DNS BIND problem plz help:)

bktpl · 03-26-2018, 08:08 AM

Hi there. If the forum is wrong and should be for example networking forum, please move the content. I know post is long but i wanted to give you as much info i could.

I need your help to be sure that i made good configuration of BIND in 9.9 version and my dig and nslookup works correctly.
I am not sure that all is ok but i have NO IDEA where and what i should change. The problem is my other than dc server is not being resolved by dns, i see it on computers after adding to domain, the same with my windows pc station.
SO propably ldap samba working OK, but DNS not. Its test environment i know DNS should be on other machine than DC, ill move it later.
Another thing is when i run RSAT ADUAC on windows i can see my domain forward zone but there is NO reverse lookup zone and i dont have idea WHY

I changed my real domain name from eee.xxxxxx.yy to sub.domain.com.

after using systemctl status named -l i got this:

Code:

Mar 23 00:08:55 dc1.sub.domain.com named[1164]: all zones loaded
Mar 23 00:08:55 dc1.sub.domain.com named[1164]: running
Mar 23 00:08:55 dc1.sub.domain.com systemd[1]: Started Berkeley Internet Name Domain (DNS).
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: no longer listening on 192.168.1.100#53
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: no longer listening on 127.0.0.1#53
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: not listening on any interfaces
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: not listening on any interfaces
Mar 23 17:14:36 dc1.sub.domain.com named[1164]: listening on IPv4 interface lo, 127.0.0.1#53
Mar 23 17:14:40 dc1.sub.domain.com named[1164]: listening on IPv4 interface enp0s3, 192.168.1.100#53
Mar 23 17:23:28 dc1.sub.domain.com named[1164]: client 127.0.0.1#58024 (dc1): query (cache) 'dc1/A/IN' denied

Status for samba is:

Code:

Mar 23 00:08:57 dc1.sub.domain.com winbindd[1334]: [2018/03/23 00:08:57.626359,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Mar 23 00:08:57 dc1.sub.domain.com winbindd[1334]:   STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Mar 23 16:43:49 dc1.sub.domain.com winbindd[1359]: [2018/03/23 16:43:49.619082,  0] ../source3/winbindd/winbindd_dual.c:107(child_write_response)
Mar 23 16:43:49 dc1.sub.domain.com winbindd[1359]:   Could not write result
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]: [2018/03/23 16:43:51.310978,  0] ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]:   ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 110
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]: [2018/03/23 16:43:51.311524,  0] ../source4/dsdb/dns/dns_update.c:313(dnsupdate_spnupdate_done)
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]:   ../source4/dsdb/dns/dns_update.c:313: Failed SPN update - with error code 110
Mar 23 16:43:51 dc1.sub.domain.com smbd[1332]: [2018/03/23 16:43:51.733542,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Mar 23 16:43:51 dc1.sub.domain.com smbd[1332]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections

nslookup1:

Code:

[root@dc1 ~]# nslookup
> dc1
Server:         192.168.1.100
Address:        192.168.1.100#53

** server can't find dc1: NXDOMAIN
> dc1.sub.domain.com
Server:         192.168.1.100
Address:        192.168.1.100#53

Name:   dc1.sub.domain.com
Address: 192.168.122.1
Name:   dc1.sub.domain.com
Address: 192.168.1.100
> vsfiles
Server:         192.168.1.100
Address:        192.168.1.100#53

** server can't find vsfiles: NXDOMAIN
> vsfiles.sub.domain.com
Server:         192.168.1.100
Address:        192.168.1.100#53

** server can't find vsfiles.sub.domain.com: NXDOMAIN

Some DIGs:

Code:

[root@dc1 ~]# dig dc1

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> dc1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23884
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dc1.                           IN      A

;; AUTHORITY SECTION:
.                       8491    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2018032201 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:53:30 CET 2018
;; MSG SIZE  rcvd: 107

[root@dc1 ~]# dig dc1.sub.domain.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> dc1.sub.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52581
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dc1.sub.domain.com.             IN      A

;; ANSWER SECTION:
dc1.sub.domain.com.      900     IN      A       192.168.1.100
dc1.sub.domain.com.      900     IN      A       192.168.122.1

;; AUTHORITY SECTION:
sub.domain.com.          900     IN      NS      dc1.sub.domain.com.

;; Query time: 2 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:53:39 CET 2018
;; MSG SIZE  rcvd: 92

[root@dc1 ~]# dig dc1.sub.domain.com.

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> dc1.sub.domain.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19681
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dc1.sub.domain.com.             IN      A

;; ANSWER SECTION:
dc1.sub.domain.com.      900     IN      A       192.168.122.1
dc1.sub.domain.com.      900     IN      A       192.168.1.100

;; AUTHORITY SECTION:
sub.domain.com.          900     IN      NS      dc1.sub.domain.com.

;; Query time: 2 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:53:44 CET 2018
;; MSG SIZE  rcvd: 92

[root@dc1 ~]# dig vsfiles.sub.domain.com.

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> vsfiles.sub.domain.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41015
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vsfiles.sub.domain.com.         IN      A

;; AUTHORITY SECTION:
sub.domain.com.          3600    IN      SOA     dc1.sub.domain.com. hostmaster.sub.domain.com. 21 900 600 86400 3600

;; Query time: 6 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:54:06 CET 2018
;; MSG SIZE  rcvd: 101

[root@dc1 ~]# dig vsfiles.sub.domain.com

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> vsfiles.sub.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6486
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vsfiles.sub.domain.com.         IN      A

;; AUTHORITY SECTION:
sub.domain.com.          3600    IN      SOA     dc1.sub.domain.com. hostmaster.sub.domain.com. 21 900 600 86400 3600

;; Query time: 7 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:54:19 CET 2018
;; MSG SIZE  rcvd: 101

[root@dc1 ~]# dig vsfiles

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> vsfiles
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25419
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vsfiles.                       IN      A

;; AUTHORITY SECTION:
.                       8425    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2018032300 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:54:28 CET 2018
;; MSG SIZE  rcvd: 111

My named.conf from /etc/ is:

Code:

#Global BIND configuration optionsGlbal BIND configuration options
include "/usr/local/samba/private/named.conf";
options {

    auth-nxdomain yes;
    directory "/var/named";
    notify no;
    empty-zones-enable no;
    tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
    listen-on port 53 {
                127.0.0.1;
                192.168.1.100;};

allow-query {
        127.0.0.1;
        localhost;
        192.168.1.0/24;

# add other networks you want to allow to query your DNS
    };

    allow-recursion {
        192.168.1.0/24;

 # add other networks you want to allow to do recursive queries
    };

    forwarders {
        # Google public DNS server here - replace with your own if necessary
        8.8.8.8;
        8.8.4.4;
    };

    allow-transfer {
        # this config is for a single master DNS server
     localhost;
    };

};


# Root servers (required zone for recursive queries)
zone "." {
   type hint;
   file "named.root";
};

# Required localhost forward-/reverse zones
zone "domain.com" {
    type master;
    file "master/sub.domain.com.zone";
};

zone "1.168.192.in-addr.arpa" {
    type master;
    file "master/192.168.1.zone";
};

My zone files:

Code:

$TTL 1D

@       IN      SOA     sub.domain.com.  root.sub.domain.com. (
                                        2018032301      ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                        IN NS           dc1.sub.domain.com.
                        ;IN NS           srv12.linuxphobia.com.

                        IN MX 5 smpt.sub.domain.com.

dc1.sub.domain.com.   IN      A       192.168.1.100
dc2.sub.domain.com.   IN     A       192.168.1.200


mail.sub.domain.com.   IN      CNAME   smtp.sub.domain.com.

