samba - Dec 2017 - DNS issue with clean install of samba 4.5.12-Debian

Hai Mike, 

I post it to the list so everybody can learn from it. 
> Why you use "hostname -i" ?
man hostname wil tell.. But i'll try to explain it a bit. 
Read the Description, its also about how the hostnames are resolved within the
systemfuntions.
Like gethostname and gethostbyname 
> root at ad51:~# hostname -i
> 127.0.0.1
> root at ad51:~# hostname -I
> 172.16.214.151 
Hostname -i , works only if the hostname can be resolved. 
Hostname -I , Displays all network addresses of the host. ( but not 127.0.0.1 ) 
Now remembering that. 

Imo, hostname -i and hostname -I should imo not resolve to
localhost/127.0.0.1/::1
If thats the case then your resolving might be faulty. 

What is localhost. 
localhost = 127.0.0.1
localhost = ::1 
Localhost.localdomain = 127.0.0.1
ip6-localhost ip6-loopback = ::1 

Last, but this one should be in the DNS zone. 
localhost.primary.domain.tld = 127.0.0.1

The following. 
/etc/hostname contains name of the machine, as known to applications that run
locally.

/etc/hosts and DNS associate names with IP?addresses. 
And myname may be mapped to whichever IP?address the machine can access itself,
but mapping it to 127.0.0.1 is unæsthetic.
Not /etc/hosts, but /bin/hostname serves another function with -f because
/etc/hosts can override the common sense.


Now per example. 

A good /etc/hosts = (empty)  but then you must have a dns server running. 
A minimal /etc/hosts only has :
127.0.0.1       localhost
::1		    localhost ip6-localhost ip6-loopback

And as extra with dhcp (optional) 
127.0.1.1       hostname hostname.localdomain 
Or 
127.0.0.1       localhost hostname hostname.localdomain ( not recommended ) 

Or bit more. 
192.168.0.1		computername.internal.domain.tld
1.2.3.4		computername.domain.tld

Basicly any FQDN must be resolvable where it is used.

Now a practical use, like a webserver. 
Lets say you have this in /etc/hosts 
127.0.0.1       localhost
::1		    localhost ip6-localhost ip6-loopback
192.168.0.1		computername.internal.domain.tld
1.2.3.4		computername.domain.tld

In this case i setup a minimal of 4 ! Virtual hosts. 
vhost1: localhost with the ipv6 aliases and ip numbers. 
Vhost2: computername.internal.domain.tld and no alias to ipnumbers, optional
alias to hostname, but the resolv.conf must me correct also with the primary
domain.
Vhost3: computername.domain.tld and no alias to ipnumbers. 
Vhost4: 1.2.3.4 as catch all for scriptkiddies that scan ipnumbers, with a page
saying use hostnames.
Optional
Vhost5: 192.168.0.1 as catch all for in lan side or add the ip to vhost2. 

With such a setup you can split everything there you want to access it, and you
can setup you server much more secure with some basic steps.
But thats how i see it, there might be better ways, but this works very good for
me.

I hope this helps a bit. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: Mike Lykov [mailto:combr at samges.ru] 
> Verzonden: vrijdag 15 december 2017 8:47
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] DNS issue with clean install of samba 
> 4.5.12-Debian
> 
> 11.12.2017 20:03, L.P.H. van Belle via samba ??????????:
> > Hai James,
> > 
> > Can you try this one for me. I corrected and uploaded my 
> latest version.
> > 
> > 
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-s
etup-checkup.sh
> > 
> > You can wget this one directly.
> > You should see ( my sample output )
> 
> Why you use "hostname -i" ?
> 
> " Display the network address(es) of the host name. Note that 
> this works 
> only if the host name can be resolved. Avoid using this option; use 
> hostname -I instead. "
> 
>      HOST_IP1="$(hostname -i)"
>      HOST_IP2="$(hostname -I)"
>      if [ $HOST_IP1 = $HOST_IP2 ]; then
> ....
> 
> With one interface  (+default lo interface) It is writing about
> 	echo "TODO, not finished"
>          echo "Detected multiple ipnumbers"
> 
> beacuse
> 
> root at ad51:~# hostname -i
> 127.0.0.1
> root at ad51:~# hostname -I
> 172.16.214.151
> 
> -- 
> Administrator
> 
>

