samba - Jul 2016 - Fwd: Samba 4.2.14 Internal DNS not returning DNAME records?

I have a bit of an oddity here:  I'm using Samba 4.2.14 with AD, using
Samba's internal DNS to serve to my domain (and forwarding others to Google
Public DNS 8.8.8.8).

However, it looks like client queries (and subsequent forwards) to a
vendor's URL (www.pitneybowes.us) fail, but are successful if I query
Google directly:

[root at XXXX~]# nslookup -type=any www.pitneybowes.us
> Server:         xxx.xxx.xxx.xxx
> Address:        xxx.xxx.xxx.xxx#53
> ** server can't find www.pitneybowes.us: SERVFAIL
> [root at XXX~]# nslookup -type=any www.pitneybowes.us 8.8.8.8
> Server:         8.8.8.8
> Address:        8.8.8.8#53
> Non-authoritative answer:
> pitneybowes.us  dname = pitneybowes.com.
> www.pitneybowes.us      canonical name = www.pitneybowes.com.
> Authoritative answers can be found from:

The only thing out of the ordinary here is the existence of a DNAME record
-- which to the best of my new understanding fails upon queries on A
records.

So my question is, are DNAME records something that Samba's internal DNS
can't handle?

Can somebody else using the Internal DNS verify this?

Thanks,
-Kris


Kris Lou
klou at themusiclink.net

On Fri, 2016-07-15 at 12:31 -0700, Kris Lou wrote:
> I have a bit of an oddity here:  I'm using Samba 4.2.14 with AD,
> using
> Samba's internal DNS to serve to my domain (and forwarding others to
> Google
> Public DNS 8.8.8.8).
> 
> However, it looks like client queries (and subsequent forwards) to a
> vendor's URL (www.pitneybowes.us) fail, but are successful if I query
> Google directly:
> 
> [root at XXXX~]# nslookup -type=any www.pitneybowes.us
> > Server:         xxx.xxx.xxx.xxx
> > Address:        xxx.xxx.xxx.xxx#53
> > ** server can't find www.pitneybowes.us: SERVFAIL
> > [root at XXX~]# nslookup -type=any www.pitneybowes.us 8.8.8.8
> > Server:         8.8.8.8
> > Address:        8.8.8.8#53
> > Non-authoritative answer:
> > pitneybowes.us  dname = pitneybowes.com.
> > www.pitneybowes.us      canonical name = www.pitneybowes.com.
> > Authoritative answers can be found from:
> 
> 
> The only thing out of the ordinary here is the existence of a DNAME
> record
> -- which to the best of my new understanding fails upon queries on A
> records.
> 
> So my question is, are DNAME records something that Samba's internal
> DNS
> can't handle?
> 
> Can somebody else using the Internal DNS verify this?
Can you try git master?  Otherwise, while I see some IDL to parse a
DNAME, I don't see any specific code, so any support will be accidental
as part of the general forwarding case.

Additionally, we don't have great support for large packets and TCP
forwarding, as I understand it. 

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

CC: List

Thanks for the tip!

Kris Lou
klou at themusiclink.net

---------- Forwarded message ----------
From: Andrew Bartlett <abartlet at samba.org>
Date: Fri, Jul 15, 2016 at 3:23 PM
Subject: Re: [Samba] Samba 4.2.14 Internal DNS not returning DNAME records?
To: Kris Lou <klou at themusiclink.net>


On Fri, 2016-07-15 at 14:41 -0700, Kris Lou wrote:
>
> On Fri, Jul 15, 2016 at 2:16 PM, Andrew Bartlett <abartlet at
samba.org>
> wrote:
> > Can you try git master?  Otherwise, while I see some IDL to parse a
> > DNAME, I don't see any specific code, so any support will be
> > accidental
> > as part of the general forwarding case.
> >
> Thanks for checking (and for all of your work on this).  I'm
> currently using Sernet's 4.2 on CentOS, so I'll have to build a box
> to verify.  I'll try to get to it at some point.
>
> > Additionally, we don't have great support for large packets and
TCP
> > forwarding, as I understand it.
> >
> I suppose the other path is to deploy Bind, correct?
Yes.

--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba