samba - May 2020 - DNS problem ubuntu server 20.04

> -----Oorspronkelijk bericht-----
> Van: samba-technical 
> [mailto:samba-technical-bounces at lists.samba.org] Namens 
> Rowland penny via samba-technical
> Verzonden: donderdag 14 mei 2020 21:20
> Aan: samba-technical at lists.samba.org
> Onderwerp: Re: DNS problem ubuntu server 20.04
> 
> On 14/05/2020 18:57, RickJC1 via samba-technical wrote:
> > Hello everyone I am trying to get Samba 4.11.6 -Ubuntu Bind 
> > 9.16.1-Ubuntu to work with Ubuntu server 20.04
> It looks like 'samba-master/source4/setup/named.conf.dlz' 
> needs updating 
> again, the highest version is 'dlz_bind9_12.so'
> >
> >
> > Hostname: dc1s
> >
> > NetBIOS Domain: GUNAS
> >
> > DNS Domain: gunas.int
> >
> >
> > I am trying resolve a problem with not being able to find 
> the server. 
> > After many days of failed attempts. I did not want to bother anyone 
> > but I have been defeated so I could do with some help please.
> >
> >
> > */etc/resolv.conf*
> >
> > nameserver 127.0.0.53
> It should point at the DC's ipaddress
Using the stub-adres for the dns works fine but you need to configure the othere
things.

https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
Start reading as of line 322 "Correct the resolving."


Greetz, 

Louis

> >
> > May 14 14:38:26 dc1s named[1389]: command channel listening 
> on ::1#953
> >
> > May 14 14:38:26 dc1s named[1389]: managed-keys-zone: loaded 
> serial 19
> >
> > May 14 14:38:26 dc1s named[1389]: zone 127.in-addr.arpa/IN: loaded 
> > serial 1
> >
> > May 14 14:38:26 dc1s named[1389]: zone 0.in-addr.arpa/IN: 
> loaded serial 1
> >
> > May 14 14:38:26 dc1s named[1389]: zone 255.in-addr.arpa/IN: loaded 
> > serial 1
> >
> > May 14 14:38:26 dc1s named[1389]: zone localhost/IN: loaded serial 2
> >
> > May 14 14:38:26 dc1s named[1389]: all zones loaded
> >
> > May 14 14:38:26 dc1s named[1389]: running
> It might be running but it isn't using bind9_dlz
> 
> Try opening /var/lib/samba/bind-dns/named.conf
> 
> Ensure that the line: database "dlopen 
> /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_12.so";
> 
> is uncommented and all similar lines are commented, it 'may' work, 
> restart bind9
> 
> Rowland
> 
> 
> 
> 
>

I found a similar problem when Debian moved bind 9.16 to testing a few
weeks ago.

If you put the debug flag into

database "dlopen ....../bind9/dlz_bind9_12.so -d 3";

You'll find the error message in journalctl -xe logs.

I was unsure of how to proceed as I am no expert, so undid the upgrade
of bind9.16 back to bind9.11