On Fri, 15 Dec 2017 09:58:03 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> Hai Mike, 
> 
> I post it to the list so everybody can learn from it. 
> 
> > Why you use "hostname -i" ?
> man hostname wil tell.. But i'll try to explain it a bit. 
> Read the Description, its also about how the hostnames are resolved
> within the systemfuntions. Like gethostname and gethostbyname 
> 
> > root at ad51:~# hostname -i
> > 127.0.0.1
> > root at ad51:~# hostname -I
> > 172.16.214.151 
> 
> Hostname -i , works only if the hostname can be resolved. 
> Hostname -I , Displays all network addresses of the host. ( but not
> 127.0.0.1 ) Now remembering that. 
> 
> Imo, hostname -i and hostname -I should imo not resolve to
> localhost/127.0.0.1/::1 If thats the case then your resolving might
> be faulty. 
> 
> What is localhost. 
> localhost = 127.0.0.1
> localhost = ::1 
> Localhost.localdomain = 127.0.0.1
There is no such thing as 'localdomain', this is something that
somebody came up with, my suggestion is to not use it.
> ip6-localhost ip6-loopback = ::1 
> 
> Last, but this one should be in the DNS zone. 
> localhost.primary.domain.tld = 127.0.0.1
No it shouldn't. localhost has its own zone, as does 127.0.0.0
(reverse), see /etc/bind/named.conf.default-zones
> 
> The following. 
> /etc/hostname contains name of the machine, as known to applications
> that run locally. 
> 
> /etc/hosts and DNS associate names with IP?addresses. 
> And myname may be mapped to whichever IP?address the machine can
> access itself, but mapping it to 127.0.0.1 is unæsthetic.
> Not /etc/hosts, but /bin/hostname serves another function with -f
> because /etc/hosts can override the common sense. 
/etc/hosts is the old way of doing things (and I mean really old), all
that should be in /etc/hosts is 127.0.0.1 and the computers ipaddress
and what they point to, anything else should be found from dns.
> 
> 
> Now per example. 
> 
> A good /etc/hosts = (empty)  but then you must have a dns server
> running. A minimal /etc/hosts only has :
> 127.0.0.1       localhost
> ::1		    localhost ip6-localhost ip6-loopback
> 
> And as extra with dhcp (optional) 
> 127.0.1.1       hostname hostname.localdomain 
Nope, this just causes problems, if you have '127.0.1.1' in /etc/hosts,
I would remove it.
> Or 
> 127.0.0.1       localhost hostname hostname.localdomain ( not
> recommended ) 
As in don't use it ;-)
> 
> Or bit more. 
> 192.168.0.1		computername.internal.domain.tld
> 1.2.3.4		computername.domain.tld
> 
> Basicly any FQDN must be resolvable where it is used.
True, but it should just be the computers own info.
> 
> Now a practical use, like a webserver. 
> Lets say you have this in /etc/hosts 
> 127.0.0.1       localhost
> ::1		    localhost ip6-localhost ip6-loopback
> 192.168.0.1		computername.internal.domain.tld
> 1.2.3.4		computername.domain.tld
Ah, now this is different, here you are associating another IP with the
computers FQDN, but wouldn't you be better doing this with a CNAME ?

Rowland

See the following.

https://tools.ietf.org/html/rfc6761 
Read 6.3 


And 
https://tools.ietf.org/html/rfc1537 
Snap: Note that all domains that contain hosts should have a
"localhost" A record in them.


Thats what i follow as close as possible. 


