On Sat, 20 Jan 2024 15:44:18 -0500 Mark Foley via samba <samba at lists.samba.org> wrote:> After provisioning and testing my new DC offline, I now want to move > it into production. This means changing IPs. > > DC FQDN: mail.hprs.local > > IPs for setup/testing: > > DC: 192.168.1.60 > Gateway: 192.168.1.1 (Netgear router) > DNS: 192.168.1.60 (/etc/resolv.conf) > /etc/hosts: 192.168.1.60 mail.hprs.local mail > smb.conf, dns forwarder: 192.168.1.1 > > Production IPs: > > DC: 192.168.0.2 > Gateway: 192.168.0.1 (SonicWall firewall/router) > DNS: 192.168.0.2 (/etc/resolv.conf) > /etc/hosts: 192.168.0.2 mail.hprs.local mail > smb.conf, dns forwarder: 192.168.0.1 > > I've restarted the network and samba to use these new IPs. > > The A record looks good: > > # host -t A mail.hprs.local > mail.hprs.local has address 192.168.0.2 > > I also created a new reverse dns record: > > # samba-tool dns zonecreate mail.hprs.local 0.168.192.in-addr.arpa > > # samba-tool dns zonelist mail > pszZoneName : 0.168.192.in-addr.arpa > Flags : DNS_RPC_ZONE_DSINTEGRATED > DNS_RPC_ZONE_UPDATE_SECURE ZoneType : > DNS_ZONE_TYPE_PRIMARY Version : 50 > dwDpFlags : DNS_DP_AUTOCREATED > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : > DomainDnsZones.hprs.local > > Two problems ... > > I'm not resolving any public or local hostnames, so it appears that > samba is not acting as the dns server. I can access public and local > hosts by IP.Is Samba running ? Is /etc/resolv.conf set correctly ? It should be: search hprs.local nameserver 192.168.0.2> > Why? > > Second, more minor problem, I cannot figure out how to delete the old > reverse dns record 1.168.192.in-addr.arpa.That could be because you will not have the reverse record '1.168.192.in-addr.arpa', or if you do, you have really messed up your dns.> I've tried numerous > combinations of the command to do so with no luck including; > > # samba-tool dns delete mail hprs.local mail PTR > 1.168.192.in-addr.arpa Password for [administrator at HPRS.LOCAL]: > ERROR(runtime): The record does not exist > [WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST] - (9701, > 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST') > > What am I doing wrong?You are not using the correct command, the usage is: samba-tool dns delete <server> <zone> <name> PTR <data> Where, in your case, <server> is 'mail', <zone> is '0.168.192.in-addr.arpa', <name> is the DCs existing IP '2' and <data> is the DCs FQDN 'mail.hprs.local' OR samba-tool dns delete mail 0.168.192.in-addr.arpa 2 PTR mail.hprs.local Rowland
On Sat, 20 Jan 2024 21:27:43 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Sat, 20 Jan 2024 15:44:18 -0500 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > After provisioning and testing my new DC offline, I now want to move > > it into production. This means changing IPs. > > > > DC FQDN: mail.hprs.local > > > > IPs for setup/testing: > > > > DC: 192.168.1.60 > > Gateway: 192.168.1.1 (Netgear router) > > DNS: 192.168.1.60 (/etc/resolv.conf) > > /etc/hosts: 192.168.1.60 mail.hprs.local mail > > smb.conf, dns forwarder: 192.168.1.1 > > > > Production IPs: > > > > DC: 192.168.0.2 > > Gateway: 192.168.0.1 (SonicWall firewall/router) > > DNS: 192.168.0.2 (/etc/resolv.conf) > > /etc/hosts: 192.168.0.2 mail.hprs.local mail > > smb.conf, dns forwarder: 192.168.0.1 > > > > I've restarted the network and samba to use these new IPs. > > > > The A record looks good: > > > > # host -t A mail.hprs.local > > mail.hprs.local has address 192.168.0.2 > > > > I also created a new reverse dns record: > > > > # samba-tool dns zonecreate mail.hprs.local 0.168.192.in-addr.arpa > > > > # samba-tool dns zonelist mail > > pszZoneName : 0.168.192.in-addr.arpa > > Flags : DNS_RPC_ZONE_DSINTEGRATED > > DNS_RPC_ZONE_UPDATE_SECURE ZoneType : > > DNS_ZONE_TYPE_PRIMARY Version : 50 > > dwDpFlags : DNS_DP_AUTOCREATED > > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : > > DomainDnsZones.hprs.local > > > > Two problems ... > > > > I'm not resolving any public or local hostnames, so it appears that > > samba is not acting as the dns server. I can access public and local > > hosts by IP. > > Is Samba running ? > Is /etc/resolv.conf set correctly ? > > It should be: > > search hprs.local > nameserver 192.168.0.2 > > > > > Why? > > > > Second, more minor problem, I cannot figure out how to delete the > > old reverse dns record 1.168.192.in-addr.arpa. > > That could be because you will not have the reverse record > '1.168.192.in-addr.arpa', or if you do, you have really messed up your > dns. > > > I've tried numerous > > combinations of the command to do so with no luck including; > > > > # samba-tool dns delete mail hprs.local mail PTR > > 1.168.192.in-addr.arpa Password for [administrator at HPRS.LOCAL]: > > ERROR(runtime): The record does not exist > > [WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST] - (9701, > > 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST') > > > > What am I doing wrong? > > You are not using the correct command, the usage is: > > samba-tool dns delete <server> <zone> <name> PTR <data> > > Where, in your case, <server> is 'mail', <zone> is > '0.168.192.in-addr.arpa', <name> is the DCs existing IP '2' and <data> > is the DCs FQDN 'mail.hprs.local' > > OR > > samba-tool dns delete mail 0.168.192.in-addr.arpa 2 PTR > mail.hprs.local > > Rowland > >Just a finally thought, you will also need to delete the DCs existing 'A' record and create a new one. Rowland
