-----Original Message----- From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland penny via samba Sent: torsdag 29. august 2019 16:33 To: samba at lists.samba.org Subject: Re: [Samba] no DNS functionality on second subnet On 29/08/2019 13:50, Andreas Habel via samba wrote:> Hi, > > we have successfully installed our samba4 AD domain with AD > DC,smb > file server and Windows/Linux clients in the same subnet. > > Now we try to add a couple of Windows PCs to the domain that are > located in a different subnet. As soon as the AD DC is added as the > DNS server on the Windows clients it is no longer possible to resolve > ip addresses. In other words, for those PCs DNS is not working. > > We added - the new clients to our DNS using samba-tool dns add > - a new reverse lookup zone for the new subnet and filled it > using samba-tool dns add - a new subnet in RSAT Active > Directory Sites and Services > > Routing seems to be OK - we can run telnet <IP of AD DC> 53 from one > of the "new" Windows clients and a connection will be established. > However, analyses from wireshark/tshark show that on DNS requests > there is never an answer from our AD DC. > > It seems that we are missing something here - any help would be > appreciated. > > Andreas [[AH:]] Does 'telnet <DC short hostname> 53' work ? Rowland No, neither short name or FQDN work: C:\Users\Administrator>telnet smbdc 53 Connecting To smbdc...Could not open connection to the host, on port 53: Connect failed C:\Users\Administrator>telnet smbdc.ier.ux.uis.no 53 Connecting To smbdc.ier.ux.uis.no...Could not open connection to the host, on port 53: Connect failed Andreas -- Andreas Habel Petroleum engineering lab Geosciences | Unix network Faculty of Science and Technology University of Stavanger Norway Phone: +47-51 83 22 93
Am 30.08.19 um 08:00 schrieb Andreas Habel via samba:> C:\Users\Administrator>telnet smbdc 53 > Connecting To smbdc...Could not open connection to the host, on port 53: Connect failed > > C:\Users\Administrator>telnet smbdc.ier.ux.uis.no 53 > Connecting To smbdc.ier.ux.uis.no...Could not open connection to the host, on port 53: Connect failedlooks like your client can't reach port 53 on that IP at all either a firewall issue or the daemon not listening on that NIC
On 30/08/2019 07:00, Andreas Habel via samba wrote:> -----Original Message----- > From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland penny via samba > Sent: torsdag 29. august 2019 16:33 > To: samba at lists.samba.org > Subject: Re: [Samba] no DNS functionality on second subnet > > On 29/08/2019 13:50, Andreas Habel via samba wrote: >> Hi, > > we have successfully installed our samba4 AD domain with AD >> DC, > smb > file server and Windows/Linux clients in the same subnet. > > Now we try to add a couple of Windows PCs to the domain that are > located in a different subnet. As soon as the AD DC is added as the > DNS server on the Windows clients it is no longer possible to resolve > ip addresses. In other words, for those PCs DNS is not working. > > We added - the new clients to our DNS using samba-tool dns add > - a new reverse lookup zone for the new subnet and filled it > using samba-tool dns add - a new subnet in RSAT Active > Directory Sites and Services > > Routing seems to be OK - we can run telnet <IP of AD DC> 53 from one > of the "new" Windows clients and a connection will be established. > However, analyses from wireshark/tshark show that on DNS requests > there is never an answer from our AD DC. > > It seems that we are missing something here - any help would be > appreciated. > > Andreas > [[AH:]] > > Does 'telnet <DC short hostname> 53' work ? > > Rowland > > No, neither short name or FQDN work: > > C:\Users\Administrator>telnet smbdc 53 > Connecting To smbdc...Could not open connection to the host, on port 53: Connect failed > > C:\Users\Administrator>telnet smbdc.ier.ux.uis.no 53 > Connecting To smbdc.ier.ux.uis.no...Could not open connection to the host, on port 53: Connect failed > > > AndreasThen you have DNS problems, is a firewall running blocking port 53 ? Do dns lookup commands on the client work ? Rowland
> -----Original Message----- > From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland penny via > samba > Sent: fredag 30. august 2019 09:57 > To: samba at lists.samba.org > Subject: Re: [Samba] no DNS functionality on second subnet > > On 30/08/2019 07:00, Andreas Habel via samba wrote: > > -----Original Message----- > > From: samba <samba-bounces at lists.samba.org> On Behalf Of Rowland penny > > via samba > > Sent: torsdag 29. august 2019 16:33 > > To: samba at lists.samba.org > > Subject: Re: [Samba] no DNS functionality on second subnet > > > > On 29/08/2019 13:50, Andreas Habel via samba wrote: > >> Hi, > > we have successfully installed our samba4 AD domain with AD > >> DC, > > smb > file server and Windows/Linux clients in the same subnet. > > > > Now we try to add a couple of Windows PCs to the domain that are > > > located in a different subnet. As soon as the AD DC is added as the > > > DNS server on the Windows clients it is no longer possible to resolve > > > ip addresses. In other words, for those PCs DNS is not working. > > > > We added - the new clients to our DNS using samba-tool dns add > - a > > new reverse lookup zone for the new subnet and filled it > using > > samba-tool dns add - a new subnet in RSAT Active > Directory Sites and > > Services > > Routing seems to be OK - we can run telnet <IP of AD DC> > > 53 from one > of the "new" Windows clients and a connection will be > > established. > However, analyses from wireshark/tshark show that on > > DNS requests > there is never an answer from our AD DC. > > It seems > > that we are missing something here - any help would be > appreciated. > > > > Andreas [[AH:]] > > > > Does 'telnet <DC short hostname> 53' work ? > > > > Rowland > > > > No, neither short name or FQDN work: > > > > C:\Users\Administrator>telnet smbdc 53 Connecting To smbdc...Could not > > open connection to the host, on port 53: Connect failed > > > > C:\Users\Administrator>telnet smbdc.ier.ux.uis.no 53 Connecting To > > smbdc.ier.ux.uis.no...Could not open connection to the host, on port > > 53: Connect failed > > > > > > Andreas > > Then you have DNS problems, is a firewall running blocking port 53 ? > > Do dns lookup commands on the client work ? >No, all kind of lookups (to the DC, intern or external hosts) fail with a timeout. This applies to clients on the "new" subnet. Lookups work on clients that are on the same subnet as the DC. Andreas