Mgr. Peter Tuharsky
2019-Feb-20 09:28 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
Well, the mystery is solved. It WAS Avahi, in a way... Eventhough it was disabled as a daemon, it still haunted the system by the means of nsswitch.conf In the 'hosts' line, the Debian default entry 'mdns4_minimal [NOTFOUND=return]' does exactly what we don't want - for .local domains it asks Avahi and if it dosen't know, it never asks the other services, such as dns etc. I hope the documentation (Wiki) should be more vocal about that - that if the domain is .local, the 'dns' entry MUST precede 'mdns4_minimal' and 'mdns4' entries. Dňa 9. 2. 2019 o 10:24 Rowland Penny via samba napísal(a):> On Sat, 9 Feb 2019 09:12:28 +0100 > Peter Tuharsky via samba <samba at lists.samba.org> wrote: > >> Thank You Rowland. I did it like You say, killed avahi, added the >> record without domain suffix, but nothing changed, and the record >> seems no different compared to other records added with the suffix >> some time before. >> >> My Samba DNS record looks like this (and I see nothing special in >> there): >> >> Name=, Records=3, Children=0 >> SOA: serial=39, refresh=900, retry=600, expire=86400, >> minttl=3600, ns=blacktux.interbronz.local., >> email=hostmaster.interbronz.local. (flags=600000f0, serial=39, >> ttl=3600) NS: blacktux.interbronz.local. (flags=600000f0, serial=1, >> ttl=900) A: 10.20.1.1 (flags=600000f0, serial=3, ttl=900) >> Name=_msdcs, Records=0, Children=0 >> Name=_sites, Records=0, Children=1 >> Name=_tcp, Records=0, Children=4 >> Name=_udp, Records=0, Children=2 >> Name=asus, Records=1, Children=0 >> A: 10.20.4.69 (flags=f0, serial=27, ttl=900) >> Name=blacktux, Records=1, Children=0 >> A: 10.20.1.1 (flags=f0, serial=2, ttl=900) >> Name=boss, Records=1, Children=0 >> A: 10.20.3.78 (flags=f0, serial=39, ttl=900) >> Name=DomainDnsZones, Records=0, Children=2 >> Name=ForestDnsZones, Records=0, Children=2 >> Name=intelhd, Records=1, Children=0 >> A: 10.20.1.82 (flags=f0, serial=20, ttl=900) >> Name=w7-virt, Records=1, Children=0 >> A: 10.10.10.102 (flags=f0, serial=21, ttl=900) >> > > Hmm, mine look different: > > If I run (on a DC): > > samba-tool dns query 127.0.0.1 samdom.example.com @ SOA > > I get: > > Name=, Records=1, Children=0 > SOA: serial=3658, refresh=900, retry=600, expire=86400, minttl=3600, ns=dc4.samdom.example.com., email=hostmaster.samdom.example.com. (flags=600000f0, serial=3657, ttl=3600) > Name=_sites, Records=0, Children=1 > Name=_tcp, Records=0, Children=5 > Name=_udp, Records=0, Children=2 > Name=EAP-WIN7, Records=0, Children=0 > Name=DomainDnsZones, Records=0, Children=2 > Name=ForestDnsZones, Records=0, Children=2 > Name=EAPDEV-PC, Records=0, Children=0 > Name=DC4, Records=0, Children=0 > Name=................. > ........... > and so on > > The '_msdcs' record isn't there. > There are no 'A' records. > > If I run (again on a DC): > > ldbsearch --cross-ncs --show-binary -H '/var/lib/samba/private/sam.ldb' > -b > 'DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com' > -s sub '(&(objectClass=dnsNode)(DC=@))' > > NOTE: the above should all be on one line. > > I get: > > # record 1 > dn: DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > objectClass: top > objectClass: dnsNode > instanceType: 4 > whenCreated: 20151106115624.0Z > uSNCreated: 4060 > showInAdvancedViewOnly: TRUE > name: @ > objectGUID: 7ad014c4-c1e9-4cb4-9f0d-96d0272af23d > objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com > dc: @ > whenChanged: 20190209090653.0Z > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x004f (79) > wType : DNS_TYPE_SOA (6) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000e10 (3600) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037ec99 (3665049) > data : union dnsRecordData(case 6) > soa: struct dnsp_soa > serial : 0x00000e4e (3662) > refresh : 0x00000384 (900) > retry : 0x00000258 (600) > expire : 0x00015180 (86400) > minimum : 0x00000e10 (3600) > mname : dc4.samdom.example.com > rname : hostmaster.samdom.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x001a (26) > wType : DNS_TYPE_NS (2) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037a459 (3646553) > data : union dnsRecordData(case 2) > ns : dc3.samdom.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x001a (26) > wType : DNS_TYPE_NS (2) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037ceba (3657402) > data : union dnsRecordData(case 2) > ns : dc4.samdom.example.com > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0004 (4) > wType : DNS_TYPE_A (1) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037a459 (3646553) > data : union dnsRecordData(case 1) > ipv4 : 192.168.0.7 > > dnsRecord: NDR: struct dnsp_DnssrvRpcRecord > wDataLength : 0x0004 (4) > wType : DNS_TYPE_A (1) > version : 0x05 (5) > rank : DNS_RANK_ZONE (240) > flags : 0x0000 (0) > dwSerial : 0x00000e4d (3661) > dwTtlSeconds : 0x00000384 (900) > dwReserved : 0x00000000 (0) > dwTimeStamp : 0x0037ceba (3657402) > data : union dnsRecordData(case 1) > ipv4 : 192.168.0.6 > > uSNChanged: 402651 > distinguishedName: DC=@,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com > > # returned 1 records > # 1 entries > # 0 referrals > > Rowland >
Rowland Penny
2019-Feb-20 09:59 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
On Wed, 20 Feb 2019 10:28:24 +0100 "Mgr. Peter Tuharsky via samba" <samba at lists.samba.org> wrote:> Well, the mystery is solved. It WAS Avahi, in a way... Eventhough it > was disabled as a daemon, it still haunted the system by the means of > nsswitch.conf > > In the 'hosts' line, the Debian default entry 'mdns4_minimal > [NOTFOUND=return]' does exactly what we don't want - for .local > domains it asks Avahi and if it dosen't know, it never asks the other > services, such as dns etc. > > I hope the documentation (Wiki) should be more vocal about that - that > if the domain is .local, the 'dns' entry MUST precede 'mdns4_minimal' > and 'mdns4' entries. >The wiki (and Microsoft) is very vocal that you shouldn't use the '.local' TLD Rowland
Gregory Sloop
2019-Feb-21 18:16 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
RPvs> The wiki (and Microsoft) is very vocal that you shouldn't use the RPvs> '.local' TLD Not to start a flame war - but Microsoft is the *source* of using .local in Active directory domains - from past practices. And, even now, they are somewhat equivocal in saying it shouldn't be used. [No source given, but it's something I've looked at in the last year and there are places they say "DON'T" and other where it's *far* less emphatic, almost permissive.] I'm not going to take a personal stance - other than to say that using .local is probably going to get more complicated as time goes on, and might be the source of some grief. Unfortunately, AFAICT, there's no real great alternative to a non-internet first level domain that one can be sure will never exist in the real world.