samba - May 2008 - name resolves to public address - should resolve to private...

On my network I have one Samba PDC (Version 3.0.28 running on FreeBSD
6.3-PRERELEASE), one mail server (FreeBSD + Dovecot + Postfix) and a
dozen or so WinXP/Win2K machines. The WinXP/Win2K machines all have
static IP addresses.

The Windows clients are configured to look up the Samba PDC machine for
both DNS and WINS. The Windows clients seem to be able to find other
machines as well as the PDC:

Z:\>ping pilot-ws

Pinging pilot-ws [10.10.10.34] with 32 bytes of data:

Reply from 10.10.10.34: bytes=32 time<1ms TTL=128
Reply from 10.10.10.34: bytes=32 time<1ms TTL=128
Reply from 10.10.10.34: bytes=32 time<1ms TTL=128
Reply from 10.10.10.34: bytes=32 time<1ms TTL=128

The Windows clients can also find the mail server:

Z:\>ping mail

Pinging mail [10.10.10.253] with 32 bytes of data:

Reply from 10.10.10.253: bytes=32 time<1ms TTL=64
Reply from 10.10.10.253: bytes=32 time<1ms TTL=64
Reply from 10.10.10.253: bytes=32 time<1ms TTL=64
Reply from 10.10.10.253: bytes=32 time<1ms TTL=64

But, the Windows clients resolve the FQDN of the mail server to the
public IP address:

Z:\>ping mail.mycustomer.com

Pinging mail.mycustomer.com [aaa.bbb.ccc.ddd] with 32 bytes of data:

Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=64
Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=64
Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=64
Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=64

What I want is that the Windows machines resolve both mail and
mail.mycustomer.com to 10.10.10.253.

On the Samba PDC machine in /etc/hosts I have:

10.10.10.253    mail.mycustomer.com  mail

and the Samba PDC machine resolves mail.mycustomer.com to 10.10.10.253.

In smb.conf I have:

    wins support = Yes
    dns proxy = No
    name resolve order = wins host lmhosts broadcast

I would very much appreciate your insight...

run a separate BIND9 installation on 10.10.10.34 and have it resolve DNS 
for .34 and .253, and in your dhcpd.conf specify 10.10.10.34 as the DNS 
server.

Joe Demeny wrote:
> On my network I have one Samba PDC (Version 3.0.28 running on FreeBSD
> 6.3-PRERELEASE), one mail server (FreeBSD + Dovecot + Postfix) and a
> dozen or so WinXP/Win2K machines. The WinXP/Win2K machines all have
> static IP addresses.
>
> The Windows clients are configured to look up the Samba PDC machine for
> both DNS and WINS. The Windows clients seem to be able to find other
> machines as well as the PDC:
>
> Z:\>ping pilot-ws
>
> Pinging pilot-ws [10.10.10.34] with 32 bytes of data:
>
> Reply from 10.10.10.34: bytes=32 time<1ms TTL=128
> Reply from 10.10.10.34: bytes=32 time<1ms TTL=128
> Reply from 10.10.10.34: bytes=32 time<1ms TTL=128
> Reply from 10.10.10.34: bytes=32 time<1ms TTL=128
>
> The Windows clients can also find the mail server:
>
> Z:\>ping mail
>
> Pinging mail [10.10.10.253] with 32 bytes of data:
>
> Reply from 10.10.10.253: bytes=32 time<1ms TTL=64
> Reply from 10.10.10.253: bytes=32 time<1ms TTL=64
> Reply from 10.10.10.253: bytes=32 time<1ms TTL=64
> Reply from 10.10.10.253: bytes=32 time<1ms TTL=64
>
> But, the Windows clients resolve the FQDN of the mail server to the
> public IP address:
>
> Z:\>ping mail.mycustomer.com
>
> Pinging mail.mycustomer.com [aaa.bbb.ccc.ddd] with 32 bytes of data:
>
> Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=64
> Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=64
> Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=64
> Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=64
>
> What I want is that the Windows machines resolve both mail and
> mail.mycustomer.com to 10.10.10.253.
>
> On the Samba PDC machine in /etc/hosts I have:
>
> 10.10.10.253    mail.mycustomer.com  mail
>
> and the Samba PDC machine resolves mail.mycustomer.com to 10.10.10.253.
>
> In smb.conf I have:
>
>     wins support = Yes
>     dns proxy = No
>     name resolve order = wins host lmhosts broadcast
>
> I would very much appreciate your insight...
>

