samba - Oct 2024 - AD/DNS: Cannot Create a CNAME record with a blank name...

On 12-10-2024 02:25, John R. Graham via samba wrote:
> ...as recommended on the Samba Wiki here: 
>
https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ#I_have_to_Use_Different_Names_to_Resolve_Host_Names_Internally_and_Externally
>
> I'm trying to use the "clever trick" to make a certain
internal server
> resolve to the name I'm forced to use to resolve it externally. I 
> successfully created the new zone (fictionalizing the names for 
> inclusion here):
>
> ~ # samba-tool dns zonecreate "dc1"
"myserver.example.com" -U
> administrator
> Zone myserver.example.com created successfully
>
> ...but I get a runtime error when I try to create the CNAME record in 
> the zone "...leaving the name of the record blank." Here's
what I did:
>
> ~ # samba-tool dns add "dc1" "myserver.example.com"
"" CNAME
> "myserver.samdom.example.com"? -U Administrator
> ERROR(runtime): uncaught exception - (1383,
'WERR_INTERNAL_DB_ERROR')
> ? File
"/usr/lib/python3.12/site-packages/samba/netcmd/__init__.py",
> line 279, in _run
> ??? return self.run(*args, **kwargs)
> ?????????? ^^^^^^^^^^^^^^^^^^^^^^^^^
> ? File "/usr/lib/python3.12/site-packages/samba/netcmd/dns.py",
line
> 1186, in run
> dns_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN,
> ? File "/usr/lib/python3.12/site-packages/samba/netcmd/dns.py",
line
> 119, in f
> ??? return attr(*args)
> ?????????? ^^^^^^^^^^^
> Have I misinterpreted the instructions and done it wrong? Thanks in 
> advance for the help.
I have a similar need, but I create an A record at zone level with:

samba-tool dns add localhost myserver.example.com myserver.example.com A 
10.2.3.4 -U Administrator

The trick is to specify zone-name and record-name with the same value.
I have not tried to create a CNAME but given the syntax above that 
should be:

samba-tool dns add localhost myserver.example.com myserver.example.com 
CNAME?myserver.samdom.example.com -U Administrator

If it turns out that it does not work with a CNAME record, I would guess 
an A record also solves the issue.

- Kees.
>
> - John
>
>
>

On 10/12/24 05:15, Kees van Vloten via samba wrote:
>
> On 12-10-2024 02:25, John R. Graham via samba wrote:
>> ...as recommended on the Samba Wiki here: 
>>
https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ#I_have_to_Use_Different_Names_to_Resolve_Host_Names_Internally_and_Externally
>>
>>
>> I'm trying to use the "clever trick" to make a certain
internal
>> server resolve to the name I'm forced to use to resolve it 
>> externally. I successfully created the new zone (fictionalizing the 
>> names for inclusion here):
>>
>> ~ # samba-tool dns zonecreate "dc1"
"myserver.example.com" -U
>> administrator
>> Zone myserver.example.com created successfully
>>
>> ...but I get a runtime error when I try to create the CNAME record in 
>> the zone "...leaving the name of the record blank."
Here's what I did:
>>
>> ~ # samba-tool dns add "dc1" "myserver.example.com"
"" CNAME
>> "myserver.samdom.example.com"? -U Administrator
>> ERROR(runtime): uncaught exception - (1383,
'WERR_INTERNAL_DB_ERROR')
>> ? File
"/usr/lib/python3.12/site-packages/samba/netcmd/__init__.py",
>> line 279, in _run
>> ??? return self.run(*args, **kwargs)
>> ?????????? ^^^^^^^^^^^^^^^^^^^^^^^^^
>> ? File
"/usr/lib/python3.12/site-packages/samba/netcmd/dns.py", line
>> 1186, in run
>> dns_conn.DnssrvUpdateRecord2(dnsserver.DNS_CLIENT_VERSION_LONGHORN,
>> ? File
"/usr/lib/python3.12/site-packages/samba/netcmd/dns.py", line
>> 119, in f
>> ??? return attr(*args)
>> ?????????? ^^^^^^^^^^^
>> Have I misinterpreted the instructions and done it wrong? Thanks in 
>> advance for the help.
>
> I have a similar need, but I create an A record at zone level with:
>
> samba-tool dns add localhost myserver.example.com myserver.example.com 
> A 10.2.3.4 -U Administrator
>
> The trick is to specify zone-name and record-name with the same value.
> I have not tried to create a CNAME but given the syntax above that 
> should be:
>
> samba-tool dns add localhost myserver.example.com myserver.example.com 
> CNAME?myserver.samdom.example.com -U Administrator
>
> If it turns out that it does not work with a CNAME record, I would 
> guess an A record also solves the issue.
>
> - Kees.
>
Hi, Kees.

Thank you; that worked perfectly! The CNAME variant, I mean. As an 
aside, although described as a "trick" in the wiki, it doesn't
seem to
be a particularly dirty or onerous one. After all, the overwhelming 
majority of a typical organization's machines _will not_ need to be 
externally accessible.

A question for you (and perhaps Rowland). Would creating a zone of just 
"example.com"? _without_ the "samdom" subdomain and then
creating DNS
records with the individual machine names not work for some structural 
reason? For example:

~ # samba-tool dns zonecreate localhost "example.com" -U administrator
~ # samba-tool dns add localhost example.com myserver 
CNAME?myserver.samdom.example.com -U administrator
~ # samba-tool dns add localhost example.com myotherserver 
CNAME?myotherserver.samdom.example.com -U administrator

This would have the advantage that a single dummy zone would be able to 
contain aliases for _all_ externally visible machines. (I haven't tried 
this yet; it just occurred to me...and struck me as being "tidier".)

I still don't completely get the gestalt of the strong recommendation of 
having a subdomain, even for smaller organizations, unless it's just a 
best practice designed to future proof an organization which might 
become more complex and hierarchical over time.

Thanks again for the help.

- John