Dario Lesca
2022-Mar-13 18:43 UTC
[Samba] samba_dlz: add another A record for domain (@ record)
First of all, thank you Rowland for your detailed answers and spend some time for reply to me. Il giorno dom, 13/03/2022 alle 14.56 +0000, Rowland Penny via samba ha scritto:> Try reading this: > https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ > > It explains the situation.Ok, thanks I will do it as soon as possible, but now I want to clarify a few things.> Yes, but where was it pointing from ? Your AD DC's or your non AD dns > server that appears to be using the same dns domain as your AD.My AD DC server is also my DNS server of my network. There is not a "not AD dns server", one server, 192.168.1.100, which does both jobs: AD DC and DNS (and also DHCP) $ host -tNS domain.loc domain.loc name server s-addc.domain.loc. $ host -tA s-addc.domain.loc s-addc.domain.loc has address 192.168.1.100 Another server is the web server (192.168.1.20) and I want point to it the record A named "domani.loc", without use other name like "www.domain.loc" or "intanet.domain.loc"> The '@' is the SOAOk, I was wrong, let's not call it @, let's call it "domain.loc" $ host -tSOA domain.loc domain.loc has SOA record s-addc.domain.loc. hostmaster.domain.loc. 25102 900 600 86400 3600 I want to change the A record of "domain.loc" value, as I have already done in another network with a Microsoft AD DC.> From my understanding of what you posted, you have at least one Samba > AD DC (which should be the dns server for the AD ) and another dns > server that is also using the same domain. If this is the case, you > shouldn't be doing this.there is no other dns, only a AD DC + DNS for my network.> No, mainly because of two things, a Samba DC is setup to create any > missing dns records and the '@' record should show each DC as being > the dns domain master (it is known as multi-master).Ok, leave aside @ I mean the A record of the "domain.loc", not the SOA record, SOA recod point to my AD DC server and is correct.> I suggest you turn off the non-AD dns server.See above> No, it is Samba acting correctly.Ok, that's all Otherwise an Microsoft AD DC, with Samba AD DC it's not possible to change the value for the domain A record ( "domain.loc" ) and point it to another server. But for this network, I should make "domain.loc" resolution point to 192.168.1.20, web server, rather than 192.168.1.100, AD DC server. If I run sudo samba-tool dns update s-addc.domain.loc domain.loc domain.loc A 192.168.1.100 192.168.1.20 Work, the resolver of "host domain.loc" return the new IP. But after few minutes it return to point to 192.168.1.100, the AD DC server. There is some other solution to do that? Many thanks>
Rowland Penny
2022-Mar-13 19:23 UTC
[Samba] samba_dlz: add another A record for domain (@ record)
On Sun, 2022-03-13 at 19:43 +0100, Dario Lesca wrote:> First of all, thank you Rowland for your detailed answers and spend > some time for reply to me. > > Il giorno dom, 13/03/2022 alle 14.56 +0000, Rowland Penny via samba > ha > scritto: > > Try reading this: > > https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ > > > > It explains the situation. > > Ok, thanks I will do it as soon as possible, but now I want to > clarify > a few things. > > > Yes, but where was it pointing from ? Your AD DC's or your non AD > > dns > > server that appears to be using the same dns domain as your AD. > > My AD DC server is also my DNS server of my network. > There is not a "not AD dns server", one server, 192.168.1.100, which > does both jobs: AD DC and DNS (and also DHCP) > > $ host -tNS domain.loc > domain.loc name server s-addc.domain.loc. > > $ host -tA s-addc.domain.loc > s-addc.domain.loc has address 192.168.1.100 > > Another server is the web server (192.168.1.20) and I want point to > it > the record A named "domani.loc", without use other name like > "www.domain.loc" or "intanet.domain.loc" > > > The '@' is the SOA > Ok, I was wrong, let's not call it @, let's call it "domain.loc" > > $ host -tSOA domain.loc > domain.loc has SOA record s-addc.domain.loc. hostmaster.domain.loc. > 25102 900 600 86400 3600 > > I want to change the A record of "domain.loc" value, as I have > already > done in another network with a Microsoft AD DC. > > > From my understanding of what you posted, you have at least one > > Samba > > AD DC (which should be the dns server for the AD ) and another dns > > server that is also using the same domain. If this is the case, > > you > > shouldn't be doing this. > > there is no other dns, only a AD DC + DNS for my network. > > > No, mainly because of two things, a Samba DC is setup to create any > > missing dns records and the '@' record should show each DC as being > > the dns domain master (it is known as multi-master). > > Ok, leave aside @ I mean the A record of the "domain.loc", not the > SOA > record, SOA recod point to my AD DC server and is correct. > > > I suggest you turn off the non-AD dns server. > > See above > > > No, it is Samba acting correctly. > > Ok, that's all > > Otherwise an Microsoft AD DC, with Samba AD DC it's not possible to > change the value for the domain A record ( "domain.loc" ) and point > it > to another server. > > But for this network, I should make "domain.loc" resolution point to > 192.168.1.20, web server, rather than 192.168.1.100, AD DC server. > > If I run > > sudo samba-tool dns update s-addc.domain.loc domain.loc domain.loc A > 192.168.1.100 192.168.1.20 > > Work, the resolver of "host domain.loc" return the new IP. > But after few minutes it return to point to 192.168.1.100, the AD DC > server.A dns server uses 'zones', in your case, 'domain.loc' is the forward zone. Zones have SOA records '@' and these have 'A' records. I have two DC's and if I check the SOA 'A' record for the forward zone, I find that there are two, one for each DC. Windows AD might be able to do what you require, but I do not think that Samba can. You could try a CNAME, but this would mean using something like 'www.domain.loc' Rowland