samba - Nov 2021 - reverse DNS not working for some reason ...

On 11/2/21 15:32, Rowland Penny via samba wrote:
> On Tue, 2021-11-02 at 15:25 -0500, Patrick Goetz via samba wrote:
>> As per the Wiki instructions for setting up a Samba DC, I ran
>>
>>     # samba-tool dns zonecreate samba-dc 1.168.192.in-addr.arpa -U
>> administrator
>>
>> (while samba-ad-dc was running)
> 
> That is how you are supposed to do it.
> 
>>
>> on my domain controller.  Everything seems to work; I can bind W10
>> machines to this domain, use RSAT, etc., but reverse DNS searches
>> aren't
>> working:
> 
> I refer you to my last reply, well sort of :-D
> 
> You have to tell your Windows clients to update their dns records, they
> do not do it as standard.
> 
I set static IP/DNS entries on my Windows clients -- that's not sufficient?

But in any case, this reverse search was conducted from a linux machine 
with a correctly configured resolv.conf and reverse searches don't work 
on the domain controller itself.  All host resolutions work fine 
everywhere, for example:

root at data2:~# host -t SRV _ldap._tcp.ea.linuxcs.com
_ldap._tcp.ea.linuxcs.com has SRV record 0 100 389 samba-dc.ea.linuxcs.com.

However, on the domain controller itself:

root at samba-dc:~# host -t SRV _ldap._tcp.ea.linuxcs.com
_ldap._tcp.ea.linuxcs.com has SRV record 0 100 389 samba-dc.ea.linuxcs.com.
root at samba-dc:~# host ibs100
ibs100.ea.linuxcs.com has address 192.168.1.83
root at samba-dc:~# host 192.168.1.83
Host 83.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)

On 11/2/21 3:53 PM, Patrick Goetz via samba wrote:
> 
> 
> On 11/2/21 15:32, Rowland Penny via samba wrote:
>> On Tue, 2021-11-02 at 15:25 -0500, Patrick Goetz via samba wrote:
>>> As per the Wiki instructions for setting up a Samba DC, I ran
>>>
>>> ??? # samba-tool dns zonecreate samba-dc 1.168.192.in-addr.arpa -U
>>> administrator
>>>
>>> (while samba-ad-dc was running)
>>
>> That is how you are supposed to do it.
>>
>>>
>>> on my domain controller.? Everything seems to work; I can bind W10
>>> machines to this domain, use RSAT, etc., but reverse DNS searches
>>> aren't
>>> working:
>>
>> I refer you to my last reply, well sort of :-D
>>
>> You have to tell your Windows clients to update their dns records, they
>> do not do it as standard.
>>
> 
> I set static IP/DNS entries on my Windows clients -- that's not
sufficient?
> 
> But in any case, this reverse search was conducted from a linux machine
with a
> correctly configured resolv.conf and reverse searches don't work on the
domain
> controller itself.? All host resolutions work fine everywhere, for example:
> 
> root at data2:~# host -t SRV _ldap._tcp.ea.linuxcs.com
> _ldap._tcp.ea.linuxcs.com has SRV record 0 100 389 samba-dc.ea.linuxcs.com.
> 
> However, on the domain controller itself:
> 
> root at samba-dc:~# host -t SRV _ldap._tcp.ea.linuxcs.com
> _ldap._tcp.ea.linuxcs.com has SRV record 0 100 389 samba-dc.ea.linuxcs.com.
> root at samba-dc:~# host ibs100
> ibs100.ea.linuxcs.com has address 192.168.1.83
> root at samba-dc:~# host 192.168.1.83
> Host 83.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
To avoid confusion of no PTR record vs no zone, try querying the SOA

host -t SOA 1.168.192.in-addr.arpa

On Tue, 2021-11-02 at 15:53 -0500, Patrick Goetz via samba
wrote:
> 
> On 11/2/21 15:32, Rowland Penny via samba wrote:
> > On Tue, 2021-11-02 at 15:25 -0500, Patrick Goetz via samba wrote:
> > > As per the Wiki instructions for setting up a Samba DC, I ran
> > > 
> > >     # samba-tool dns zonecreate samba-dc 1.168.192.in-addr.arpa
> > > -U
> > > administrator
> > > 
> > > (while samba-ad-dc was running)
> > 
> > That is how you are supposed to do it.
> > 
> > > on my domain controller.  Everything seems to work; I can bind
> > > W10
> > > machines to this domain, use RSAT, etc., but reverse DNS searches
> > > aren't
> > > working:
> > 
> > I refer you to my last reply, well sort of :-D
> > 
> > You have to tell your Windows clients to update their dns records,
> > they
> > do not do it as standard.
> > 
> 
> I set static IP/DNS entries on my Windows clients -- that's not
> sufficient?
If you just set the forward (A) records, then no, you also have to set
the reverse (PTR) records in AD and tell your Windows clients to use
the reverse records.
 
> 
> 
> However, on the domain controller itself:
> 
> root at samba-dc:~# host ibs100
> ibs100.ea.linuxcs.com has address 192.168.1.83
> root at samba-dc:~# host 192.168.1.83
> Host 83.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
> 
You appear to be missing the reverse (PTR) records:

pi at rpidc1:~ $ host devstation
devstation.samdom.example.com has address 192.168.0.49
pi at rpidc1:~ $ host 192.168.0.49
49.0.168.192.in-addr.arpa domain name pointer
devstation.samdom.example.com.

Rowland