;webserver.linuxphobia.com. IN   A       192.168.1.111

;sai-scan.linuxphobia.com.       IN      A       192.168.1.71
;                                IN      A       192.168.1.72
;                                IN      A       192.168.1.73
;                                IN      TXT     "Round-robin IP for Scan"

sub.domain.com.        IN      A       192.168.1.100
smtp.sub.domain.com.   IN      A       192.168.1.111
;www                     IN      CNAME   webserver.linuxphobia.com

vsfiles.sub.domain.com. IN A 192.168.1.101

And:

Code:

$TTL 1D

@       IN      SOA     sub.domain.com.  root.sub.domain.com. (
                                        2018032301      ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                         NS           dc1.sub.domain.com.

                        ;IN NS           srv12.linuxphobia.com.
;                        IN MX 5 smpt.sub.domain.com.
;dc1.sub.domain.com.   IN      A       192.168.1.100
;dc2.sub.domain.com.   IN     A       192.168.1.200
;mail.sub.domain.com.   IN      CNAME   smtp.sub.domain.com.
;webserver.linuxphobia.com. IN   A       192.168.1.111
;sai-scan.linuxphobia.com.       IN      A       192.168.1.71
;                                IN      A       192.168.1.72
;                                IN      A       192.168.1.73
;                                IN      TXT     "Round-robin IP for Scan"
;sub.domain.com.        IN      A       192.168.1.100
;www                     IN      CNAME   webserver.linuxphobia.com.

100 IN PTR dc1.sub.domain.com.
200 IN PTR dc2.sub.domain.com.

100 IN PTR sub.domain.com.
101 IN PTR vsfiles.sub.domain.com.
~

Smth is wrong also here, i think, how to fix it?:

Code:

[root@dc1 master]# netstat -tulpn | grep :53
tcp        0      0 192.168.1.100:53        0.0.0.0:*               LISTEN      5218/named
udp        0      0 192.168.1.100:53        0.0.0.0:*                           5218/named
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           669/avahi-daemon: r
[root@dc1 master]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:netbios-ssn     0.0.0.0:*               LISTEN      1315/smbd
tcp        0      0 0.0.0.0:sunrpc          0.0.0.0:*               LISTEN      1/systemd
tcp        0      0 0.0.0.0:kpasswd         0.0.0.0:*               LISTEN      1309/samba
tcp        0      0 dc1.sub.domain.c:domain 0.0.0.0:*               LISTEN      5218/named
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      1181/sshd
tcp        0      0 localhost.localdoma:ipp 0.0.0.0:*               LISTEN      1171/cupsd
tcp        0      0 0.0.0.0:kerberos        0.0.0.0:*               LISTEN      1309/samba
tcp        0      0 localhost.localdom:rndc 0.0.0.0:*               LISTEN      5218/named
tcp        0      0 localhost.localdom:smtp 0.0.0.0:*               LISTEN      1361/master
tcp        0      0 localhos:x11-ssh-offset 0.0.0.0:*               LISTEN      1819/sshd: root@pts
tcp        0      0 0.0.0.0:ldaps           0.0.0.0:*               LISTEN      1306/samba
tcp        0      0 0.0.0.0:microsoft-ds    0.0.0.0:*               LISTEN      1315/smbd
tcp        0      0 0.0.0.0:49152           0.0.0.0:*               LISTEN      1301/samba
tcp        0      0 0.0.0.0:49153           0.0.0.0:*               LISTEN      1301/samba
tcp        0      0 0.0.0.0:49154           0.0.0.0:*               LISTEN      1301/samba
tcp        0      0 0.0.0.0:msft-gc         0.0.0.0:*               LISTEN      1306/samba
tcp        0      0 0.0.0.0:msft-gc-ssl     0.0.0.0:*               LISTEN      1306/samba
tcp        0      0 0.0.0.0:ldap            0.0.0.0:*               LISTEN      1306/samba
tcp        0      0 0.0.0.0:epmap           0.0.0.0:*               LISTEN      1301/samba
tcp        0      0 dc1.sub.domain.com:ldap  vsfiles.sub.domai:57484 ESTABLISHED 5370/samba
tcp        0      0 dc1.sub.domain.com:ssh   192.168.1.2:55842       ESTABLISHED 1825/sshd: root@not
tcp        0     36 dc1.sub.domain.com:ssh   192.168.1.2:55841       ESTABLISHED 1819/sshd: root@pts
tcp6       0      0 [::]:netbios-ssn        [::]:*                  LISTEN      1315/smbd
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN      1/systemd
tcp6       0      0 [::]:kpasswd            [::]:*                  LISTEN      1309/samba
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1181/sshd
tcp6       0      0 localhost6.localdom:ipp [::]:*                  LISTEN      1171/cupsd
tcp6       0      0 [::]:kerberos           [::]:*                  LISTEN      1309/samba
tcp6       0      0 localhos:x11-ssh-offset [::]:*                  LISTEN      1819/sshd: root@pts
tcp6       0      0 [::]:ldaps              [::]:*                  LISTEN      1306/samba
tcp6       0      0 [::]:microsoft-ds       [::]:*                  LISTEN      1315/smbd
tcp6       0      0 [::]:49152              [::]:*                  LISTEN      1301/samba
tcp6       0      0 [::]:49153              [::]:*                  LISTEN      1301/samba
tcp6       0      0 [::]:49154              [::]:*                  LISTEN      1301/samba
tcp6       0      0 [::]:msft-gc            [::]:*                  LISTEN      1306/samba
tcp6       0      0 [::]:msft-gc-ssl        [::]:*                  LISTEN      1306/samba
tcp6       0      0 [::]:ldap               [::]:*                  LISTEN      1306/samba
tcp6       0      0 [::]:epmap              [::]:*                  LISTEN      1301/samba
[root@dc1 master]#

I can not properly ping this machine without adding it to hosts.

Hosts are on Oracle Virtualbox, interfaces are bridged.

bathory · 03-26-2018, 12:10 PM

Hi and welcome to LQ,

1.

Quote:

Mar 23 17:23:28 dc1.sub.domain.com named[1164]: client 127.0.0.1#58024 (dc1): query (cache) 'dc1/A/IN' denied

You should add 127.0.0.1 in the allow-recursion list:

Code:

    allow-recursion { 127.0.0.1; 
        192.168.1.0/24;

2.

Quote:

[root@dc1 ~]# nslookup
> dc1
Server: 192.168.1.100
Address: 192.168.1.100#53

** server can't find dc1: NXDOMAIN

If you want to resolve hostnames without supplying the FQDN, you need to add either one of the following in /etc/resolv.conf:

Code:

search sub.domain.com
domain sub.domain.com

This way nslookup will be able to resolve plain hostnames. If you want to use dig for the same you need to use:

Code:

dig dc1 +search

bktpl · 03-26-2018, 01:03 PM

Hi Bathory, thanks for your reply.
I added 127.0.01 and even localhost. In /etc/resolv.conf i got search sub.domain.com and nameserver ip address of dc (dns) server.
after restarting network and named i got the same problem -

** server can't find vsfiles: NXDOMAIN (3)

Strange thing is that when i use rsat from windows there is no reverse zone, and on linux machine there is only sub.domain.com created when bind starts.
Dns for PC2 computer and vsfiles server not resolving. Cant even host or ping this machines.

Please see attachments.

bathory · 03-26-2018, 01:47 PM

Quote:

I added 127.0.01 and even localhost. In /etc/resolv.conf i got search sub.domain.com and nameserver ip address of dc (dns) server.

You mean that you have the following in /etc/resolv.conf?

Code:

search sub.domain.com
nameserver 192.168.1.100

Quote:

after restarting network and named i got the same problem -

** server can't find vsfiles: NXDOMAIN (3)

Could you please post the whole dig output:

Code:

dig vsfiles @dc1.sub.domain.com +search

FYI I've recreated your zone here and it works as expected.

Quote:

Please see attachments

Sorry but I've ditched windows years ago, so I cannot understand what these screenshots are about!

bktpl · 03-26-2018, 03:26 PM

Quote:

Originally Posted by bathory

You mean that you have the following in /etc/resolv.conf?

Code:

search sub.domain.com
nameserver 192.168.1.100

Could you please post the whole dig output:

Code:

dig vsfiles @dc1.sub.domain.com +search

FYI I've recreated your zone here and it works as expected.

Sorry but I've ditched windows years ago, so I cannot understand what these screenshots are about!

I dont knowhow to multi quote here properly

1. Yes, sub.domain.com and 192.168.1.100 as a nameserver.

2. Your dig here:

Code:

[root@dc1 master]# dig vsfiles @dc1.sub.domain.com +search

; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> vsfiles @dc1.sub.domain.com +search
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59978
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vsfiles.                       IN      A

;; AUTHORITY SECTION:
.                       2768    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2018032601 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Mon Mar 26 22:10:10 CEST 2018
;; MSG SIZE  rcvd: 111

3. On this screens lets say its gui of zones. Its a tool called RSAT and you can manage your DNS from it with GUI tool. The problem is there should be all records from my DNS and as You can see only DC1 is here. I assmume when i add manually new record to linux files and change its version +1 it should propagate and work. No vsfiles host here- i really do not know why. In my files of zones (/var/named/master/files here) i got added vsfiles and pc2 information but on windows machine i can not see this, just like it is not saved.
When i have manually created new A record in this GUI and as You can see it is there. When i ping testPC host from virtual windows (where i made this screens) it can resolve its name properly, so this DNS record works OK. This screen shows DNS from DC1.sub.domain.com not local host. There should be all the same records in BIND and here - its just a GUI. But its not working here.

When i host vsfiles or host vsfiles.sub.domain.com or ping the same names - it also cant be find.

Hmm Maybe its smth with virtual box networking?

Look, what happened when i ask from dc1 and from vsfiles about this testPC (host does not exist in environment ut DNS can resolve it properly):

Code:

[root@dc1 master]# nslookup testpc
Server:         192.168.1.100
Address:        192.168.1.100#53

Name:   testpc.sub.domain.com
Address: 192.168.1.124

[root@dc1 master]# nslookup testpc.sub.domain.com
Server:         192.168.1.100
Address:        192.168.1.100#53

Name:   testpc.sub.domain.com
Address: 192.168.1.124

It gives me information from DNS, so, the main logical purpose is that not /var/named/master/files store DNS records

Or i got smth bad with any network configuration maybe, not DNS?

There is no record for testPC (manually added how You do it in Windows, - i got it in company - samba ldap and bind DNS -and the difference is there are all records as it should be and there is reverse zone working, not on my test environment - but i can not find the issue why its not working here on test.

bathory · 03-27-2018, 02:40 AM

Quote:

2.
[root@dc1 master]# dig vsfiles @dc1.sub.domain.com +search
<-snip->
;; AUTHORITY SECTION:
. 2768 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018032601 1800 9

Since you get a response from the root servers, your nameserver thinks it's not authoritative for the sub.domain.com zone

Quote:

3.
There is no record for testPC (manually added how You do it in Windows, - i got it in company - samba ldap and bind DNS -and the difference is there are all records as it should be and there is reverse zone working, not on my test environment - but i can not find the issue why its not working here on test.

My guess is that your client(s) are using windows AD/DC in order to resolve hosts.
As I told you I don't know much about windows esp. AD/DC etc, but your setup looks like this.

bktpl · 03-27-2018, 04:32 AM

OMFG, Thanks for that link, its so funny that i didint see that before... Using samba manuals i had no need to go there, but there was no information on configuration BIND pages on samba wiki that when you install samba and DNS you edit it by samba-tool... SO, can anyone explain where exactly this records are stored and is it 100% right to leave /var/named/conffiles as it is shown here https://wiki.samba.org/index.php/Set...host_Zone_File ? And use only rsat gui after adding reverse zone manually or samba-tool ?

