On 05/08/2019 11:53, Patrik wrote:> the ?? file "/etc/bind/zones/enp1s0f3/patrikx3.com > <http://patrikx3.com/>"; are my domain names A, AAAA, CNAME-s, that is > where i store then, there is know AD records at all. it is all DLZ. > *_ > _*If 'patrikx3.com' is a registered dns domain name, then you should have used a subdomain of this for the AD dns domain. The file you refer to is a FLATFILE and you SHOULDN'T be storing your AD dns records there and it ISN'T bind9_dlz. Rowland
the patrikx3.com is my domain
my AD DC domain is p3x-dc.patrikx3.com, you can see:
root at server:~# cat /etc/bind/zones/enp1s0f3/patrikx3.com
; Replaces on ennp1s0f2 to ennp1s0f3
; 192.168.81. 192.168.78.
; 2001:470:1f1b:5b5:21b:21ff:fea6:ce92
2001:470:1f1b:5b3:21b:21ff:fea6:ce93
; format is done with xed Linux Mint, not using tab, only space
$TTL 3600
@ 86400 IN SOA ns1.patrikx3.com.
hostmaster.ns1.patrikx3.com. (
1
; Serial
1200
; Refresh
120
; Retry
2419200
; Expire
3600 )
; Negative Cache TTL
; Name servers
patrikx3.com. 300 IN NS ns1.patrikx3.com
.
patrikx3.com. 300 IN MX 10
mail.patrikx3.com.
patrikx3.com. 300 IN TXT "v=spf1 a:
mail.patrikx3.com -all"
patrikx3.com. 300 IN CAA 0 issue "
letsencrypt.org"
mail._domainkey.patrikx3.com. 300 IN TXT ( "v=DKIM1;
h=sha256; k=rsa; "
"p=secure"
"secure" ) ; ----- DKIM key mail for patrikx3.com
patrikx3.com. 300 IN A 192.168.78.20
patrikx3.com. 300 IN AAAA
2001:470:1f1b:5b3:21b:21ff:fea6:ce93
uptimerobot 300 IN CNAME
stats.uptimerobot.com.
; A records for name servers
@ 300 IN A 192.168.78.20
@ 300 IN AAAA
2001:470:1f1b:5b3:21b:21ff:fea6:ce93
ns1 300 IN A 192.168.78.20
bitang 300 IN A 192.168.78.40
workstation 300 IN A 192.168.78.30
ipv6 300 IN AAAA
2001:470:1f1b:5b3:21b:21ff:fea6:ce93
printer 300 IN A 192.168.78.50
mail 300 IN A 192.168.78.20
mail 300 IN AAAA
2001:470:1f1b:5b3:21b:21ff:fea6:ce93
tuti 300 IN A 192.168.78.21
; Other A records
www 300 IN CNAME patrikx3.com.
;this p3x-dc domain comes from the dlz.... see it is commented
*;p3x-dc 300 IN CNAME patrikx3.com
<http://patrikx3.com>.*
server 300 IN CNAME patrikx3.com.
home.router 300 IN CNAME patrikx3.com.
business.router 300 IN CNAME patrikx3.com.
office.router 300 IN CNAME patrikx3.com.
address-book 300 IN CNAME patrikx3.com.
fortune-cookie 300 IN CNAME patrikx3.com.
torrent 300 IN CNAME patrikx3.com.
test 300 IN CNAME patrikx3.com.
mysql 300 IN CNAME patrikx3.com.
git 300 IN CNAME patrikx3.com.
webhook 300 IN CNAME patrikx3.com.
sync 300 IN CNAME patrikx3.com.
cloud 300 IN CNAME patrikx3.com.
redis 300 IN CNAME patrikx3.com.
server 300 IN CNAME patrikx3.com.
npm 300 IN CNAME patrikx3.com.
gitlist 300 IN CNAME patrikx3.com.
afraid 300 IN CNAME patrikx3.com.
blog 300 IN CNAME patrikx3.com.
stats 300 IN CNAME patrikx3.com.
github 300 IN CNAME patrikx3.com.
mongo 300 IN CNAME patrikx3.com.
ldap 300 IN CNAME patrikx3.com.
p3x.redis 300 IN CNAME patrikx3.com.
php.redis 300 IN CNAME patrikx3.com.
commander.redis 300 IN CNAME patrikx3.com.
resume.bitang 300 IN CNAME
bitang.patrikx3.com.
mysql.bitang 300 IN CNAME
bitang.patrikx3.com.
ngivr.bitang 300 IN CNAME
bitang.patrikx3.com.
layout.ngivr.bitang 300 IN CNAME
bitang.patrikx3.com.
gitlist.bitang 300 IN CNAME
bitang.patrikx3.com.
resume.workstation 300 IN CNAME
workstation.patrikx3.com.
mysql.workstation 300 IN CNAME
workstation.patrikx3.com.
ngivr.workstation 300 IN CNAME
workstation.patrikx3.com.
layout.ngivr.workstation 300 IN CNAME
workstation.patrikx3.com.
gitlist.workstation 300 IN CNAME
workstation.patrikx3.com.
test1 300 IN CNAME
tuti.patrikx3.com.
test2 300 IN CNAME
tuti.patrikx3.com.
*Patrik*
WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> |
NPM
<https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com>
| +36
20 342 8046
On Mon, Aug 5, 2019 at 1:28 PM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 05/08/2019 11:53, Patrik wrote:
> > the file "/etc/bind/zones/enp1s0f3/patrikx3.com
> > <http://patrikx3.com/>"; are my domain names A, AAAA,
CNAME-s, that is
> > where i store then, there is know AD records at all. it is all DLZ.
> > *_
> > _*
>
> If 'patrikx3.com' is a registered dns domain name, then you should
have
> used a subdomain of this for the AD dns domain.
>
> The file you refer to is a FLATFILE and you SHOULDN'T be storing your
AD
> dns records there and it ISN'T bind9_dlz.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
the problem is that here: root at server:~# nslookup p3x-dc.patrikx3.com Server: 192.168.78.20 Address: 192.168.78.20#53 Name: p3x-dc.patrikx3.com Address: 192.168.78.20 Name: p3x-dc.patrikx3.com *Address: 192.168.81.120* Name: p3x-dc.patrikx3.com *Address: 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84* Name: p3x-dc.patrikx3.com Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 Name: p3x-dc.patrikx3.com Address: 2001:470:1f1b:5b3::20 *if should at least show like:* root at server:~# nslookup p3x-dc.patrikx3.com Server: 192.168.78.20 Address: 192.168.78.20#53 Name: p3x-dc.patrikx3.com Address: 192.168.78.20 Name: p3x-dc.patrikx3.com *Address: 192.168.81.20* Name: p3x-dc.patrikx3.com *Address: **2001:470:1f1b:5b5:21b:21ff:fea6:ce92* Name: p3x-dc.patrikx3.com Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 Name: p3x-dc.patrikx3.com Address: 2001:470:1f1b:5b3::20 *But for unknown reason it generates a 192.168.81.120 instead (or not at all) 192.168.81.20 as that is the server ip addres (**192.168.81.20 and * *2001:470:1f1b:5b5:21b:21ff:fea6:ce92**)* *All my windows clients are registered in my p3x-dc domains and i can log in. i will explore in the adexplorer what something could cause this. but it is very weird. it would be cool if someone would know what it could happen.* *Patrik* WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36 20 342 8046 On Mon, Aug 5, 2019 at 1:28 PM Rowland penny via samba < samba at lists.samba.org> wrote:> On 05/08/2019 11:53, Patrik wrote: > > the file "/etc/bind/zones/enp1s0f3/patrikx3.com > > <http://patrikx3.com/>"; are my domain names A, AAAA, CNAME-s, that is > > where i store then, there is know AD records at all. it is all DLZ. > > *_ > > _* > > If 'patrikx3.com' is a registered dns domain name, then you should have > used a subdomain of this for the AD dns domain. > > The file you refer to is a FLATFILE and you SHOULDN'T be storing your AD > dns records there and it ISN'T bind9_dlz. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
