Paul Littlefield
2023-Sep-26 09:08 UTC
[Samba] new DC preparation, nslookup and dig errors
On 25/09/2023 16:25, Rowland Penny via samba wrote:> Whilst anything is possible, if you are trying to connect to the > internal dns server on a machine that isn't yet a DC, then it will time > out, because there isn't a dns server there yet. > > Of course. I may be misunderstanding things here.Maybe :) I am preparing to join a third Linux DC to an existing domain running two Linux DCs, and am following these instructions ... https://wiki.samba.org/index.php/Linux_and_Unix_DNS_Configuration#Resolving_SRV_Records ... so am concerned that there is a "communications error":- "_ldap._tcp.mydomain.com;; communications error to 130.130.0.219#53: timed out" ... which is DC5 trying to get a DNS record from DC4 and failing. If I run the same 'test' from that wiki page on either of the existing 2 Linux DCs which _are_ dns servers for the whole network, it does not show that error. Do you follow me? In other words, I want to sort that error out first before I go trying to join a new DC (which I am only doing to solve the recent security patch!) I have tried Googling it but come up blank. Regards, -- Paul Littlefield
If I understand correctly, you are trying to connect to the dns server in your new DC ? Your new DC is not a DC until you join. If you don?t join you don?t get dns records. Let alone, if samba-ad-dc is not running, dns server is not running - hence the timeout. Try : samba.bigbird.es/doku.php?id=samba:aditional-dc On 26 Sep 2023 at 10:09 +0100, Paul Littlefield via samba <samba at lists.samba.org>, wrote:> On 25/09/2023 16:25, Rowland Penny via samba wrote: > > Whilst anything is possible, if you are trying to connect to the > > internal dns server on a machine that isn't yet a DC, then it will time > > out, because there isn't a dns server there yet. > > > > Of course. I may be misunderstanding things here. > > > Maybe :) > > I am preparing to join a third Linux DC to an existing domain running two Linux DCs, and am following these instructions ... > > https://wiki.samba.org/index.php/Linux_and_Unix_DNS_Configuration#Resolving_SRV_Records > > ... so am concerned that there is a "communications error":- > > "_ldap._tcp.mydomain.com;; communications error to 130.130.0.219#53: timed out" > > ... which is DC5 trying to get a DNS record from DC4 and failing. > > If I run the same 'test' from that wiki page on either of the existing 2 Linux DCs which _are_ dns servers for the whole network, it does not show that error. > > Do you follow me? > > In other words, I want to sort that error out first before I go trying to join a new DC (which I am only doing to solve the recent security patch!) > > I have tried Googling it but come up blank. > > Regards, > > -- > > Paul Littlefield > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Tue, 26 Sep 2023 09:08:29 +0000 Paul Littlefield via samba <samba at lists.samba.org> wrote:> On 25/09/2023 16:25, Rowland Penny via samba wrote: > > Whilst anything is possible, if you are trying to connect to the > > internal dns server on a machine that isn't yet a DC, then it will > > time out, because there isn't a dns server there yet. > > > > Of course. I may be misunderstanding things here. > > > Maybe :) > > I am preparing to join a third Linux DC to an existing domain running > two Linux DCs, and am following these instructions ... > > https://wiki.samba.org/index.php/Linux_and_Unix_DNS_Configuration#Resolving_SRV_Records > > ... so am concerned that there is a "communications error":- > > "_ldap._tcp.mydomain.com;; communications error to 130.130.0.219#53: > timed out" > > ... which is DC5 trying to get a DNS record from DC4 and failing. > > If I run the same 'test' from that wiki page on either of the > existing 2 Linux DCs which _are_ dns servers for the whole network, > it does not show that error. > > Do you follow me? > > In other words, I want to sort that error out first before I go > trying to join a new DC (which I am only doing to solve the recent > security patch!) > > I have tried Googling it but come up blank. > > Regards, >OK, I think I understand what is going on. You are following this wiki page: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory You have got to the heading 'Configuring DNS' and the first line under that heading sends you to another wiki page, did you read the two blue boxes below the link ? Also the wiki page you are sent to, could be a bit clearer. Rowland