thr3ads.net - samba - [Samba] new DC preparation, nslookup and dig errors [Sep 2023]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2023-Sep-25 14:17 UTC

[Samba] new DC preparation, nslookup and dig errors

On Mon, 25 Sep 2023 13:22:29 +0000
Paul Littlefield via samba <samba at lists.samba.org> wrote:
> On 25/09/2023 13:09, Rowland Penny via samba wrote:
> > Are you using Bind9 ?
> > If you are, have you got 'allow-recursion' set ?
> 
> 
> No, Samba internal DNS is being used.
> 
> Here is the config and /etc/resolv.conf from DC3 (192.168.0.218) ...
> 
> 
> root at dc3.mydomain.com ~ $ cat /etc/samba/smb.conf
> # Global parameters
> [global]
> 	netbios name = DC3
> 	realm = mydomain.com
> 	server role = active directory domain controller
> 	workgroup = MYDOMAIN
> 	dns forwarder = 8.8.8.8 208.67.220.220
> [netlogon]
> 	path = /var/lib/samba/sysvol/mydomain.com/scripts
> 	read only = No
> [sysvol]
> 	path = /var/lib/samba/sysvol
> 	read only = No
> 
> 
> root at dc3.mydomain.com ~ $ cat /etc/resolv.conf
> search mydomain.com
> nameserver 130.130.0.218
> nameserver 130.130.0.219
> options timeout:2
> options attempts:3
> options rotate
> 
> 
> If I run that test on either 'DC3' or 'DC4' it works as
expected ...
> 
> 
> root at dc3.mydomain.com ~ $ nslookup
> > set type=SRV
> > _ldap._tcp.mydomain.com           
> Server:		130.130.0.218
> Address:	130.130.0.218#53
> _ldap._tcp.mydomain.com	service = 0 100 389 dc3.mydomain.com.
> _ldap._tcp.mydomain.com	service = 0 100 389 dc4.mydomain.com.
> > exit
> 
> 
> 
> (I don't want to continue and try to join when there is this error :)
> 
> 
> Thanks.
> 
If you haven't joined as a DC, then at that point, there will not be
such a record for the new DC, it gets created when you first start your
new DC.

Rowland

Paul Littlefield

2023-Sep-25 15:18 UTC

head link

[Samba] new DC preparation, nslookup and dig errors

On 25/09/2023 15:17, Rowland Penny via samba wrote:> If you haven't joined as a DC, then at that point, there will not be
> such a record for the new DC, it gets created when you first start your
> new DC.

OK, I was more concerned about the actual 'network error' as shown in my
original post...

"communications error to 130.130.0.219#53: timed out"

... I have tried a few different times and get the same error each time.  This
error is NOT shown when I test on the other running DCs.  This is what I worried
about and need advice on whether to risk a join or not?!  Could it be to do with
the different IP address range?

Details for you:-

'DC3' = Ubuntu 18.04.6 LTS, Samba Version 4.7.6-Ubuntu, 130.130.0.218/16
'DC4' = Ubuntu 18.04.6 LTS, Samba Version 4.7.6-Ubuntu, 130.130.0.218/16
'DC5' = Ubuntu 22.04.3 LTS, Samba Version 4.15.13-Ubuntu,
130.130.251.5/16

Thanks,

-- 

Paul Littlefield

samba - Sep 2023 - new DC preparation, nslookup and dig errors

[Samba] new DC preparation, nslookup and dig errors

[Samba] new DC preparation, nslookup and dig errors