On 11/2/21 16:29, Rowland Penny via samba wrote:> On Tue, 2021-11-02 at 16:14 -0500, Patrick Goetz via samba wrote: >> >> On 11/2/21 16:09, Rowland Penny via samba wrote: >>> On Tue, 2021-11-02 at 15:53 -0500, Patrick Goetz via samba wrote: >>>> On 11/2/21 15:32, Rowland Penny via samba wrote: >>>>> On Tue, 2021-11-02 at 15:25 -0500, Patrick Goetz via samba >>>>> wrote: >>>>>> As per the Wiki instructions for setting up a Samba DC, I ran >>>>>> >>>>>> # samba-tool dns zonecreate samba-dc 1.168.192.in- >>>>>> addr.arpa >>>>>> -U >>>>>> administrator >>>>>> >>>>>> (while samba-ad-dc was running) >>>>> >>>>> That is how you are supposed to do it. >>>>> >>>>>> on my domain controller. Everything seems to work; I can >>>>>> bind >>>>>> W10 >>>>>> machines to this domain, use RSAT, etc., but reverse DNS >>>>>> searches >>>>>> aren't >>>>>> working: >>>>> >>>>> I refer you to my last reply, well sort of :-D >>>>> >>>>> You have to tell your Windows clients to update their dns >>>>> records, >>>>> they >>>>> do not do it as standard. >>>>> >>>> >>>> I set static IP/DNS entries on my Windows clients -- that's not >>>> sufficient? >>> >>> If you just set the forward (A) records, then no, you also have to >>> set >>> the reverse (PTR) records in AD and tell your Windows clients to >>> use >>> the reverse records. >>> >> >> The forward records are created automatically (I thought); I'm not >> doing >> anything I know of to facilitate this. You're saying the PTR records >> have to be entered by hand? How does one go about doing this? And >> if >> it's not necessary for anything, no reason to bother with it? > > No, Windows will do it, you just have to tick a box on the Windows > network device gui (if I remember correctly), something along the lines > of 'update this clients IP in dns' >What do I do for my linux domain members? Also, I just checked on my domain bound W10 machine. Under Adapter Properties -> Internet Protocol version 4 (TCP/IPv4) -> Advanced -> DNS Tab "Register this connector's addresses in DNS" is checked, but no go on the reverse search: root at samba-dc:~# host 192.168.1.83 Host 83.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN) If nothing uses the reverse search, I'm not going to worry about it.> Rowland > > >
On 11/2/21 4:59 PM, Patrick Goetz via samba wrote:> > > On 11/2/21 16:29, Rowland Penny via samba wrote: >> On Tue, 2021-11-02 at 16:14 -0500, Patrick Goetz via samba wrote: >>> >>> On 11/2/21 16:09, Rowland Penny via samba wrote: >>>> On Tue, 2021-11-02 at 15:53 -0500, Patrick Goetz via samba wrote: >>>>> On 11/2/21 15:32, Rowland Penny via samba wrote: >>>>>> On Tue, 2021-11-02 at 15:25 -0500, Patrick Goetz via samba >>>>>> wrote: >>>>>>> As per the Wiki instructions for setting up a Samba DC, I ran >>>>>>> >>>>>>> ????? # samba-tool dns zonecreate samba-dc 1.168.192.in- >>>>>>> addr.arpa >>>>>>> -U >>>>>>> administrator >>>>>>> >>>>>>> (while samba-ad-dc was running) >>>>>> >>>>>> That is how you are supposed to do it. >>>>>> >>>>>>> on my domain controller.? Everything seems to work; I can >>>>>>> bind >>>>>>> W10 >>>>>>> machines to this domain, use RSAT, etc., but reverse DNS >>>>>>> searches >>>>>>> aren't >>>>>>> working: >>>>>> >>>>>> I refer you to my last reply, well sort of :-D >>>>>> >>>>>> You have to tell your Windows clients to update their dns >>>>>> records, >>>>>> they >>>>>> do not do it as standard. >>>>>> >>>>> >>>>> I set static IP/DNS entries on my Windows clients -- that's not >>>>> sufficient? >>>> >>>> If you just set the forward (A) records, then no, you also have to >>>> set >>>> the reverse (PTR) records in AD and tell your Windows clients to >>>> use >>>> the reverse records. >>>> >>> >>> The forward records are created automatically (I thought); I'm not >>> doing >>> anything I know of to facilitate this. You're saying the PTR records >>> have to be entered by hand?? How does one go about doing this?? And >>> if >>> it's not necessary for anything, no reason to bother with it? >> >> No, Windows will do it, you just have to tick a box on the Windows >> network device gui (if I remember correctly), something along the lines >> of 'update this clients IP in dns' >> > > What do I do for my linux domain members? > > Also, I just checked on my domain bound W10 machine. Under > > ?? Adapter Properties -> Internet Protocol version 4 (TCP/IPv4) -> Advanced -> > DNS Tab > > ?? "Register this connector's addresses in DNS" is checked, but no go on the > reverse search: > > root at samba-dc:~# host 192.168.1.83 > Host 83.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN) > > If nothing uses the reverse search, I'm not going to worry about it.While this was somewhat true 10-15 years ago (maybe more), there are plenty of network applications that do reverse lookups now. While they may not "fail", there will be latency while they attempt the reverse lookups. So, it is important to have PTR records nowadays. In Windows when creating A records, there is an option to add the corresponding PTR, but it has to be selected. DHCP servers likewise can be configured to set not just the A, but the PTR as well (where the DHCP server is in charge). Windows is "weird" in that the "clients" (sic) manage their DNS records. In a Linux world, you would leave this up to something like DHCP. Everything else is "static" and managed directly. In Windows, the clients have a lot of power over the namespace (which IMHO, is wrong). Btw, you can have locked down DNS zones, the Windows clients will try to manipulate it, and fail. But maybe ok if DHCP is really doing the work and you don't want Windows just "willy nilly" manipulating your DNS.