That is because your resolving setup is wrong. You problem starts here. Checking file: /etc/resolv.conf search patrikx3.com search corifeus.com search p3x-dc.patrikx3.com The first 2 will do nothing, only last will be used that setup. You want : search p3x-dc.patrikx3.com patrikx3.com corifeus.com But still thats not needed, you only need. search p3x-dc.patrikx3.com Because the other domains are resolved through dns. So, always your primary dnsdomain first. (the one where you samba AD-DC is configured with ) P.s. You forgot the hide the pass in named output ( key signed_comms ) so change that. But before we can give a good advice. Is the server directly on the internet ( 1 nic/2nics ) Or Is the server on the internet and LAN (2 nics) Or Is the server on the LAN only but accessable for the internet through proxy. What is the servers main thing it should do. Give me above and i'll see if i can give you an good advice here. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Patrik via samba > Verzonden: maandag 5 augustus 2019 13:38 > Aan: Rowland penny > CC: sambalist > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > the problem is that here: > root at server:~# nslookup p3x-dc.patrikx3.com > Server: 192.168.78.20 > Address: 192.168.78.20#53 > > Name: p3x-dc.patrikx3.com > Address: 192.168.78.20 > Name: p3x-dc.patrikx3.com > *Address: 192.168.81.120* > Name: p3x-dc.patrikx3.com > *Address: 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84* > Name: p3x-dc.patrikx3.com > Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > Name: p3x-dc.patrikx3.com > Address: 2001:470:1f1b:5b3::20 > > *if should at least show like:* > root at server:~# nslookup p3x-dc.patrikx3.com > Server: 192.168.78.20 > Address: 192.168.78.20#53 > > Name: p3x-dc.patrikx3.com > Address: 192.168.78.20 > Name: p3x-dc.patrikx3.com > *Address: 192.168.81.20* > Name: p3x-dc.patrikx3.com > *Address: **2001:470:1f1b:5b5:21b:21ff:fea6:ce92* > Name: p3x-dc.patrikx3.com > Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > Name: p3x-dc.patrikx3.com > Address: 2001:470:1f1b:5b3::20 > > *But for unknown reason it generates a 192.168.81.120 instead > (or not at > all) 192.168.81.20 as that is the server ip addres > (**192.168.81.20 and * > *2001:470:1f1b:5b5:21b:21ff:fea6:ce92**)* > *All my windows clients are registered in my p3x-dc domains > and i can log > in. i will explore in the adexplorer what something could > cause this. but > it is very weird. it would be cool if someone would know what it could > happen.* > > > > > *Patrik* > WWW <https://patrikx3.com> | GitHub > <https://github.com/patrikx3/> | NPM > <https://www.npmjs.com/~patrikx3> | Corifeus > <https://corifeus.com> | +36 > 20 342 8046 > > > > > > On Mon, Aug 5, 2019 at 1:28 PM Rowland penny via samba < > samba at lists.samba.org> wrote: > > > On 05/08/2019 11:53, Patrik wrote: > > > the file "/etc/bind/zones/enp1s0f3/patrikx3.com > > > <http://patrikx3.com/>"; are my domain names A, AAAA, > CNAME-s, that is > > > where i store then, there is know AD records at all. it > is all DLZ. > > > *_ > > > _* > > > > If 'patrikx3.com' is a registered dns domain name, then you > should have > > used a subdomain of this for the AD dns domain. > > > > The file you refer to is a FLATFILE and you SHOULDN'T be > storing your AD > > dns records there and it ISN'T bind9_dlz. > > > > Rowland > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
root at server:~# cat /etc/resolv.conf search p3x-dc.patrikx3.com nameserver 192.168.78.20 nameserver 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 root at server:~# I have a server with 2 nics and 2 routers, each subnets are 192.168.78.0/24 | 2001:470:1f1b:5b3::/64 and the other is 192.168.81.0/24 | 2001:470:1f1b:5b5::/64 But no matter what I set, Samba generates via DLZ a unknown ip address 192.168.81.120, which is no-one, the server (before is uses 192.168.81.20) but sometime it just generated this > root at server:~# nslookup server.p3x-dc.patrikx3.com Server: 192.168.78.20 Address: 192.168.78.20#53 *Name: server.p3x-dc.patrikx3.com <http://server.p3x-dc.patrikx3.com>Address: 192.168.81.120* Name: server.p3x-dc.patrikx3.com Address: 192.168.78.20 Name: server.p3x-dc.patrikx3.com Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 *Name: server.p3x-dc.patrikx3.com <http://server.p3x-dc.patrikx3.com>Address: 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84* Name: server.p3x-dc.patrikx3.com Address: 2001:470:1f1b:5b3::20 *Patrik* WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36 20 342 8046 On Mon, Aug 5, 2019 at 1:51 PM L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> That