Ill check it in a minute but it gives me crazy that i try to find the issue for 2 days...

bktpl · 03-27-2018, 02:40 PM

OK, i dont understand how it works. Maybe i did it in wrong way but i tried to add reverse zone by IP name form GUI, it worked, but my known for dc1 computer did not show up there

So i deleted it, accepted that it will be deleted from domain and now i do not know how to check what is configured and what i want to modify from dc1 samba tool.

Got this:

Code:

[root@dc1 master]# samba-tool dns query 192.168.1.100 1.168.192.in-addr.arpa  vsfiles.sub.domain.com all
Password for [administrator@sub.domain.com]:
ERROR(runtime): uncaught exception - (9714, 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dns.py", line 859, in run
    raise e
Record or zone doessamba-tool dns zonelist
Usage: samba-tool dns zonelist <server> [options]

[root@dc1 master]# samba-tool dns zonelist 192.168.1.100
Password for [administrator@sub.domain.com]:
  3 zone(s) found

  pszZoneName                 : 1.168.192.in-addr.arpa
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn                   : DomainDnsZones.sub.domain.com

  pszZoneName                 : sub.domain.com
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn                   : DomainDnsZones.sub.domain.com

  pszZoneName                 : _msdcs.sub.domain.com
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn                   : ForestDnsZones.sub.domain.com
[root@dc1 master]#

My question is:
Where this records are properly stored? How to check it? What for we got 1000 manuals where plp write to use /var/named/m/files and it does nothing as i see?

bathory · 03-27-2018, 04:04 PM

Quote:

My question is:
Where this records are properly stored? How to check it? What for we got 1000 manuals where plp write to use /var/named/m/files and it does nothing as i see?

Better start reading this and this (esp. Part 2).
Also in the 2nd link since you've installed samba using your distro's package manager, don't prepend the various commands with /usr/local/samba/bin.

Regards

bktpl · 03-30-2018, 08:33 AM

Hi, I do not realy understand what your last suggestion is about

I used this first link to create my environment.
It looks like all is working in good way but i dont exactly know how to connect this 1 zones in one organism. I know when i ask foward zone i shoould get info about PTR records from reverse look up (if i create also PTR record). Im doing it from GUI and it does not show up here...
Names of zones looks OK, look:

Code:

Record or zone does not exist.[root@dc1 etc]# samba-tool dns zonelist dc1
Password for [administrator@sub.domain.com]:
  3 zone(s) found

  pszZoneName                 : 1.168.192.in-addr.arpa
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn                   : DomainDnsZones.sub.domain.com

  pszZoneName                 : sub.domain.com
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn                   : DomainDnsZones.sub.domain.com

  pszZoneName                 : _msdcs.sub.domain.com
  Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
  ZoneType                    : DNS_ZONE_TYPE_PRIMARY
  Version                     : 50
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
  pszDpFqdn                   : ForestDnsZones.sub.domain.com
[root@dc1 etc]#

How can i check association of this dns zones?
How can i add forward record with PTR automatically? Can i do that in linux?

Now, when i use:
samba-tool dns add dc1 sub.domain.com TESTLIN A 192.168.1.127 - new record A named TESLIN with 1.127 ip is created, no PTR record added.
(samba-tool dns query dc1 1.168.192.in-addr.arpa TESTLIN all shows ERROR(runtime): uncaught exception - (9714, 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')).

When i use samba-tool dns add dc1 1.168.192.in-addr.arpa 127 PTR TESLIN.sub.domain.com it is created correctly.

When i do it from Windows GUI (where i can properly see and resolve that added up records) it does not show up in resolve records.
Can anyone tell me what to do to have it working? Or i really must always use only this commands to create PTR records?

It must be here and admin who knows how make it working

EDIT - ok i got information, that its not working on samba AD like it works on Windows Server DNS (as DNS host).
You have to manually add forward and reverse record with samba-tool not config files.