On Sat Jan 20 16:28:14 2024 Rowland Penny via samba <samba at lists.samba.org> wrote:> > On Sat, 20 Jan 2024 15:44:18 -0500 > Mark Foley via samba <samba at lists.samba.org> wrote: > > > After provisioning and testing my new DC offline, I now want to move > > it into production. This means changing IPs. > > > > DC FQDN: mail.hprs.local > > > > IPs for setup/testing: > > > > DC: 192.168.1.60 > > Gateway: 192.168.1.1 (Netgear router) > > DNS: 192.168.1.60 (/etc/resolv.conf) > > /etc/hosts: 192.168.1.60 mail.hprs.local mail > > smb.conf, dns forwarder: 192.168.1.1 > > > > Production IPs: > > > > DC: 192.168.0.2 > > Gateway: 192.168.0.1 (SonicWall firewall/router) > > DNS: 192.168.0.2 (/etc/resolv.conf) > > /etc/hosts: 192.168.0.2 mail.hprs.local mail > > smb.conf, dns forwarder: 192.168.0.1 > > > > I've restarted the network and samba to use these new IPs. > > > > The A record looks good: > > > > # host -t A mail.hprs.local > > mail.hprs.local has address 192.168.0.2 > > > > I also created a new reverse dns record: > > > > # samba-tool dns zonecreate mail.hprs.local 0.168.192.in-addr.arpa > > > > # samba-tool dns zonelist mail > > pszZoneName : 0.168.192.in-addr.arpa > > Flags : DNS_RPC_ZONE_DSINTEGRATED > > DNS_RPC_ZONE_UPDATE_SECURE ZoneType : > > DNS_ZONE_TYPE_PRIMARY Version : 50 > > dwDpFlags : DNS_DP_AUTOCREATED > > DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : > > DomainDnsZones.hprs.local > > > > Two problems ... > > > > I'm not resolving any public or local hostnames, so it appears that > > samba is not acting as the dns server. I can access public and local > > hosts by IP. > > Is Samba running ? > Is /etc/resolv.conf set correctly ? > > It should be: > > search hprs.local > nameserver 192.168.0.2Yes samba is running. Yes that is my /etc/resolv.conf> > > > > Why? > > > > Second, more minor problem, I cannot figure out how to delete the old > > reverse dns record 1.168.192.in-addr.arpa. > > That could be because you will not have the reverse record > '1.168.192.in-addr.arpa', or if you do, you have really messed up your > dns. > > > I've tried numerous > > combinations of the command to do so with no luck including; > > > > # samba-tool dns delete mail hprs.local mail PTR > > 1.168.192.in-addr.arpa Password for [administrator at HPRS.LOCAL]: > > ERROR(runtime): The record does not exist > > [WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST] - (9701, > > 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST') > > > > What am I doing wrong? > > You are not using the correct command, the usage is: > > samba-tool dns delete <server> <zone> <name> PTR <data> > > Where, in your case, <server> is 'mail', <zone> is > '0.168.192.in-addr.arpa', <name> is the DCs existing IP '2' and <data> > is the DCs FQDN 'mail.hprs.local' > > OR > > samba-tool dns delete mail 0.168.192.in-addr.arpa 2 PTR mail.hprs.local > > RowlandActually, 0.168.192.in-addr.arpa is the one I want to keep. Right now I have both: # samba-tool dns zonelist mail pszZoneName : 0.168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.hprs.local <snip> pszZoneName : 1.168.192.in-addr.arpa Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED pszDpFqdn : DomainDnsZones.hprs.local I want to get rid of the 1.168.192.in-addr.arpa entry. Your suggestion didn't work: # samba-tool dns delete mail 1.168.192.in-addr.arpa 2 PTR mail.hprs.local Password for [administrator at HPRS.LOCAL]: ERROR(runtime): The record does not exist [WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST] - (9701, 'WERR_DNS_ERROR_RECORD_DOES_NOT_EXIST') I also tried with the full IP 192.168.0.2 instead of just '2' for the <name> I must still be doing something wrong. As to the main problem, not resolving public or internal domain names, part of that problem may be something up with the SonicWall 192.168.0.1). I'm checking that. When I bypass the SonicWall and use my ISP's nameserver as the "dns forwarder" in the DC, I can resolve external domain names. I still cannot resolve domain hosts: # host webserver (nothing) # host webserver.hprs.local Host webserver.hprs.local not found: 3(NXDOMAIN) However, webserver (a Linux host) can now resolve public domain names with 192.168.0.2 in resolv.conf, and can resolve the DC (on webserver): $ host mail mail.hprs.local has address 192.168.0.2 So, why can the DC resolve <host>.hprs.local? Does each host on the domain need to have an A record added on the DC? I.e. these are not resolved automatically? Thanks --Mark