > Could you help me to understand why my setting for Dns Forwarder > doesn't > > > work as waiting? > > > I have: > > > dns forwarder = 8.8.8.8 11.0.0.3 > > > > > > This way I can resolve names of samba domain as well as internet names, > > but > > > I can't get resolved names from 11.0.0.3 external AD domain. > > > > > > I thought that google dns is recursive. Any explanation on? > > > > If I understand correctly, you expect responses from both forwarders. > > That isn't how forwarding works. It ask one of them and get a response. > > Positive or negative, it will be the only response to the client. You > > can put more than one there for redundancy. > > > > If you expect a response from 11.0.0.3, when the server first asked > > 8.8.8.8, if it get a negative response, 11.0.0.3 will not be asked, it > > will only if there is a problem (timeout for example) using 8.8.8.8 > > > > > > > > Thanks, > > > J > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >