I think it?s the cache. When you where sleeping the cache got updated. But I can be wrong Philip> On 5 Sep 2020, at 12:35, Rowland penny via samba <samba at lists.samba.org> wrote: > > On 05/09/2020 09:53, Peter Pollock via samba wrote: >> I have just set up a new AD and am having a little success with it, but DNS >> resolution is a little slow. >> >> I'm looking into why that is and tried an ns lookup for google.com and got >> the answer SERVFAIL on my AD server. >> >> The query was then passed to my next nameserver (google's own dns), which >> handled the query. >> >> Is this correct behaviour? I've not seen SERVFAIL before >> >> itadmin at dc02:~$ nslookup google.com >> ;; Got SERVFAIL reply from 192.168.4.5, trying next server >> Server: 8.8.8.8 >> Address: 8.8.8.8#53 >> >> Non-authoritative answer: >> Name: google.com >> Address: 216.58.195.78 >> ;; Got SERVFAIL reply from 192.168.4.5, trying next server >> Name: google.com >> Address: 2607:f8b0:4005:80b::200e > > Is this on the DC or a client ? > > On my DC I get this: > > adminuser at kdsdc:~$ nslookup google.com <http://google.com/> > Server: 192.168.0.10 > Address: 192.168.0.10#53 > > Non-authoritative answer: > Name: google.com <http://google.com/> > Address: 216.58.204.46 > Name: google.com <http://google.com/> > Address: 2a00:1450:4009:807::200e > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>
makes sense! On Sat, Sep 5, 2020 at 9:02 AM Philip Offermans via samba < samba at lists.samba.org> wrote:> I think it?s the cache. When you where sleeping the cache got updated. But > I can be wrong > > Philip > > > On 5 Sep 2020, at 12:35, Rowland penny via samba <samba at lists.samba.org> > wrote: > > > > On 05/09/2020 09:53, Peter Pollock via samba wrote: > >> I have just set up a new AD and am having a little success with it, but > DNS > >> resolution is a little slow. > >> > >> I'm looking into why that is and tried an ns lookup for google.com and > got > >> the answer SERVFAIL on my AD server. > >> > >> The query was then passed to my next nameserver (google's own dns), > which > >> handled the query. > >> > >> Is this correct behaviour? I've not seen SERVFAIL before > >> > >> itadmin at dc02:~$ nslookup google.com > >> ;; Got SERVFAIL reply from 192.168.4.5, trying next server > >> Server: 8.8.8.8 > >> Address: 8.8.8.8#53 > >> > >> Non-authoritative answer: > >> Name: google.com > >> Address: 216.58.195.78 > >> ;; Got SERVFAIL reply from 192.168.4.5, trying next server > >> Name: google.com > >> Address: 2607:f8b0:4005:80b::200e > > > > Is this on the DC or a client ? > > > > On my DC I get this: > > > > adminuser at kdsdc:~$ nslookup google.com <http://google.com/> > > Server: 192.168.0.10 > > Address: 192.168.0.10#53 > > > > Non-authoritative answer: > > Name: google.com <http://google.com/> > > Address: 216.58.204.46 > > Name: google.com <http://google.com/> > > Address: 2a00:1450:4009:807::200e > > > > Rowland > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba < > https://lists.samba.org/mailman/options/samba> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
After reboot, the problem came back again. Server refuses to resolve external names without "nameserver 8.8.8.8" in resolv.conf and gives the same SERVFAIL message when doing nslookup On Sat, Sep 5, 2020 at 9:02 AM Philip Offermans via samba < samba at lists.samba.org> wrote:> I think it?s the cache. When you where sleeping the cache got updated. But > I can be wrong > > Philip > > > On 5 Sep 2020, at 12:35, Rowland penny via samba <samba at lists.samba.org> > wrote: > > > > On 05/09/2020 09:53, Peter Pollock via samba wrote: > >> I have just set up a new AD and am having a little success with it, but > DNS > >> resolution is a little slow. > >> > >> I'm looking into why that is and tried an ns lookup for google.com and > got > >> the answer SERVFAIL on my AD server. > >> > >> The query was then passed to my next nameserver (google's own dns), > which > >> handled the query. > >> > >> Is this correct behaviour? I've not seen SERVFAIL before > >> > >> itadmin at dc02:~$ nslookup google.com > >> ;; Got SERVFAIL reply from 192.168.4.5, trying next server > >> Server: 8.8.8.8 > >> Address: 8.8.8.8#53 > >> > >> Non-authoritative answer: > >> Name: google.com > >> Address: 216.58.195.78 > >> ;; Got SERVFAIL reply from 192.168.4.5, trying next server > >> Name: google.com > >> Address: 2607:f8b0:4005:80b::200e > > > > Is this on the DC or a client ? > > > > On my DC I get this: > > > > adminuser at kdsdc:~$ nslookup google.com <http://google.com/> > > Server: 192.168.0.10 > > Address: 192.168.0.10#53 > > > > Non-authoritative answer: > > Name: google.com <http://google.com/> > > Address: 216.58.204.46 > > Name: google.com <http://google.com/> > > Address: 2a00:1450:4009:807::200e > > > > Rowland > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba < > https://lists.samba.org/mailman/options/samba> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On 06/09/2020 00:23, Peter Pollock wrote:> After reboot, the problem came back again. > > Server refuses to resolve external names without "nameserver 8.8.8.8" > in resolv.conf and gives the same SERVFAIL message when doing nslookupWhen you say 'Server', are we talking about the first DC you provisioned or the second DC you joined ? If it is the second, is it setup like the first, just with its IP in the relevant places (/etc/resolv.conf, /etc/hosts for instance) Rowland