RT


On Fri, 15 May 2020 at 08:18, L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba-technical
> > [mailto:samba-technical-bounces at lists.samba.org] Namens
> > Rowland penny via samba-technical
> > Verzonden: donderdag 14 mei 2020 21:20
> > Aan: samba-technical at lists.samba.org
> > Onderwerp: Re: DNS problem ubuntu server 20.04
> >
> > On 14/05/2020 18:57, RickJC1 via samba-technical wrote:
> > > Hello everyone I am trying to get Samba 4.11.6 -Ubuntu Bind
> > > 9.16.1-Ubuntu to work with Ubuntu server 20.04
> > It looks like 'samba-master/source4/setup/named.conf.dlz'
> > needs updating
> > again, the highest version is 'dlz_bind9_12.so'
> > >
> > >
> > > Hostname: dc1s
> > >
> > > NetBIOS Domain: GUNAS
> > >
> > > DNS Domain: gunas.int
> > >
> > >
> > > I am trying resolve a problem with not being able to find
> > the server.
> > > After many days of failed attempts. I did not want to bother
anyone
> > > but I have been defeated so I could do with some help please.
> > >
> > >
> > > */etc/resolv.conf*
> > >
> > > nameserver 127.0.0.53
> > It should point at the DC's ipaddress
>
> Using the stub-adres for the dns works fine but you need to configure the
> othere things.
>
>
>
https://github.com/thctlo/samba4/blob/master/full-howto-Ubuntu18.04-samba-AD_DC.txt
> Start reading as of line 322 "Correct the resolving."
>
>
> Greetz,
>
> Louis
>
>
> > >
> > > May 14 14:38:26 dc1s named[1389]: command channel listening
> > on ::1#953
> > >
> > > May 14 14:38:26 dc1s named[1389]: managed-keys-zone: loaded
> > serial 19
> > >
> > > May 14 14:38:26 dc1s named[1389]: zone 127.in-addr.arpa/IN:
loaded
> > > serial 1
> > >
> > > May 14 14:38:26 dc1s named[1389]: zone 0.in-addr.arpa/IN:
> > loaded serial 1
> > >
> > > May 14 14:38:26 dc1s named[1389]: zone 255.in-addr.arpa/IN:
loaded
> > > serial 1
> > >
> > > May 14 14:38:26 dc1s named[1389]: zone localhost/IN: loaded
serial 2
> > >
> > > May 14 14:38:26 dc1s named[1389]: all zones loaded
> > >
> > > May 14 14:38:26 dc1s named[1389]: running
> > It might be running but it isn't using bind9_dlz
> >
> > Try opening /var/lib/samba/bind-dns/named.conf
> >
> > Ensure that the line: database "dlopen
> > /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_12.so";
> >
> > is uncommented and all similar lines are commented, it 'may'
work,
> > restart bind9
> >
> > Rowland
> >
> >
> >
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 15/05/2020 08:17, L.P.H. van Belle via samba wrote:
>   
>
>> -----Oorspronkelijk bericht-----
>> Van: samba-technical
>> [mailto:samba-technical-bounces at lists.samba.org] Namens
>> Rowland penny via samba-technical
>> Verzonden: donderdag 14 mei 2020 21:20
>> Aan: samba-technical at lists.samba.org
>> Onderwerp: Re: DNS problem ubuntu server 20.04
>>
>> On 14/05/2020 18:57, RickJC1 via samba-technical wrote:
>>> Hello everyone I am trying to get Samba 4.11.6 -Ubuntu Bind
>>> 9.16.1-Ubuntu to work with Ubuntu server 20.04
>> It looks like 'samba-master/source4/setup/named.conf.dlz'
>> needs updating
>> again, the highest version is 'dlz_bind9_12.so'
>>>
>>> Hostname: dc1s
>>>
>>> NetBIOS Domain: GUNAS
>>>
>>> DNS Domain: gunas.int
>>>
>>>
>>> I am trying resolve a problem with not being able to find
>> the server.
>>> After many days of failed attempts. I did not want to bother anyone
>>> but I have been defeated so I could do with some help please.
>>>
>>>
>>> */etc/resolv.conf*
>>>
>>> nameserver 127.0.0.53
>> It should point at the DC's ipaddress
> Using the stub-adres for the dns works fine but you need to configure the
othere things.
>
That is possible on a Unix domain member, but, in my opinion, you would 
have to remove systemd-resolve on a DC

Run <sudo netstat -plnt | grep '53'> on a newly installed Ubuntu
20.04
and you get this:

tcp??????? 0????? 0 127.0.0.53:53 0.0.0.0:*?????????????? LISTEN????? 
451/systemd-resolve

This would interfere with the AD dns server.

Rowland

> >
> That is possible on a Unix domain member, but, in my opinion, 
> you would 
> have to remove systemd-resolve on a DC
> 
> Run <sudo netstat -plnt | grep '53'> on a newly installed 
> Ubuntu 20.04 
> and you get this:
> 
> tcp??????? 0????? 0 127.0.0.53:53 0.0.0.0:*?????????????? LISTEN????? 
> 451/systemd-resolve
> 
> This would interfere with the AD dns server.
> 
No, that a wrong understanding in my optinion.

Per example. The client requests. 
Can be command like dig or hostname these query on the stub-resulver 
127.0.0.53:53
So you must configure systemd networking + resolving if you use it. 

but a client computer quering port 53 on the server its real ip, not on
127.0.0.53 and so does not use the stub-resolver.  Only the server itself
throught client requests.

The stub-resolver  passed the request to the ip you configure on the interface
the request is comming from/going to.

That how i configure it. 
Now is that handy, thats an other question but i have a full running setup where
AD-DC's and Members also use the Stub-resolvers without any problems.



Greetz, 

Louis

On 15/05/2020 14:55, L.P.H. van Belle via samba wrote:
>> That is possible on a Unix domain member, but, in my opinion,
>> you would
>> have to remove systemd-resolve on a DC
>>
>> Run <sudo netstat -plnt | grep '53'> on a newly installed
>> Ubuntu 20.04
>> and you get this:
>>
>> tcp??????? 0????? 0 127.0.0.53:53 0.0.0.0:*?????????????? LISTEN
>> 451/systemd-resolve
>>
>> This would interfere with the AD dns server.
>>
> No, that a wrong understanding in my optinion.
>
> Per example. The client requests.
On a client that doesn't run a separate dns server it will work, I can 
prove this, but you can only run one server on port 53 on a Samba AD DC 
and that server has to be either the internal dns server or Bind9. If 
you have systemd-resolve running on a DC, you are not using the dns 
server you think you are.

Rowland

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: vrijdag 15 mei 2020 16:05
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] DNS problem ubuntu server 20.04
> 
> On 15/05/2020 14:55, L.P.H. van Belle via samba wrote:
> >> That is possible on a Unix domain member, but, in my opinion,
> >> you would
> >> have to remove systemd-resolve on a DC
> >>
> >> Run <sudo netstat -plnt | grep '53'> on a newly
installed
> >> Ubuntu 20.04
> >> and you get this:
> >>
> >> tcp??????? 0????? 0 127.0.0.53:53 0.0.0.0:*?????????????? LISTEN
> >> 451/systemd-resolve
> >>
> >> This would interfere with the AD dns server.
> >>
> > No, that a wrong understanding in my optinion.
> >
> > Per example. The client requests.
> 
> On a client that doesn't run a separate dns server it will 
> work, I can prove this, but you can only run one server on port 53 on a
Samba AD DC
> and that server has to be either the internal dns server or Bind9. If 
> you have systemd-resolve running on a DC, you are not using the dns 
> server you think you are.

I can run as much DNS servers on 1 system as long i have ip adresses and free
ports.
And pass every request to the next in line.. 

Im not saying thats the way to do it but yes you can make that work. 


127.0.0.53:53 => i pass these requests to 192.168.0.1:53 ( where samba-ad-dc
runs )
Just like any other caching server setup. 

I can make it also work like this. 

(127.0.0.53:53 sub => 127.0.0.1:53 bind9 caching) => 192.168.0.1:53 samba
AD-DC dns.

And i get the reply back as it should. 
And only...! My client (command line/local software ) that used resolv.conf 
Will use it, this part of it : (127.0.0.53:53 sub => 127.0.0.1:53 bind9
caching)

Any computer/server "client" only contacts 192.168.0.1:53 

Now im not discussion right or wrong.. But it does work. 
More ways to Rome then you think.. ;-) 

Say no again, and ill make a new setup this weekend on samba ad-dc 20.04 with
stub resolving on.  ;-)

But .... please, ;-) dont say no.. I need my rest this weekend.. ;-) 
Almost at 60 hours working this week.. Pff. Almost done here.. 

Was a very buzy week with not much sleep .. 
Have a great weekend guys, im going to sleep few days i think.. 

Greetz, 

Louis