is because your resolving setup is wrong. > > You problem starts here. > Checking file: /etc/resolv.conf > > search patrikx3.com > search corifeus.com > search p3x-dc.patrikx3.com > > The first 2 will do nothing, only last will be used that setup. > > You want : > search p3x-dc.patrikx3.com patrikx3.com corifeus.com > But still thats not needed, you only need. > search p3x-dc.patrikx3.com > > Because the other domains are resolved through dns. > > So, always your primary dnsdomain first. (the one where you samba AD-DC is > configured with ) > P.s. You forgot the hide the pass in named output ( key signed_comms ) so > change that. > > But before we can give a good advice. > > Is the server directly on the internet ( 1 nic/2nics ) > Or > Is the server on the internet and LAN (2 nics) > Or > Is the server on the LAN only but accessable for the internet through > proxy. > > What is the servers main thing it should do. > > Give me above and i'll see if i can give you an good advice here. > > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Patrik via samba > > Verzonden: maandag 5 augustus 2019 13:38 > > Aan: Rowland penny > > CC: sambalist > > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > > > the problem is that here: > > root at server:~# nslookup p3x-dc.patrikx3.com > > Server: 192.168.78.20 > > Address: 192.168.78.20#53 > > > > Name: p3x-dc.patrikx3.com > > Address: 192.168.78.20 > > Name: p3x-dc.patrikx3.com > > *Address: 192.168.81.120* > > Name: p3x-dc.patrikx3.com > > *Address: 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84* > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3::20 > > > > *if should at least show like:* > > root at server:~# nslookup p3x-dc.patrikx3.com > > Server: 192.168.78.20 > > Address: 192.168.78.20#53 > > > > Name: p3x-dc.patrikx3.com > > Address: 192.168.78.20 > > Name: p3x-dc.patrikx3.com > > *Address: 192.168.81.20* > > Name: p3x-dc.patrikx3.com > > *Address: **2001:470:1f1b:5b5:21b:21ff:fea6:ce92* > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3::20 > > > > *But for unknown reason it generates a 192.168.81.120 instead > > (or not at > > all) 192.168.81.20 as that is the server ip addres > > (**192.168.81.20 and * > > *2001:470:1f1b:5b5:21b:21ff:fea6:ce92**)* > > *All my windows clients are registered in my p3x-dc domains > > and i can log > > in. i will explore in the adexplorer what something could > > cause this. but > > it is very weird. it would be cool if someone would know what it could > > happen.* > > > > > > > > > > *Patrik* > > WWW <https://patrikx3.com> | GitHub > > <https://github.com/patrikx3/> | NPM > > <https://www.npmjs.com/~patrikx3> | Corifeus > > <https://corifeus.com> | +36 > > 20 342 8046 > > > > > > > > > > > > On Mon, Aug 5, 2019 at 1:28 PM Rowland penny via samba < > > samba at lists.samba.org> wrote: > > > > > On 05/08/2019 11:53, Patrik wrote: > > > > the file "/etc/bind/zones/enp1s0f3/patrikx3.com > > > > <http://patrikx3.com/>"; are my domain names A, AAAA, > > CNAME-s, that is > > > > where i store then, there is know AD records at all. it > > is all DLZ. > > > > *_ > > > > _* > > > > > > If 'patrikx3.com' is a registered dns domain name, then you > > should have > > > used a subdomain of this for the AD dns domain. > > > > > > The file you refer to is a FLATFILE and you SHOULDN'T be > > storing your AD > > > dns records there and it ISN'T bind9_dlz. > > > > > > Rowland > > > > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
