Paul Littlefield
2023-Sep-25 13:22 UTC
[Samba] new DC preparation, nslookup and dig errors
On 25/09/2023 13:09, Rowland Penny via samba wrote:> Are you using Bind9 ? > If you are, have you got 'allow-recursion' set ?No, Samba internal DNS is being used. Here is the config and /etc/resolv.conf from DC3 (192.168.0.218) ... root at dc3.mydomain.com ~ $ cat /etc/samba/smb.conf # Global parameters [global] netbios name = DC3 realm = mydomain.com server role = active directory domain controller workgroup = MYDOMAIN dns forwarder = 8.8.8.8 208.67.220.220 [netlogon] path = /var/lib/samba/sysvol/mydomain.com/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No root at dc3.mydomain.com ~ $ cat /etc/resolv.conf search mydomain.com nameserver 130.130.0.218 nameserver 130.130.0.219 options timeout:2 options attempts:3 options rotate If I run that test on either 'DC3' or 'DC4' it works as expected ... root at dc3.mydomain.com ~ $ nslookup> set type=SRV > _ldap._tcp.mydomain.comServer: 130.130.0.218 Address: 130.130.0.218#53 _ldap._tcp.mydomain.com service = 0 100 389 dc3.mydomain.com. _ldap._tcp.mydomain.com service = 0 100 389 dc4.mydomain.com.> exit(I don't want to continue and try to join when there is this error :) Thanks. -- Paul Littlefield
On Mon, 25 Sep 2023 13:22:29 +0000 Paul Littlefield via samba <samba at lists.samba.org> wrote:> On 25/09/2023 13:09, Rowland Penny via samba wrote: > > Are you using Bind9 ? > > If you are, have you got 'allow-recursion' set ? > > > No, Samba internal DNS is being used. > > Here is the config and /etc/resolv.conf from DC3 (192.168.0.218) ... > > > root at dc3.mydomain.com ~ $ cat /etc/samba/smb.conf > # Global parameters > [global] > netbios name = DC3 > realm = mydomain.com > server role = active directory domain controller > workgroup = MYDOMAIN > dns forwarder = 8.8.8.8 208.67.220.220 > [netlogon] > path = /var/lib/samba/sysvol/mydomain.com/scripts > read only = No > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > > root at dc3.mydomain.com ~ $ cat /etc/resolv.conf > search mydomain.com > nameserver 130.130.0.218 > nameserver 130.130.0.219 > options timeout:2 > options attempts:3 > options rotate > > > If I run that test on either 'DC3' or 'DC4' it works as expected ... > > > root at dc3.mydomain.com ~ $ nslookup > > set type=SRV > > _ldap._tcp.mydomain.com > Server: 130.130.0.218 > Address: 130.130.0.218#53 > _ldap._tcp.mydomain.com service = 0 100 389 dc3.mydomain.com. > _ldap._tcp.mydomain.com service = 0 100 389 dc4.mydomain.com. > > exit > > > > (I don't want to continue and try to join when there is this error :) > > > Thanks. >If you haven't joined as a DC, then at that point, there will not be such a record for the new DC, it gets created when you first start your new DC. Rowland