thr3ads.net - samba - [Samba] new DC preparation, nslookup and dig errors [Sep 2023]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2023-Sep-25 12:09 UTC

[Samba] new DC preparation, nslookup and dig errors

On Mon, 25 Sep 2023 11:24:45 +0000
Paul Littlefield via samba <samba at lists.samba.org> wrote:
> Hi,
> 
> I am preparing a DC to replace our old Ubuntu version which is
> unpatched.
> 
> I have followed all the OS preparation, software installation and
> testing from the official docs but when I got to this part, I get
> this error ...
> 
> 
> root at dc5.mydomain.com ~ $ (screen) nslookup
> > set type=SRV
> > _ldap._tcp.mydomain.com;; communications error to 130.130.0.219#53:
> > timed out
> Server:         130.130.0.219
> Address:        130.130.0.219#53
> _ldap._tcp.mydomain.com      service = 0 100 389 dc3.mydomain.com.
> _ldap._tcp.mydomain.com      service = 0 100 389 dc4.mydomain.com.
> > exit
> 
> 
> ... also dig to the main DC gives this error ...
> 
> 
> 
> ;; WARNING: recursion requested but not available
> 
> 
> 
> Details for you:-
> 
> 'DC3' = Ubuntu 18.04.6 LTS, Samba Version 4.7.6-Ubuntu,
130.130.0.218
> 'DC4' = Ubuntu 18.04.6 LTS, Samba Version 4.7.6-Ubuntu,
130.130.0.218
> 'DC5' = Ubuntu 22.04.3 LTS, Samba Version 4.15.13-Ubuntu,
> 130.130.251.5 and soon ...
> 'DC6' = Ubuntu 22.04.3 LTS, Samba Version 4.15.13-Ubuntu,
> 130.130.251.6
> 
> 
> 
> Any ideas please?
> 
> 
> Regards,
> 
> Paul
> 
Are you using Bind9 ? 
If you are, have you got 'allow-recursion' set ?

Rowland

Paul Littlefield

2023-Sep-25 13:22 UTC

head link

[Samba] new DC preparation, nslookup and dig errors

On 25/09/2023 13:09, Rowland Penny via samba wrote:> Are you using Bind9 ?
> If you are, have you got 'allow-recursion' set ?

No, Samba internal DNS is being used.

Here is the config and /etc/resolv.conf from DC3 (192.168.0.218) ...


root at dc3.mydomain.com ~ $ cat /etc/samba/smb.conf
# Global parameters
[global]
	netbios name = DC3
	realm = mydomain.com
	server role = active directory domain controller
	workgroup = MYDOMAIN
	dns forwarder = 8.8.8.8 208.67.220.220
[netlogon]
	path = /var/lib/samba/sysvol/mydomain.com/scripts
	read only = No
[sysvol]
	path = /var/lib/samba/sysvol
	read only = No


root at dc3.mydomain.com ~ $ cat /etc/resolv.conf
search mydomain.com
nameserver 130.130.0.218
nameserver 130.130.0.219
options timeout:2
options attempts:3
options rotate


If I run that test on either 'DC3' or 'DC4' it works as expected
...


root at dc3.mydomain.com ~ $ nslookup> set type=SRV
> _ldap._tcp.mydomain.com           Server:		130.130.0.218
Address:	130.130.0.218#53
_ldap._tcp.mydomain.com	service = 0 100 389 dc3.mydomain.com.
_ldap._tcp.mydomain.com	service = 0 100 389
dc4.mydomain.com.> exit


(I don't want to continue and try to join when there is this error :)


Thanks.

-- 

Paul Littlefield

samba - Sep 2023 - new DC preparation, nslookup and dig errors

[Samba] new DC preparation, nslookup and dig errors

[Samba] new DC preparation, nslookup and dig errors