Mgr. Peter Tuharsky
2019-Feb-20 14:04 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
Well, finally I found the recommendations against .local here: https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ However, still, the originating wiki should AFAIK be more verbose. https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller For now it only says "Make sure that you provision the AD using a DNS domain that will not need to be changed. Samba does not support renaming the AD DNS zone and Kerberos realm. For additional information, see Active Directory Naming FAQ." I wish this would indicate somehow, that some TLD's are very problematic and strongly discouraged. I took this notice like this: "I'm sure I won't need to rename, so I don't need to read the Additional information on AD Naming." Dňa 20. 2. 2019 o 11:33 Rowland Penny via samba napísal(a):> On Wed, 20 Feb 2019 11:17:05 +0100 > "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > >> Hai, >> >>> -----Oorspronkelijk bericht----- >>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mgr. >>> Peter Tuharsky via samba >>> Verzonden: woensdag 20 februari 2019 10:28 >>> Aan: samba at lists.samba.org >>> Onderwerp: Re: [Samba] Samba + BIND9 DLZ. DNS dosen't resolve >>> FQDN, only short hostname >>> >>> Well, the mystery is solved. It WAS Avahi, in a way... >> This is said wrong. ... >> >>> Eventhough it was disabled as a daemon, >>> it still haunted the system by the means of nsswitch.conf >>> >>> In the 'hosts' line, the Debian default entry 'mdns4_minimal >>> [NOTFOUND=return]' does exactly what we don't want - for >>> .local domains >>> it asks Avahi and if it dosen't know, it never asks the other >>> services, >>> such as dns etc. >> And wrong is `the domain is .local` >> Why o why is .local use. That is a reserved name for mDNS (avahi).. >> Yes. So what happend here is TOTALY CORRECT. Here the problem is you >> are using .local >> >>> I hope the documentation (Wiki) should be more vocal about that - >>> that if the domain is .local, the 'dns' entry MUST precede >>> 'mdns4_minimal' and 'mdns4' entries. >> Possible yes, but if correctly setup, not needed. >> And a bit ahead thinking people... Future systems, will mostly use >> systemd, if we like it or not. > Seemingly not on a Tesla: > > https://www.reddit.com/r/teslamotors/comments/92uu0x/model_3_has_a_hidden_web_browser/ > > Rowland > >
Rowland Penny
2019-Feb-20 14:18 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
On Wed, 20 Feb 2019 15:04:40 +0100 "Mgr. Peter Tuharsky via samba" <samba at lists.samba.org> wrote:> Well, finally I found the recommendations against .local here: > > https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ > > > However, still, the originating wiki should AFAIK be more verbose. > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller > > > For now it only says "Make sure that you provision the AD using a DNS > domain that will not need to be changed. Samba does not support > renaming the AD DNS zone and Kerberos realm. For additional > information, see Active Directory Naming FAQ." > > I wish this would indicate somehow, that some TLD's are very > problematic and strongly discouraged. I took this notice like this: > "I'm sure I won't need to rename, so I don't need to read the > Additional information on AD Naming." >I have updated the warning, but you should have read the additional info. Rowland
Peter Tuharsky
2019-Feb-20 21:03 UTC
[Samba] Samba + BIND9 DLZ. DNS dosen't resolve FQDN, only short hostname
Thank You, Rowland. Dňa 20. 2. 2019 o 15:18 Rowland Penny via samba napísal(a):> On Wed, 20 Feb 2019 15:04:40 +0100 > "Mgr. Peter Tuharsky via samba" <samba at lists.samba.org> wrote: > >> Well, finally I found the recommendations against .local here: >> >> https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ >> >> >> However, still, the originating wiki should AFAIK be more verbose. >> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller >> >> >> For now it only says "Make sure that you provision the AD using a DNS >> domain that will not need to be changed. Samba does not support >> renaming the AD DNS zone and Kerberos realm. For additional >> information, see Active Directory Naming FAQ." >> >> I wish this would indicate somehow, that some TLD's are very >> problematic and strongly discouraged. I took this notice like this: >> "I'm sure I won't need to rename, so I don't need to read the >> Additional information on AD Naming." >> > I have updated the warning, but you should have read the additional > info. > > Rowland > >