Rob Joyce
2014-Apr-13 14:00 UTC
[Samba] NXDOMAIN on forwarded DNS requests for non-existant names
Hi all, I have a Samba 4.1.6 domain controller set up with SAMBA_INTERNAL for DNS. When I make a DNS query for a host name that doesn?t exist, but that Samba would be authoritative for, I get the expected NXDOMAIN. But when I make a DNS query that Samba forwards to a recursive DNS server, again for a host that doesn?t exist, I simply get an empty response. I've verified that the recursive server is returning NXDOMAIN, while Samba returns NOERROR (see below). This yields funny behavior with the 'host' command, for instance, giving no output but returning success. Any ideas? Thanks! _Rob e.g., querying Samba: % dig anonexistantdomain.com @127.0.0.1 ; <<>> DiG <<>> anonexistantdomain.com @127.0.0.1 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64553 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;anonexistantdomain.com. IN A ;; AUTHORITY SECTION: com. 900 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1397367170 1800 900 604800 86400 ;; Query time: 81 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sun Apr 13 01:33:00 2014 ;; MSG SIZE rcvd: 124 then querying the recursive DNS server directly: % dig anonexistantdomain.com @8.8.8.8 ; <<>> DiG <<>> anonexistantdomain.com @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53651 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;anonexistantdomain.com. IN A ;; AUTHORITY SECTION: com. 897 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1397367170 1800 900 604800 86400 ;; Query time: 59 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Apr 13 01:33:03 2014 ;; MSG SIZE rcvd: 113