it looks like it is not respecting the interfaces i set in the smb.conf *Patrik* WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36 20 342 8046 On Mon, Aug 5, 2019 at 1:51 PM L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> That is because your resolving setup is wrong. > > You problem starts here. > Checking file: /etc/resolv.conf > > search patrikx3.com > search corifeus.com > search p3x-dc.patrikx3.com > > The first 2 will do nothing, only last will be used that setup. > > You want : > search p3x-dc.patrikx3.com patrikx3.com corifeus.com > But still thats not needed, you only need. > search p3x-dc.patrikx3.com > > Because the other domains are resolved through dns. > > So, always your primary dnsdomain first. (the one where you samba AD-DC is > configured with ) > P.s. You forgot the hide the pass in named output ( key signed_comms ) so > change that. > > But before we can give a good advice. > > Is the server directly on the internet ( 1 nic/2nics ) > Or > Is the server on the internet and LAN (2 nics) > Or > Is the server on the LAN only but accessable for the internet through > proxy. > > What is the servers main thing it should do. > > Give me above and i'll see if i can give you an good advice here. > > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Patrik via samba > > Verzonden: maandag 5 augustus 2019 13:38 > > Aan: Rowland penny > > CC: sambalist > > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > > > the problem is that here: > > root at server:~# nslookup p3x-dc.patrikx3.com > > Server: 192.168.78.20 > > Address: 192.168.78.20#53 > > > > Name: p3x-dc.patrikx3.com > > Address: 192.168.78.20 > > Name: p3x-dc.patrikx3.com > > *Address: 192.168.81.120* > > Name: p3x-dc.patrikx3.com > > *Address: 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84* > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3::20 > > > > *if should at least show like:* > > root at server:~# nslookup p3x-dc.patrikx3.com > > Server: 192.168.78.20 > > Address: 192.168.78.20#53 > > > > Name: p3x-dc.patrikx3.com > > Address: 192.168.78.20 > > Name: p3x-dc.patrikx3.com > > *Address: 192.168.81.20* > > Name: p3x-dc.patrikx3.com > > *Address: **2001:470:1f1b:5b5:21b:21ff:fea6:ce92* > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3::20 > > > > *But for unknown reason it generates a 192.168.81.120 instead > > (or not at > > all) 192.168.81.20 as that is the server ip addres > > (**192.168.81.20 and * > > *2001:470:1f1b:5b5:21b:21ff:fea6:ce92**)* > > *All my windows clients are registered in my p3x-dc domains > > and i can log > > in. i will explore in the adexplorer what something could > > cause this. but > > it is very weird. it would be cool if someone would know what it could > > happen.* > > > > > > > > > > *Patrik* > > WWW <https://patrikx3.com> | GitHub > > <https://github.com/patrikx3/> | NPM > > <https://www.npmjs.com/~patrikx3> | Corifeus > > <https://corifeus.com> | +36 > > 20 342 8046 > > > > > > > > > > > > On Mon, Aug 5, 2019 at 1:28 PM Rowland penny via samba < > > samba at lists.samba.org> wrote: > > > > > On 05/08/2019 11:53, Patrik wrote: > > > > the file "/etc/bind/zones/enp1s0f3/patrikx3.com > > > > <http://patrikx3.com/>"; are my domain names A, AAAA, > > CNAME-s, that is > > > > where i store then, there is know AD records at all. it > > is all DLZ. > > > > *_ > > > > _* > > > > > > If 'patrikx3.com' is a registered dns domain name, then you > > should have > > > used a subdomain of this for the AD dns domain. > > > > > > The file you refer to is a FLATFILE and you SHOULDN'T be > > storing your AD > > > dns records there and it ISN'T bind9_dlz. > > > > > > Rowland > > > > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
it is working even with the 2 interfaces: root at server:~# nmblookup -B 192.168.78.20 server interpret_interface: using netmask value 8 from config file on interface lo added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 added interface enp1s0f3 ip=2001:470:1f1b:5b3::20 bcastnetmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff added interface enp1s0f3 ip=2001:470:1f1b:5b3:21b:21ff:fea6:ce93 bcastnetmask=ffff:ffff:ffff:ffff:: added interface enp1s0f3 ip=192.168.78.20 bcast=192.168.78.255 netmask=255.255.255.0 added interface enp1s0f2 ip=2001:470:1f1b:5b5::20 bcastnetmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff added interface enp1s0f2 ip=2001:470:1f1b:5b5:21b:21ff:fea6:ce92 bcastnetmask=ffff:ffff:ffff:ffff:: added interface enp1s0f2 ip=192.168.81.20 bcast=192.168.81.255 