On Wednesday 07 May 2008 05:08:24 pm you wrote:
> run a separate BIND9 installation on 10.10.10.34 and have it resolve DNS
> for .34 and .253, and in your dhcpd.conf specify 10.10.10.34 as the DNS
> server.
>
> Joe Demeny wrote:
> > [...]
Well, the Windows workstations all have static addresses and 10.10.10.34 is a 
Windows workstation.

It seems that Samba is ignoring the name resolve order = wins host lmhosts 
broadcast directive - I must be missing something trivial...

-- 
Joe Demeny

> -----Original Message-----
> From: samba-bounces+dmcleod=foranyauto.com@lists.samba.org 
> [mailto:samba-bounces+dmcleod=foranyauto.com@lists.samba.org] 
> On Behalf Of Joe Demeny
> Sent: Thursday, May 08, 2008 8:07 AM
> To: Adam Williams
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] name resolves to public address - should 
> resolveto private...
> 
> On Wednesday 07 May 2008 05:08:24 pm you wrote:
> > run a separate BIND9 installation on 10.10.10.34 and have 
> it resolve 
> > DNS for .34 and .253, and in your dhcpd.conf specify 10.10.10.34 as 
> > the DNS server.
> >
> > Joe Demeny wrote:
> > > [...]
> 
> Well, the Windows workstations all have static addresses and 
> 10.10.10.34 is a Windows workstation.
> 
> It seems that Samba is ignoring the name resolve order = wins 
> host lmhosts broadcast directive - I must be missing 
> something trivial...
> 
> --
> Joe Demeny
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba


Put the information in the hosts file on the windows machines.
C:\WINDOWS\system32\drivers\etc\hosts
Add:
10.10.10.253    mail.mycustomer.com





Or, if you are running your own DNS server, use bind views...

On Wednesday 07 May 2008, Joe Demeny wrote:
> The Windows clients are configured to look up the Samba PDC machine
> for both DNS and WINS. The Windows clients seem to be able to find
> other machines as well as the PDC:
>
> Z:\>ping pilot-ws
>
> Pinging pilot-ws [10.10.10.34] with 32 bytes of data:
>
> Reply from 10.10.10.34: bytes=32 time<1ms TTL=128
...
> Z:\>ping mail
>
> Pinging mail [10.10.10.253] with 32 bytes of data:
>
> Reply from 10.10.10.253: bytes=32 time<1ms TTL=64
...
> Z:\>ping mail.mycustomer.com
>
> Pinging mail.mycustomer.com [aaa.bbb.ccc.ddd] with 32 bytes of data:
>
> Reply from aaa.bbb.ccc.ddd: bytes=32 time<1ms TTL=64
This is because "mail" is most likely the systems netbios name and 
therefore the registered netbios name in the WINS database, a dotted 
domain name name is unusual as a netbios name but
"mail.mycustomer.com"
wouldn't be a proper one as it is too long. So
"mail.mycustomer.com"
will always be a domain (hosts/DNS) type lookup - the systems are not 
asking Samba for such resolution.
> What I want is that the Windows machines resolve both mail and
> mail.mycustomer.com to 10.10.10.253.
>
> On the Samba PDC machine in /etc/hosts I have:
>
> 10.10.10.253 ? ?mail.mycustomer.com ?mail
As Dennis mentioned you can use the "hosts" file in Windows as well -
it
will, in most cases be searched first for such name resolution (as it 
is in 'nix).
> In smb.conf I have:
>
> ? ? wins support = Yes
> ? ? dns proxy = No
> ? ? name resolve order = wins host lmhosts broadcast
That's only a directive for the running Samba's own lookups - it
doesn't
propagate to to clients.

Best solution, if your DNS handles outside requests as well, is to use 
split horizon DNS (BIND views, as Dennis mentioned, if using that 
product).

-- 
Chris