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: vrijdag 15 december 2017 11:03
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] DNS issue with clean install of samba 
> 4.5.12-Debian
> 
> On Fri, 15 Dec 2017 09:58:03 +0100
> "L.P.H. van Belle via samba" <samba at lists.samba.org>
wrote:
> 
> > Hai Mike, 
> > 
> > I post it to the list so everybody can learn from it. 
> > 
> > > Why you use "hostname -i" ?
> > man hostname wil tell.. But i'll try to explain it a bit. 
> > Read the Description, its also about how the hostnames are resolved
> > within the systemfuntions. Like gethostname and gethostbyname 
> > 
> > > root at ad51:~# hostname -i
> > > 127.0.0.1
> > > root at ad51:~# hostname -I
> > > 172.16.214.151 
> > 
> > Hostname -i , works only if the hostname can be resolved. 
> > Hostname -I , Displays all network addresses of the host. ( but not
> > 127.0.0.1 ) Now remembering that. 
> > 
> > Imo, hostname -i and hostname -I should imo not resolve to
> > localhost/127.0.0.1/::1 If thats the case then your resolving might
> > be faulty. 
> > 
> > What is localhost. 
> > localhost = 127.0.0.1
> > localhost = ::1 
> > Localhost.localdomain = 127.0.0.1
> 
> There is no such thing as 'localdomain', this is something that
> somebody came up with, my suggestion is to not use it.
> 
> > ip6-localhost ip6-loopback = ::1 
> > 
> > Last, but this one should be in the DNS zone. 
> > localhost.primary.domain.tld = 127.0.0.1
> 
> No it shouldn't. localhost has its own zone, as does 127.0.0.0
> (reverse), see /etc/bind/named.conf.default-zones
> 
> > 
> > The following. 
> > /etc/hostname contains name of the machine, as known to applications
> > that run locally. 
> > 
> > /etc/hosts and DNS associate names with IP?addresses. 
> > And myname may be mapped to whichever IP?address the machine can
> > access itself, but mapping it to 127.0.0.1 is unæsthetic.
> > Not /etc/hosts, but /bin/hostname serves another function with -f
> > because /etc/hosts can override the common sense. 
> 
> /etc/hosts is the old way of doing things (and I mean really old), all
> that should be in /etc/hosts is 127.0.0.1 and the computers ipaddress
> and what they point to, anything else should be found from dns.
> 
> > 
> > 
> > Now per example. 
> > 
> > A good /etc/hosts = (empty)  but then you must have a dns server
> > running. A minimal /etc/hosts only has :
> > 127.0.0.1       localhost
> > ::1		    localhost ip6-localhost ip6-loopback
> > 
> > And as extra with dhcp (optional) 
> > 127.0.1.1       hostname hostname.localdomain 
> 
> Nope, this just causes problems, if you have '127.0.1.1' in 
> /etc/hosts,
> I would remove it.
> 
> > Or 
> > 127.0.0.1       localhost hostname hostname.localdomain ( not
> > recommended ) 
> 
> As in don't use it ;-)
> 
> > 
> > Or bit more. 
> > 192.168.0.1		computername.internal.domain.tld
> > 1.2.3.4		computername.domain.tld
> > 
> > Basicly any FQDN must be resolvable where it is used.
> 
> True, but it should just be the computers own info.
> 
> > 
> > Now a practical use, like a webserver. 
> > Lets say you have this in /etc/hosts 
> > 127.0.0.1       localhost
> > ::1		    localhost ip6-localhost ip6-loopback
> > 192.168.0.1		computername.internal.domain.tld
> > 1.2.3.4		computername.domain.tld
> 
> Ah, now this is different, here you are associating another 
> IP with the
> computers FQDN, but wouldn't you be better doing this with a CNAME ?
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

On Fri, 15 Dec 2017 11:22:06 +0100
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> See the following.
> 
> https://tools.ietf.org/html/rfc6761 
> Read 6.3 
> 
> 
> And 
> https://tools.ietf.org/html/rfc1537 
> Snap: Note that all domains that contain hosts should have a
> "localhost" A record in them. 
> 
> 
> Thats what i follow as close as possible. 
> 
> 
All of which confirms what I said, just use '127.0.0.1 localhost'
in /etc/hosts along with the computers 'ipaddress fqdn shorthostname'

Rowland

15.12.2017 14:02, Rowland Penny via samba пишет:
>> /etc/hosts and DNS associate names with IP?addresses.
>> And myname may be mapped to whichever IP?address the machine can
>> access itself, but mapping it to 127.0.0.1 is unæsthetic.
>> Not /etc/hosts, but /bin/hostname serves another function with -f
>> because /etc/hosts can override the common sense.
> 
> /etc/hosts is the old way of doing things (and I mean really old), all
> that should be in /etc/hosts is 127.0.0.1 and the computers ipaddress
> and what they point to, anything else should be found from dns.
I think so too, no need to write own  server name/address in /etc/hosts 
by hand if I have (and with AD DC I always have) a domain name server 
where that name resolved.

By default after install (debian 9) I have only 127.0.0.1 in /etc/hosts, 
but check script counts it as error (-i & -I are different)

Anyway I use some external dns before setup AD DC and switch to DC's own 
server after install, no need to modify /etc/hosts from default 
"localhost", as far as I think.

--
Mike