netmask=255.255.255.0 Socket opened. querying server on 192.168.78.20 Got a positive name query response from 192.168.78.20 ( 192.168.78.20 192.168.81.20 ) 192.168.78.20 server<00> 192.168.81.20 server<00> root at server:~# nmblookup -B 192.168.81.20 server interpret_interface: using netmask value 8 from config file on interface lo added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 added interface enp1s0f3 ip=2001:470:1f1b:5b3::20 bcastnetmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff added interface enp1s0f3 ip=2001:470:1f1b:5b3:21b:21ff:fea6:ce93 bcastnetmask=ffff:ffff:ffff:ffff:: added interface enp1s0f3 ip=192.168.78.20 bcast=192.168.78.255 netmask=255.255.255.0 added interface enp1s0f2 ip=2001:470:1f1b:5b5::20 bcastnetmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff added interface enp1s0f2 ip=2001:470:1f1b:5b5:21b:21ff:fea6:ce92 bcastnetmask=ffff:ffff:ffff:ffff:: added interface enp1s0f2 ip=192.168.81.20 bcast=192.168.81.255 netmask=255.255.255.0 Socket opened. querying server on 192.168.81.20 Got a positive name query response from 192.168.81.20 ( 192.168.81.20 192.168.78.20 ) 192.168.81.20 server<00> 192.168.78.20 server<00> root at server:~# what i do not understanding via nslookup is wrong, that is the problem. is it a bind9 BUG? or a samba bug? before with nslookup it was giving 192.168.78.20 and 192.168.81.20 and worked, but not it replaced 192.168.81.20 to 192.168.81.120 and same thing with th ipv6 address. *Patrik* WWW <https://patrikx3.com> | GitHub <https://github.com/patrikx3/> | NPM <https://www.npmjs.com/~patrikx3> | Corifeus <https://corifeus.com> | +36 20 342 8046 On Mon, Aug 5, 2019 at 1:51 PM L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> That is because your resolving setup is wrong. > > You problem starts here. > Checking file: /etc/resolv.conf > > search patrikx3.com > search corifeus.com > search p3x-dc.patrikx3.com > > The first 2 will do nothing, only last will be used that setup. > > You want : > search p3x-dc.patrikx3.com patrikx3.com corifeus.com > But still thats not needed, you only need. > search p3x-dc.patrikx3.com > > Because the other domains are resolved through dns. > > So, always your primary dnsdomain first. (the one where you samba AD-DC is > configured with ) > P.s. You forgot the hide the pass in named output ( key signed_comms ) so > change that. > > But before we can give a good advice. > > Is the server directly on the internet ( 1 nic/2nics ) > Or > Is the server on the internet and LAN (2 nics) > Or > Is the server on the LAN only but accessable for the internet through > proxy. > > What is the servers main thing it should do. > > Give me above and i'll see if i can give you an good advice here. > > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Patrik via samba > > Verzonden: maandag 5 augustus 2019 13:38 > > Aan: Rowland penny > > CC: sambalist > > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > > > the problem is that here: > > root at server:~# nslookup p3x-dc.patrikx3.com > > Server: 192.168.78.20 > > Address: 192.168.78.20#53 > > > > Name: p3x-dc.patrikx3.com > > Address: 192.168.78.20 > > Name: p3x-dc.patrikx3.com > > *Address: 192.168.81.120* > > Name: p3x-dc.patrikx3.com > > *Address: 2001:470:1f1b:5b5:eeaa:a0ff:fe1b:4d84* > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3::20 > > > > *if should at least show like:* > > root at server:~# nslookup p3x-dc.patrikx3.com > > Server: 192.168.78.20 > > Address: 192.168.78.20#53 > > > > Name: p3x-dc.patrikx3.com > > Address: 192.168.78.20 > > Name: p3x-dc.patrikx3.com > > *Address: 192.168.81.20* > > Name: p3x-dc.patrikx3.com > > *Address: **2001:470:1f1b:5b5:21b:21ff:fea6:ce92* > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > > Name: p3x-dc.patrikx3.com > > Address: 2001:470:1f1b:5b3::20 > > > > *But for unknown reason it generates a 192.168.81.120 instead > > (or not at > > all) 192.168.81.20 as that is the server ip addres > > (**192.168.81.20 and * > > *2001:470:1f1b:5b5:21b:21ff:fea6:ce92**)* > > *All my windows clients are registered in my p3x-dc domains > > and i can log > > in. i will explore in the adexplorer what something could > > cause this. but > > it is very weird. it would be cool if someone would know what it could > > happen.