Werthmuller, Derek
2013-Nov-19 18:24 UTC
[Samba] Samba internal DNS strange behavior to ssh client lookup request
Running a new install of samba 4.1 AD, also using winbind to handle Linux user,
group authorizing users.
I'm have problems with DNS lookups for ssh client don't work nslookup
on the same AD and member system works fine.
For example: I can run nslookup example.com and it returns a valid answer right
way. If I try to ssh -l username example.com , ssh returns "ssh: Could not
resolve hostname example.com : Name or service not known"
Samba is configured with dns forwarder = external DNS server.
Samba DNS tests work.
Such as host -t SRV _ldap._tcp.example.com
/etc/resolve.conf
Configured with nameserver of the DC as the top item in list. If I move the DC
nameserver entry lower in the list and place the external DNS at the top then
ssh dns lookups work fine. (but then the samba lookups don't work properly)
Any Advice here?
Thanks
Derek
Rowland Penny
2013-Nov-19 18:33 UTC
[Samba] Samba internal DNS strange behavior to ssh client lookup request
On 19/11/13 18:24, Werthmuller, Derek wrote:> Running a new install of samba 4.1 AD, also using winbind to handle Linux user, group authorizing users. > > I'm have problems with DNS lookups for ssh client don't work nslookup on the same AD and member system works fine. > For example: I can run nslookup example.com and it returns a valid answer right way. If I try to ssh -l username example.com , ssh returns "ssh: Could not resolve hostname example.com : Name or service not known" > > Samba is configured with dns forwarder = external DNS server. > > Samba DNS tests work. > Such as host -t SRV _ldap._tcp.example.com > /etc/resolve.conf > Configured with nameserver of the DC as the top item in list. If I move the DC nameserver entry lower in the list and place the external DNS at the top then ssh dns lookups work fine. (but then the samba lookups don't work properly) > Any Advice here? > > Thanks > Derek > > >Not that it helps you, but it works from an LM15 client to an S4 server with bind9 dns Rowland
Werthmuller, Derek
2013-Nov-22 15:13 UTC
[Samba] Samba internal DNS strange behavior to ssh client lookup request
Answers to my own question.
Understand why this behaves this way. No its not a bug in samba internal DNS.
I believe its how the resolver libraries work in the ssh client (ssh client
didn't chek multiple nameserver resources). It also points out a bit how
the Samba AD DNS setup works.
1) my incorrect assumption was that the DNS forwarder address, found in
smb.conf, would be used for any address space the AD DNS was not authority for
and if it didn't have an entry for a system within its authority space.
The last part about forwarding to another DNS server if the internal AD DNS
doesn't have an entry for it doesn't work, and appears to be by design.
2) My plan was to use the samba DNS only for sort of the windows network, and
leave webservers and such to the other already existing DNS server. This case
only works if the client resolver will check multiple DNS resources if the
first( being the AD DNS) fails. Nslookup resolver does check multiple DNS
resources often found in /etc/resolv.conf. Samab AD documentation states to
place the AD address in the first nameserver entry for the resolv.conf.
3) my new plan is to place more hosts in the samba AD DNS than originally
anticipated. I've seen posts suggesting creating a separate DNS domain for
AD so that you don't have to pull all DNS in the AD for a given
domain/subnet. Not sure if this is a good idea - it seems that if a host have
multiple roles and would be found in both DNS server than the clients resolvers
and cache could become confused.
Cheers
Derek
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
On Behalf Of Werthmuller, Derek
Sent: Tuesday, November 19, 2013 1:25 PM
To: samba at lists.samba.org
Subject: [Samba] Samba internal DNS strange behavior to ssh client lookup
request
Running a new install of samba 4.1 AD, also using winbind to handle Linux user,
group authorizing users.
I'm have problems with DNS lookups for ssh client don't work nslookup
on the same AD and member system works fine.
For example: I can run nslookup example.com and it returns a valid answer right
way. If I try to ssh -l username example.com , ssh returns "ssh: Could not
resolve hostname example.com : Name or service not known"
Samba is configured with dns forwarder = external DNS server.
Samba DNS tests work.
Such as host -t SRV _ldap._tcp.example.com /etc/resolve.conf
Configured with nameserver of the DC as the top item in list. If I move the DC
nameserver entry lower in the list and place the external DNS at the top then
ssh dns lookups work fine. (but then the samba lookups don't work properly)
Any Advice here?
Thanks
Derek
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Apparently Analagous Threads
- NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbac ked PDC and MS Exchange 5.5 still
- gidNumber's and ldap backed samba PDC
- Samba4 AD DC Domain name question
- NT4 SP3 PDC with MS Exchange 5.5 to Samba 3.x ldapbacked PDC and MS Exchange 5.5 still
- Winbind backend = ldap pull uid-number and gid-number ldap values ?