Hello, I am trying to setup a samba4 AD dc in my network using smb-tool. Everything seems to work except DNS forwarding. If I query for the dc root at dc:~# nslookup dc.local.domain.it I get the correct answer: root at dc:~# nslookup dc Server:???????? aaa.bbb.ccc.ddd Address:??????? aaa.bbb.ccc.ddd#53 Name:?? dc.xxxx.yyyy.it Address: aaa.bbb.ccc.ddd but if I query for an external domain: root at dc:~# nslookup www.nasa.gov Server:???????? aaa.bbb.ccc.ddd Address:????? aaa.bbb.ccc.ddd#53 Non-authoritative answer: *** Can't find www.nasa.gov: No answer Here is my smb.conf: [global] ??????? workgroup = XXXX ??????? realm = XXXX.YYYY.IT ??????? netbios name = DC ??????? server role = active directory domain controller ??????? idmap_ldb:use rfc2307 = yes ??????? dns forwarder = 8.8.8.8 [netlogon] ??????? path = /var/lib/samba/sysvol/xxxx.yyyy.it/scripts ??????? read only = No [sysvol] ??????? path = /var/lib/samba/sysvol ??????? read only = No and my resolv.conf search xxxx.yyyy.it nameserver aaa.bbb.ccc.ddd Thank you in advance Andrea
On 14/07/2020 11:56, Andrea Ballarati via samba wrote:> Hello, > I am trying to setup a samba4 AD dc in my network using smb-tool. > Everything seems to work except DNS forwarding. > If I query for the dc > root at dc:~# nslookup dc.local.domain.it > I get the correct answer: > root at dc:~# nslookup dc > Server:???????? aaa.bbb.ccc.ddd > Address:??????? aaa.bbb.ccc.ddd#53 > > Name:?? dc.xxxx.yyyy.it > Address: aaa.bbb.ccc.ddd > > but if I query for an external domain: > root at dc:~# nslookup www.nasa.gov > Server:???????? aaa.bbb.ccc.ddd > Address:????? aaa.bbb.ccc.ddd#53 > > Non-authoritative answer: > *** Can't find www.nasa.gov: No answer > > Here is my smb.conf: > [global] > ??????? workgroup = XXXX > ??????? realm = XXXX.YYYY.IT > ??????? netbios name = DC > ??????? server role = active directory domain controller > ??????? idmap_ldb:use rfc2307 = yes > ??????? dns forwarder = 8.8.8.8 > > [netlogon] > ??????? path = /var/lib/samba/sysvol/xxxx.yyyy.it/scripts > ??????? read only = No > > [sysvol] > ??????? path = /var/lib/samba/sysvol > ??????? read only = No > > and my resolv.conf > > search xxxx.yyyy.it > nameserver aaa.bbb.ccc.ddd > > Thank you in advance > Andrea >Strange, it should work, can you ping Google (8.8.8.8) and www.nasa.gov ? Could there be anything blocking access to the internet ( firewall etc) ? Rowland
Yes, all these work here also (! With bind9_dlz ) nslookup nasa.org $(hostname -i) ( running the command on the DC itself.) nslookup nasa.org 1.1.1.1 nslookup nasa.org 8.8.8.8 Old samba version without the root zone provisioned maybe? That is an old bug. Which samba version is this? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland penny via samba > Verzonden: dinsdag 14 juli 2020 13:47 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] internal DNS not forwarding > > On 14/07/2020 11:56, Andrea Ballarati via samba wrote: > > Hello, > > I am trying to setup a samba4 AD dc in my network using smb-tool. > > Everything seems to work except DNS forwarding. > > If I query for the dc > > root at dc:~# nslookup dc.local.domain.it > > I get the correct answer: > > root at dc:~# nslookup dc > > Server:???????? aaa.bbb.ccc.ddd > > Address:??????? aaa.bbb.ccc.ddd#53 > > > > Name:?? dc.xxxx.yyyy.it > > Address: aaa.bbb.ccc.ddd > > > > but if I query for an external domain: > > root at dc:~# nslookup www.nasa.gov > > Server:???????? aaa.bbb.ccc.ddd > > Address:????? aaa.bbb.ccc.ddd#53 > > > > Non-authoritative answer: > > *** Can't find www.nasa.gov: No answer > > > > Here is my smb.conf: > > [global] > > ??????? workgroup = XXXX > > ??????? realm = XXXX.YYYY.IT > > ??????? netbios name = DC > > ??????? server role = active directory domain controller > > ??????? idmap_ldb:use