On Tue, 2021-11-02 at 16:59 -0500, Patrick Goetz via samba wrote:> > What do I do for my linux domain members?Someone wrote a script to do this: https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9 This will, after you stop your Windows clients from updating their own dns records, cure all your dns problems. Rowland
If bind , bind_dlz then in fact you should create you reverse dns before you join any windows pc. Normally if all your settings are right the windows clients do there job and register as they should. In most cases if they will not it is usefull to restart bind and then it will do. On your windows 10 clients if they will not do --> open cmd as admin than: ipconfig /registerdns , restart. With your linux clients (samba 4 member server? They should be registered after joining) not in your domain you have to do everything by hand. Greetings Daniel -----Urspr?ngliche Nachricht----- Von: Patrick Goetz via samba [mailto:samba at lists.samba.org] Gesendet: Dienstag, 2. November 2021 22:59 An: samba at lists.samba.org Betreff: Re: [Samba] reverse DNS not working for some reason ... On 11/2/21 16:29, Rowland Penny via samba wrote:> On Tue, 2021-11-02 at 16:14 -0500, Patrick Goetz via samba wrote: >> >> On 11/2/21 16:09, Rowland Penny via samba wrote: >>> On Tue, 2021-11-02 at 15:53 -0500, Patrick Goetz via samba wrote: >>>> On 11/2/21 15:32, Rowland Penny via samba wrote: >>>>> On Tue, 2021-11-02 at 15:25 -0500, Patrick Goetz via samba >>>>> wrote: >>>>>> As per the Wiki instructions for setting up a Samba DC, I ran >>>>>> >>>>>> # samba-tool dns zonecreate samba-dc 1.168.192.in- >>>>>> addr.arpa -U administrator >>>>>> >>>>>> (while samba-ad-dc was running) >>>>> >>>>> That is how you are supposed to do it. >>>>> >>>>>> on my domain controller. Everything seems to work; I can bind >>>>>> W10 >>>>>> machines to this domain, use RSAT, etc., but reverse DNS searches >>>>>> aren't >>>>>> working: >>>>> >>>>> I refer you to my last reply, well sort of :-D >>>>> >>>>> You have to tell your Windows clients to update their dns records, >>>>> they do not do it as standard. >>>>> >>>> >>>> I set static IP/DNS entries on my Windows clients -- that's not >>>> sufficient? >>> >>> If you just set the forward (A) records, then no, you also have to >>> set the reverse (PTR) records in AD and tell your Windows clients to >>> use the reverse records. >>> >> >> The forward records are created automatically (I thought); I'm not >> doing anything I know of to facilitate this. You're saying the PTR >> records have to be entered by hand? How does one go about doing >> this? And if it's not necessary for anything, no reason to bother >> with it? > > No, Windows will do it, you just have to tick a box on the Windows > network device gui (if I remember correctly), something along the > lines of 'update this clients IP in dns' >What do I do for my linux domain members? Also, I just checked on my domain bound W10 machine. Under Adapter Properties -> Internet Protocol version 4 (TCP/IPv4) -> Advanced -> DNS Tab "Register this connector's addresses in DNS" is checked, but no go on the reverse search: root at samba-dc:~# host 192.168.1.83 Host 83.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN) If nothing uses the reverse search, I'm not going to worry about it.> Rowland > > >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba