Apparently I missed a step somewhere!
On DC01 /etc/systemd/resolved.conf says
[Resolve]
#DNS#FallbackDNS#Domains#LLMNR=no
#MulticastDNS=no
#DNSSEC=no
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes
On DC02 it reads
[Resolve]
DNS=8.8.8.8
FallbackDNS=8.8.4.4
#Domains#LLMNR=no
#MulticastDNS=no
DNSSEC=no
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes
So the DNS line should be the IP of the DC it's on, correct?
FallbackDNS? should that be 8.8.8.8 or should that be the other DC?
On Sun, Sep 6, 2020 at 12:18 PM Rowland penny <rpenny at samba.org> wrote:
> On 06/09/2020 19:58, Peter Pollock wrote:
> > Thank you everyone for your help. I corrected my resolv.conf files as
> > Peter Milesson suggested and then had to take a number of extra steps
> > so now things are looking a little better. In case it helps anyone
> > else in the future, here's what I found (plus I am now having
problems
> > resolving internal addresses).
> >
> > As far as I can see, the setup on both servers is identical (except
> > they use their own IP addresses).
> >
> > But DC01 can contact the big bad outside world while DC02 cannot.
> >
> > One thing I did find: there were incorrect permissions on
> > /var/lib/samba/bind-dns/ on DC02 meaning that dns.keytab was empty.
> >
> > I fixed the permissions on the folder using the steps in here
> > https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End and restarted
> > both bind9 and named and the problem got a little better, but still no
> > actual contact with the outside world. Before fixing the permissions I
> > got:
> >
> > itadmin at dc02:$ nslookup twitter.com <http://twitter.com>
> > ;; connection timed out; no servers could be reached
> >
> > Now I get:
> >
> > itadmin at dc02:/var/lib/samba$ nslookup twitter.com
<http://twitter.com>
> > Server: 192.168.4.6
> > Address: 192.168.4.6#53
> >
> > ** server can't find twitter.com <http://twitter.com>:
SERVFAIL
> >
> > so I ran named-checkconf and found that it still couldn't read
> > /var/lib/samba/bind-dns/named.conf
> >
> > I fixed that by applying the same permissions I gave to the folder and
> > I can now resolve external names!
> >
> > itadmin at dc02:/var/lib/samba$ nslookup twitter.com
<http://twitter.com>
> > Server: 192.168.4.6
> > Address: 192.168.4.6#53
> >
> > Non-authoritative answer:
> > Name: twitter.com <http://twitter.com>
> > Address: 104.244.42.65
> > Name: twitter.com <http://twitter.com>
> > Address: 104.244.42.193
> >
> > ... at least, I could for about 90 seconds. Then, without me changing
> > anything, it failed again and I'm back to getting the SERVFAIL
message.
> >
> > The dns.keytab file still seems to be empty.
> >
> > So I re-ran samba_upgradedns --dns-backend=BIND9_DLZ
> >
> > Which wrote information to the dns.keytab file, but rewrote
> > /var/lib/samba/bind-dns/named.conf to comment out everything, so I
> > edited that to uncomment the bind 9.12 line.
> >
> > Now I'm talking to the outside world again!
> >
> > HOWEVER... I can't resolve the name of the fileserver I built
> > yesterday (from either dc01 or dc02) I CAN find (both with ping and
> > through windows file manager by entering \\fs01 into the search bar)
> > it from the windows clients I have joined to the domain though. Which
> > is weird.
> >
> > itadmin at dc02:/$ ping fs01
> > ping: fs01: Temporary failure in name resolution
> >
> > so now I'm stuck again.... but it's getting better!
>
> Both DC's should be identical apart the hostname & ipaddress, they
> should use their own ipaddress as the nameserver in (I was going to say
> /etc/resolv.conf, but it isn't) /etc/systemd/resolved.conf
>
> If everything appears okay dns wise and your second DC cannot connect to
> the outside world, then you have problems somewhere. Your nslookup
> command works on both my DC's and on my test Ubuntu 20.04 DC.
>
> Double check everything.
>
> Rowland
>
>
>
>