rfc2307 = yes > > ??????? dns forwarder = 8.8.8.8 > > > > [netlogon] > > ??????? path = /var/lib/samba/sysvol/xxxx.yyyy.it/scripts > > ??????? read only = No > > > > [sysvol] > > ??????? path = /var/lib/samba/sysvol > > ??????? read only = No > > > > and my resolv.conf > > > > search xxxx.yyyy.it > > nameserver aaa.bbb.ccc.ddd > > > > Thank you in advance > > Andrea > > > Strange, it should work, can you ping Google (8.8.8.8) and > www.nasa.gov ? > > Could there be anything blocking access to the internet ( > firewall etc) ? > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
You may need to assign the interface you want samba to listen on:
[global]
interfaces = lo,eth1
bind interfaces only = Yes
Yes I can ping Google DNS and every other host. Iif I change the nameserver to 8.8.8.8 in resolv.conf, name resolution works perfectly. Andrea Il 14/07/20 13:47, Rowland penny via samba ha scritto:> On 14/07/2020 11:56, Andrea Ballarati via samba wrote: >> Hello, >> I am trying to setup a samba4 AD dc in my network using smb-tool. >> Everything seems to work except DNS forwarding. >> If I query for the dc >> root at dc:~# nslookup dc.local.domain.it >> I get the correct answer: >> root at dc:~# nslookup dc >> Server:???????? aaa.bbb.ccc.ddd >> Address:??????? aaa.bbb.ccc.ddd#53 >> >> Name:?? dc.xxxx.yyyy.it >> Address: aaa.bbb.ccc.ddd >> >> but if I query for an external domain: >> root at dc:~# nslookup www.nasa.gov >> Server:???????? aaa.bbb.ccc.ddd >> Address:????? aaa.bbb.ccc.ddd#53 >> >> Non-authoritative answer: >> *** Can't find www.nasa.gov: No answer >> >> Here is my smb.conf: >> [global] >> ??????? workgroup = XXXX >> ??????? realm = XXXX.YYYY.IT >> ??????? netbios name = DC >> ??????? server role = active directory domain controller >> ??????? idmap_ldb:use rfc2307 = yes >> ??????? dns forwarder = 8.8.8.8 >> >> [netlogon] >> ??????? path = /var/lib/samba/sysvol/xxxx.yyyy.it/scripts >> ??????? read only = No >> >> [sysvol] >> ??????? path = /var/lib/samba/sysvol >> ??????? read only = No >> >> and my resolv.conf >> >> search xxxx.yyyy.it >> nameserver aaa.bbb.ccc.ddd >> >> Thank you in advance >> Andrea >> > Strange, it should work, can you ping Google (8.8.8.8) and www.nasa.gov ? > > Could there be anything blocking access to the internet ( firewall etc) ? > > Rowland > > >-- ing. Andrea Ballarati andrea.ballarati at gmail.com mob. 3481424892
Hi Louis, root at dc:~# samba -V Version 4.3.11-Ubuntu Andrea Il 14/07/20 13:55, L.P.H. van Belle via samba ha scritto:> Yes, all these work here also (! With bind9_dlz ) > > nslookup nasa.org $(hostname -i) ( running the command on the DC itself.) > nslookup nasa.org 1.1.1.1 > nslookup nasa.org 8.8.8.8 > > Old samba version without the root zone provisioned maybe? > That is an old bug. > > Which samba version is this? > > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Rowland penny via samba >> Verzonden: dinsdag 14 juli 2020 13:47 >> Aan: samba at lists.samba.org >> Onderwerp: Re: [Samba] internal DNS not forwarding >> >> On 14/07/2020 11:56, Andrea Ballarati via samba wrote: >>> Hello, >>> I am trying to setup a samba4 AD dc in my network using smb-tool. >>> Everything seems to work except DNS forwarding. >>> If I query for the dc >>> root at dc:~# nslookup dc.local.domain.it >>> I get the correct answer: >>> root at dc:~# nslookup dc >>> Server:???????? aaa.bbb.ccc.ddd >>> Address:??????? aaa.bbb.ccc.ddd#53 >>> >>> Name:?? dc.xxxx.yyyy.it >>> Address: aaa.bbb.ccc.ddd >>> >>> but if I query for an external domain: >>> root at dc:~# nslookup www.nasa.gov >>> Server:???????? aaa.bbb.ccc.ddd >>> Address:????? aaa.bbb.ccc.ddd#53 >>> >>> Non-authoritative answer: >>> *** Can't find www.nasa.gov: No answer >>> >>> Here is my smb.conf: >>> [global] >>> ??????? workgroup = XXXX >>> ??????? realm = XXXX.YYYY.IT >>> ??????? netbios name = DC >>> ??????? server role = active directory domain controller >>> ??????? idmap_ldb:use rfc2307 = yes >>> ??????? dns forwarder = 8.8.8.8 >>> >>> [netlogon] >>> ??????? path = /var/lib/samba/sysvol/xxxx.yyyy.it/scripts >>> ??????? read only = No >>> >>> [sysvol] >>> ??????? path = /var/lib/samba/sysvol >>> ??????? read only = No >>> >>> and my resolv.conf >>> >>> search xxxx.yyyy.it >>> nameserver aaa.bbb.ccc.ddd >>> >>> Thank you in advance >>> Andrea >>> >> Strange, it should work, can you ping Google (8.8.8.8) and >> www.nasa.gov ? >> >> Could there be anything blocking access to the internet ( >> firewall etc) ? >> >> Rowland >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >-- ing. Andrea Ballarati andrea.ballarati at gmail.com mob. 3481424892
Yes, i believe you hitted "not" having the "root zone" in internal DNS. If i recall correctly its somewhere in 4.4. or 4.5 fix. But as Rowland said, i suggest also upgrading. ps other fix is, switch to bind9_DLZ But again i still advice to upgrade. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Andrea Ballarati via samba > Verzonden: dinsdag 14 juli 2020 18:11 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] internal DNS not forwarding > > Hi Louis, > > root at dc:~# samba -V > Version 4.3.11-Ubuntu > > Andrea > > Il 14/07/20 13:55, L.P.H. van Belle via samba ha scritto: > > Yes, all these work here also (! With bind9_dlz ) > > > > nslookup nasa.org $(hostname -i) ( running the command on > the DC itself.) > > nslookup nasa.org 1.1.1.1 > > nslookup nasa.org 8.8.8.8 > > > > Old samba version without the root zone provisioned maybe? > > That is an old bug. > > > > Which samba version is this? > > > > > > Greetz, > > > > Louis > > > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens > >> Rowland penny via samba > >> Verzonden: dinsdag 14 juli 2020 13:47 > >> Aan: samba at lists.samba.org > >> Onderwerp: Re: [Samba] internal DNS not forwarding > >> > >> On 14/07/2020 11:56, Andrea Ballarati via samba wrote: > >>> Hello, > >>> I am trying to setup a samba4 AD dc in my network using smb-tool. > >>> Everything seems to work except DNS forwarding. > >>> If I query for the dc > >>> root at dc:~# nslookup dc.local.domain.it > >>> I get the correct answer: > >>> root at dc:~# nslookup dc > >>> Server:???????? aaa.bbb.ccc.ddd > >>> Address:??????? aaa.bbb.ccc.ddd#53 > >>> > >>> Name:?? dc.xxxx.yyyy.it > >>> Address: aaa.bbb.ccc.ddd > >>> > >>> but if I query for an external domain: > >>> root at dc:~# nslookup www.nasa.gov > >>> Server:???????? aaa.bbb.ccc.ddd > >>> Address:????? aaa.bbb.ccc.ddd#53 > >>> > >>> Non-authoritative answer: > >>> *** Can't find www.nasa.gov: No answer > >>> > >>> Here is my smb.conf: > >>> [global] > >>> ??????? workgroup = XXXX > >>> ??????? realm = XXXX.YYYY.IT > >>> ??????? netbios name = DC > >>> ??????? server role = active directory domain controller > >>> ??????? idmap_ldb:use rfc2307 = yes > >>> ??????? dns forwarder = 8.8.8.8 > >>> > >>> [netlogon] > >>> ??????? path = /var/lib/samba/sysvol/xxxx.yyyy.it/scripts > >>> ??????? read only = No > >>> > >>> [sysvol] > >>> ??????? path = /var/lib/samba/sysvol > >>> ??????? read only = No > >>> > >>> and my resolv.conf > >>> > >>> search xxxx.yyyy.it > >>> nameserver aaa.bbb.ccc.ddd > >>> > >>> Thank you in advance > >>> Andrea > >>> > >> Strange, it should work, can you ping Google (8.8.8.8) and > >> www.nasa.gov ? > >> > >> Could there be anything blocking access to the internet ( > >> firewall etc) ? > >> > >> Rowland > >> > >> > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > >> > > > -- > ing. Andrea Ballarati > andrea.ballarati at gmail.com > mob. 3481424892 > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >