Miguel Angel Coa M.
2020-May-12 11:31 UTC
[Samba] DNS sometimes give error/timeout or works fine
Hi, i've three samba DC's with BIND9_DLZ backend . The DNS queryes is erratic, sometimes from pc lan the DNS resolution work fine and on another occasion give timeout or fail My DC's are: [............] [root at sambadc03 ~]# host -t A mydomain.com mydomain.com has address 10.13.250.128 mydomain.com has address 10.13.250.110 mydomain.com has address 10.13.250.111 mydomain.com has address 10.13.250.112 [............] Note: The .110 and .111 are the same DC (this server have 2 ip's) Example: Query fail from pc [............] mcoa at mcoa-new-air:~|? nslookup mydomain.com 10.13.250.112 ;; connection timed out; no servers could be reached [............]>From the same pc and the same query .... result is ok[............] mcoa at mcoa-new-air:~|? nslookup mydomain.com 10.13.250.112 Server: 10.13.250.112 Address: 10.13.250.112#53 Name: mydomain.com Address: 10.13.250.112 Name: mydomain.com Address: 10.13.250.111 Name: mydomain.com Address: 10.13.250.128 Name: mydomain.com Address: 10.13.250.110 [............] If i check inside DC i've similar behavior Fail [............] [root at sambadc02 ~]# dig @10.13.250.112 mydomain.com ns ;; connection timed out; no servers could be reached [............] Works fine [............] [root at sambadc02 ~]# dig @10.13.250.112 mydomain.com ns +short sambadc01.mydomain.com. sambadc02.mydomain.com. sambadc03.mydomain.com. [............] Inside the DC consulting to 127.0.0.1 the query and resulte is fine What could be happening?
Rowland penny
2020-May-12 12:07 UTC
[Samba] DNS sometimes give error/timeout or works fine
On 12/05/2020 12:31, Miguel Angel Coa M. via samba wrote:> Hi, > i've three samba DC's with BIND9_DLZ backend . The DNS queryes is erratic, > sometimes from pc lan the DNS resolution work fine and on another > occasion give timeout or fail > > My DC's are: > > [............] > [root at sambadc03 ~]# host -t A mydomain.com > mydomain.com has address 10.13.250.128 > mydomain.com has address 10.13.250.110 > mydomain.com has address 10.13.250.111 > mydomain.com has address 10.13.250.112 > [............] > > Note: The .110 and .111 are the same DC (this server have 2 ip's) > > Example: > > Query fail from pc > > [............] > mcoa at mcoa-new-air:~|? nslookup mydomain.com 10.13.250.112 > ;; connection timed out; no servers could be reached > [............] > > From the same pc and the same query .... result is ok > > [............] > mcoa at mcoa-new-air:~|? nslookup mydomain.com 10.13.250.112 > Server: 10.13.250.112 > Address: 10.13.250.112#53 > > Name: mydomain.com > Address: 10.13.250.112 > Name: mydomain.com > Address: 10.13.250.111 > Name: mydomain.com > Address: 10.13.250.128 > Name: mydomain.com > Address: 10.13.250.110 > [............] > > If i check inside DC i've similar behavior > > Fail > > [............] > [root at sambadc02 ~]# dig @10.13.250.112 mydomain.com ns > ;; connection timed out; no servers could be reached > [............] > > > Works fine > [............] > [root at sambadc02 ~]# dig @10.13.250.112 mydomain.com ns +short > sambadc01.mydomain.com. > sambadc02.mydomain.com. > sambadc03.mydomain.com. > [............] > > Inside the DC consulting to 127.0.0.1 the query and resulte is fine > > > What could be happening?Not sure ;-) Can we have more info, named.conf files, OS etc Rowland
L.P.H. van Belle
2020-May-12 12:26 UTC
[Samba] DNS sometimes give error/timeout or works fine
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Miguel Angel Coa M. via samba > Verzonden: dinsdag 12 mei 2020 13:31 > Aan: samba at lists.samba.org > Onderwerp: [Samba] DNS sometimes give error/timeout or works fine > > Hi, > i've three samba DC's with BIND9_DLZ backend . The DNS > queryes is erratic, > sometimes from pc lan the DNS resolution work fine and on another > occasion give timeout or fail > > My DC's are: > > [............] > [root at sambadc03 ~]# host -t A mydomain.com > mydomain.com has address 10.13.250.128 > mydomain.com has address 10.13.250.110 > mydomain.com has address 10.13.250.111 > mydomain.com has address 10.13.250.112 > [............] > > Note: The .110 and .111 are the same DC (this server have 2 ip's)Verify : dig -x 10.13.250.110 dig -x 10.13.250.111 dig A hostname1.mydomain.com dig A hostname2.mydomain.com> > Example: > > Query fail from pc > > [............] > mcoa at mcoa-new-air:~|??? nslookup mydomain.com 10.13.250.112 > ;; connection timed out; no servers could be reached > [............] > > From the same pc and the same query .... result is ok > > [............] > mcoa at mcoa-new-air:~|??? nslookup mydomain.com 10.13.250.112 > Server: 10.13.250.112 > Address: 10.13.250.112#53 > > Name: mydomain.com > Address: 10.13.250.112 > Name: mydomain.com > Address: 10.13.250.111 > Name: mydomain.com > Address: 10.13.250.128 > Name: mydomain.com > Address: 10.13.250.110 > [............] > > If i check inside DC i've similar behavior > > Fail > > [............] > [root at sambadc02 ~]# dig @10.13.250.112 mydomain.com ns > ;; connection timed out; no servers could be reached > [............] >So, you "might" have firwalled the outgoing traffic to allow only from your AD-DC's? Or, /etc/resolv.conf contains a wrong first domainname in search or domain line. Most probely one of these 2, at least the first i would check.> > Works fine > [............] > [root at sambadc02 ~]# dig @10.13.250.112 mydomain.com ns +short > sambadc01.mydomain.com. > sambadc02.mydomain.com. > sambadc03.mydomain.com. > [............] > > Inside the DC consulting to 127.0.0.1 the query and resulte is fine > > > What could be happening?> Query fail from pc ...CMD : ipconfig /all verify the primary and domain dns suffix.> -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaGreetz, Louis