* > > > > > > > > > > *Patrik* > > WWW <https://patrikx3.com> | GitHub > > <https://github.com/patrikx3/> | NPM > > <https://www.npmjs.com/~patrikx3> | Corifeus > > <https://corifeus.com> | +36 > > 20 342 8046 > > > > > > > > > > > > On Mon, Aug 5, 2019 at 1:28 PM Rowland penny via samba < > > samba at lists.samba.org> wrote: > > > > > On 05/08/2019 11:53, Patrik wrote: > > > > the file "/etc/bind/zones/enp1s0f3/patrikx3.com > > > > <http://patrikx3.com/>"; are my domain names A, AAAA, > > CNAME-s, that is > > > > where i store then, there is know AD records at all. it > > is all DLZ. > > > > *_ > > > > _* > > > > > > If 'patrikx3.com' is a registered dns domain name, then you > > should have > > > used a subdomain of this for the AD dns domain. > > > > > > The file you refer to is a FLATFILE and you SHOULDN'T be > > storing your AD > > > dns records there and it ISN'T bind9_dlz. > > > > > > Rowland > > > > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 05/08/2019 12:33, Patrik wrote:> the patrikx3.com <http://patrikx3.com> is my domain > my AD DC domain is p3x-dc.patrikx3.com <http://p3x-dc.patrikx3.com>, > you can see: >Unless you have done something strange like using 'p3x-dc' as the subdomain of 'patrikx3.com', that isn't your AD dns domain, it the FQDN of your AD DC. Rowland
On 05/08/2019 12:50, L.P.H. van Belle via samba wrote:> That is because your resolving setup is wrong. > > You problem starts here. > Checking file: /etc/resolv.conf > > search patrikx3.com > search corifeus.com > search p3x-dc.patrikx3.com > > The first 2 will do nothing, only last will be used that setup. > > You want : > search p3x-dc.patrikx3.com patrikx3.com corifeus.com > But still thats not needed, you only need. > search p3x-dc.patrikx3.com > > Because the other domains are resolved through dns. >AGGHHHH, he is using something that looks like a DC short hostname for his AD subdomain, why ???? Having got that out of the way, just follow what Louis is suggesting, remove any mention of any other domain from the DC and forward all requests for anything outside the AD domain to another dns server. Rowland
A wrong assumtion here. You server name is ns1.patrikx3.com according to you SOA record, but you domain : patrikx3.com, is using ns1.he.net for DNS lookups. Just by what i see here and below. This server, how i would setup it up. Hostname : server1.p3x-dc.patrikx3.com Domain name: p3x-dc.patrikx3.com REALM : P3X-DC.PATRIKX3.COM ( ps, i suggest, use a other domainname for the domain where you AD-DC DNS is in. ) IPv4:A 192.168.78.20 IPv6:AAAA 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 PTR-4: 192.168.78.20 server1.p3x-dc.patrikx3.com PTR-6: to 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 server1.p3x-dc.patrikx3.com I also noticed your setup for DNS CAA DKIM etc. That migth change below a bit, start with this. All other domains. patrikx3.com corifeus.com Add as new domain, and only A records where needed. Per ip only one PTR Example : resolv.conf search p3x-dc.patrikx3.com nameserver 192.168.78.20 nameserver 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 options edns0 This is the base you should start with. Anything else, add it in the samba dns. So far, Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Patrik via samba > Verzonden: maandag 5 augustus 2019 13:34 > Aan: Rowland penny > CC: sambalist > Onderwerp: Re: [Samba] samba dlz. bind9 nslookup is wrong > > the patrikx3.com is my domain > my AD DC domain is p3x-dc.patrikx3.com, you can see: > > root at server:~# cat /etc/bind/zones/enp1s0f3/patrikx3.com > ; Replaces on ennp1s0f2 to ennp1s0f3 > ; 192.168.81. 192.168.78. > ; 2001:470:1f1b:5b5:21b:21ff:fea6:ce92 > 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > ; format is done with xed Linux Mint, not using tab, only space > > $TTL 3600 > @ 86400 IN SOA ns1.patrikx3.com. hostmaster.ns1.patrikx3.com. ( > 1 > ; Serial > 1200 > ; Refresh > 120 > ; Retry > 2419200 > ; Expire > > 3600 ) > ; Negative Cache TTL > > ; Name servers > patrikx3.com. 300 IN NS > ns1.patrikx3.com > . > patrikx3.com. 300 IN MX 10 > mail.patrikx3.com. > patrikx3.com. 300 IN TXT "v=spf1 a: > mail.patrikx3.com -all" > patrikx3.com. 300 IN CAA 0 issue " > letsencrypt.org" > > mail._domainkey.patrikx3.com. 300 IN TXT ( > "v=DKIM1; > h=sha256; k=rsa; " > "p=secure" > "secure" ) ; ----- DKIM key mail for patrikx3.com > > patrikx3.com. 300 IN A > 192.168.78.20 > patrikx3.com. 300 IN AAAA > 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > > uptimerobot 300 IN CNAME > stats.uptimerobot.com. > > > ; A records for name servers > @ 300 IN A > 192.168.78.20 > @ 300 IN AAAA > 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > ns1 300 IN A > 192.168.78.20 > bitang 300 IN A > 192.168.78.40 > workstation 300 IN A > 192.168.78.30 > ipv6 300 IN AAAA > 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > printer 300 IN A > 192.168.78.50 > mail 300 IN A > 192.168.78.20 > mail 300 IN AAAA > 2001:470:1f1b:5b3:21b:21ff:fea6:ce93 > tuti 300 IN A > 192.168.78.21 > > ; Other A records > www 300 IN CNAME > patrikx3.com. > ;this p3x-dc domain comes from the dlz.... see it is commented > *;p3x-dc 300 IN CNAME > patrikx3.com > <http://patrikx3.com>.* > server 300 IN CNAME > patrikx3.com. > home.router 300 IN CNAME > patrikx3.com. > business.router 300 IN CNAME > patrikx3.com. > office.router 300 IN CNAME > patrikx3.com. > address-book 300 IN CNAME > patrikx3.com. > fortune-cookie 300 IN CNAME > patrikx3.com. > torrent 300 IN CNAME > patrikx3.com. > test 300 IN CNAME > patrikx3.com. > mysql 300 IN CNAME > patrikx3.com. > git 300 IN CNAME > patrikx3.com. > webhook 300 IN CNAME > patrikx3.com. > sync 300 IN CNAME > patrikx3.com. > cloud 300 IN CNAME > patrikx3.com. > redis 300 IN CNAME > patrikx3.com. > server 300 IN CNAME > patrikx3.com. > npm 300 IN CNAME > patrikx3.com. > gitlist 300 IN CNAME > patrikx3.com. > afraid 300 IN CNAME > patrikx3.com. > blog 300 IN CNAME > patrikx3.com. > stats 300 IN CNAME > patrikx3.com. > github 300 IN CNAME > patrikx3.com. > mongo 300 IN CNAME > patrikx3.com. > ldap 300 IN CNAME > patrikx3.com. > p3x.redis 300 IN CNAME > patrikx3.com. > php.redis 300 IN CNAME > patrikx3.com. > commander.redis 300 IN CNAME > patrikx3.com. > > resume.bitang 300 IN CNAME > bitang.patrikx3.com. > mysql.bitang 300 IN CNAME > bitang.patrikx3.com. > ngivr.bitang 300 IN CNAME > bitang.patrikx3.com. > layout.ngivr.bitang 300 IN CNAME > bitang.patrikx3.com. > gitlist.bitang 300 IN CNAME > bitang.patrikx3.com. > > > resume.workstation 300 IN CNAME > workstation.patrikx3.com. > mysql.workstation 300 IN CNAME > workstation.patrikx3.com. > ngivr.workstation 300 IN CNAME > workstation.patrikx3.com. > layout.ngivr.workstation 300 IN CNAME > workstation.patrikx3.com. > gitlist.workstation 300 IN CNAME > workstation.patrikx3.com. > > test1 300 IN CNAME > tuti.patrikx3.com. > test2 300 IN CNAME > tuti.patrikx3.com. > > *Patrik* > WWW <https://patrikx3.com> | GitHub > <https://github.com/patrikx3/> | NPM > <https://www.npmjs.com/~patrikx3> | Corifeus > <https://corifeus.com> | +36 > 20 342 8046 > > > > > On Mon, Aug 5, 2019 at 1:28 PM Rowland penny via samba < > samba at lists.samba.org> wrote: > > > On 05/08/2019 11:53, Patrik wrote: > > > the file "/etc/bind/zones/enp1s0f3/patrikx3.com > > > <http://patrikx3.com/>"; are my domain names A, AAAA, > CNAME-s, that is > > > where i store then, there is know AD records at all. it > is all DLZ. > > > *_ > > > _* > > > > If 'patrikx3.com' is a registered dns domain name, then you > should have > > used a subdomain of this for the AD dns domain. > > > > The file you refer to is a FLATFILE and you SHOULDN'T be > storing your AD > > dns records there and it ISN'T bind9_dlz. > > > > Rowland > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >