Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi there. If the forum is wrong and should be for example networking forum, please move the content. I know post is long but i wanted to give you as much info i could.
I need your help to be sure that i made good configuration of BIND in 9.9 version and my dig and nslookup works correctly.
I am not sure that all is ok but i have NO IDEA where and what i should change. The problem is my other than dc server is not being resolved by dns, i see it on computers after adding to domain, the same with my windows pc station.
SO propably ldap samba working OK, but DNS not. Its test environment i know DNS should be on other machine than DC, ill move it later.
Another thing is when i run RSAT ADUAC on windows i can see my domain forward zone but there is NO reverse lookup zone and i dont have idea WHY
I changed my real domain name from eee.xxxxxx.yy to sub.domain.com.
after using systemctl status named -l i got this:
Code:
Mar 23 00:08:55 dc1.sub.domain.com named[1164]: all zones loaded
Mar 23 00:08:55 dc1.sub.domain.com named[1164]: running
Mar 23 00:08:55 dc1.sub.domain.com systemd[1]: Started Berkeley Internet Name Domain (DNS).
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: no longer listening on 192.168.1.100#53
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: no longer listening on 127.0.0.1#53
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: not listening on any interfaces
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: not listening on any interfaces
Mar 23 17:14:36 dc1.sub.domain.com named[1164]: listening on IPv4 interface lo, 127.0.0.1#53
Mar 23 17:14:40 dc1.sub.domain.com named[1164]: listening on IPv4 interface enp0s3, 192.168.1.100#53
Mar 23 17:23:28 dc1.sub.domain.com named[1164]: client 127.0.0.1#58024 (dc1): query (cache) 'dc1/A/IN' denied
Status for samba is:
Code:
Mar 23 00:08:57 dc1.sub.domain.com winbindd[1334]: [2018/03/23 00:08:57.626359, 0] ../lib/util/become_daemon.c:124(daemon_ready)
Mar 23 00:08:57 dc1.sub.domain.com winbindd[1334]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Mar 23 16:43:49 dc1.sub.domain.com winbindd[1359]: [2018/03/23 16:43:49.619082, 0] ../source3/winbindd/winbindd_dual.c:107(child_write_response)
Mar 23 16:43:49 dc1.sub.domain.com winbindd[1359]: Could not write result
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]: [2018/03/23 16:43:51.310978, 0] ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]: ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 110
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]: [2018/03/23 16:43:51.311524, 0] ../source4/dsdb/dns/dns_update.c:313(dnsupdate_spnupdate_done)
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]: ../source4/dsdb/dns/dns_update.c:313: Failed SPN update - with error code 110
Mar 23 16:43:51 dc1.sub.domain.com smbd[1332]: [2018/03/23 16:43:51.733542, 0] ../lib/util/become_daemon.c:124(daemon_ready)
Mar 23 16:43:51 dc1.sub.domain.com smbd[1332]: STATUS=daemon 'smbd' finished starting up and ready to serve connections
[root@dc1 ~]# dig dc1
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> dc1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23884
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dc1. IN A
;; AUTHORITY SECTION:
. 8491 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018032201 1800 900 604800 86400
;; Query time: 3 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:53:30 CET 2018
;; MSG SIZE rcvd: 107
[root@dc1 ~]# dig dc1.sub.domain.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> dc1.sub.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52581
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dc1.sub.domain.com. IN A
;; ANSWER SECTION:
dc1.sub.domain.com. 900 IN A 192.168.1.100
dc1.sub.domain.com. 900 IN A 192.168.122.1
;; AUTHORITY SECTION:
sub.domain.com. 900 IN NS dc1.sub.domain.com.
;; Query time: 2 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:53:39 CET 2018
;; MSG SIZE rcvd: 92
[root@dc1 ~]# dig dc1.sub.domain.com.
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> dc1.sub.domain.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19681
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dc1.sub.domain.com. IN A
;; ANSWER SECTION:
dc1.sub.domain.com. 900 IN A 192.168.122.1
dc1.sub.domain.com. 900 IN A 192.168.1.100
;; AUTHORITY SECTION:
sub.domain.com. 900 IN NS dc1.sub.domain.com.
;; Query time: 2 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:53:44 CET 2018
;; MSG SIZE rcvd: 92
[root@dc1 ~]# dig vsfiles.sub.domain.com.
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> vsfiles.sub.domain.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41015
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vsfiles.sub.domain.com. IN A
;; AUTHORITY SECTION:
sub.domain.com. 3600 IN SOA dc1.sub.domain.com. hostmaster.sub.domain.com. 21 900 600 86400 3600
;; Query time: 6 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:54:06 CET 2018
;; MSG SIZE rcvd: 101
[root@dc1 ~]# dig vsfiles.sub.domain.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> vsfiles.sub.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6486
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vsfiles.sub.domain.com. IN A
;; AUTHORITY SECTION:
sub.domain.com. 3600 IN SOA dc1.sub.domain.com. hostmaster.sub.domain.com. 21 900 600 86400 3600
;; Query time: 7 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:54:19 CET 2018
;; MSG SIZE rcvd: 101
[root@dc1 ~]# dig vsfiles
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> vsfiles
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25419
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vsfiles. IN A
;; AUTHORITY SECTION:
. 8425 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018032300 1800 900 604800 86400
;; Query time: 3 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:54:28 CET 2018
;; MSG SIZE rcvd: 111
My named.conf from /etc/ is:
Code:
#Global BIND configuration optionsGlbal BIND configuration options
include "/usr/local/samba/private/named.conf";
options {
auth-nxdomain yes;
directory "/var/named";
notify no;
empty-zones-enable no;
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
listen-on port 53 {
127.0.0.1;
192.168.1.100;};
allow-query {
127.0.0.1;
localhost;
192.168.1.0/24;
# add other networks you want to allow to query your DNS
};
allow-recursion {
192.168.1.0/24;
# add other networks you want to allow to do recursive queries
};
forwarders {
# Google public DNS server here - replace with your own if necessary
8.8.8.8;
8.8.4.4;
};
allow-transfer {
# this config is for a single master DNS server
localhost;
};
};
# Root servers (required zone for recursive queries)
zone "." {
type hint;
file "named.root";
};
# Required localhost forward-/reverse zones
zone "domain.com" {
type master;
file "master/sub.domain.com.zone";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "master/192.168.1.zone";
};
My zone files:
Code:
$TTL 1D
@ IN SOA sub.domain.com. root.sub.domain.com. (
2018032301 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dc1.sub.domain.com.
;IN NS srv12.linuxphobia.com.
IN MX 5 smpt.sub.domain.com.
dc1.sub.domain.com. IN A 192.168.1.100
dc2.sub.domain.com. IN A 192.168.1.200
mail.sub.domain.com. IN CNAME smtp.sub.domain.com.
;webserver.linuxphobia.com. IN A 192.168.1.111
;sai-scan.linuxphobia.com. IN A 192.168.1.71
; IN A 192.168.1.72
; IN A 192.168.1.73
; IN TXT "Round-robin IP for Scan"
sub.domain.com. IN A 192.168.1.100
smtp.sub.domain.com. IN A 192.168.1.111
;www IN CNAME webserver.linuxphobia.com
vsfiles.sub.domain.com. IN A 192.168.1.101
And:
Code:
$TTL 1D
@ IN SOA sub.domain.com. root.sub.domain.com. (
2018032301 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
NS dc1.sub.domain.com.
;IN NS srv12.linuxphobia.com.
; IN MX 5 smpt.sub.domain.com.
;dc1.sub.domain.com. IN A 192.168.1.100
;dc2.sub.domain.com. IN A 192.168.1.200
;mail.sub.domain.com. IN CNAME smtp.sub.domain.com.
;webserver.linuxphobia.com. IN A 192.168.1.111
;sai-scan.linuxphobia.com. IN A 192.168.1.71
; IN A 192.168.1.72
; IN A 192.168.1.73
; IN TXT "Round-robin IP for Scan"
;sub.domain.com. IN A 192.168.1.100
;www IN CNAME webserver.linuxphobia.com.
100 IN PTR dc1.sub.domain.com.
200 IN PTR dc2.sub.domain.com.
100 IN PTR sub.domain.com.
101 IN PTR vsfiles.sub.domain.com.
~
Hi Bathory, thanks for your reply.
I added 127.0.01 and even localhost. In /etc/resolv.conf i got search sub.domain.com and nameserver ip address of dc (dns) server.
after restarting network and named i got the same problem -
** server can't find vsfiles: NXDOMAIN (3)
Strange thing is that when i use rsat from windows there is no reverse zone, and on linux machine there is only sub.domain.com created when bind starts.
Dns for PC2 computer and vsfiles server not resolving. Cant even host or ping this machines.
3. On this screens lets say its gui of zones. Its a tool called RSAT and you can manage your DNS from it with GUI tool. The problem is there should be all records from my DNS and as You can see only DC1 is here. I assmume when i add manually new record to linux files and change its version +1 it should propagate and work. No vsfiles host here- i really do not know why. In my files of zones (/var/named/master/files here) i got added vsfiles and pc2 information but on windows machine i can not see this, just like it is not saved.
When i have manually created new A record in this GUI and as You can see it is there. When i ping testPC host from virtual windows (where i made this screens) it can resolve its name properly, so this DNS record works OK. This screen shows DNS from DC1.sub.domain.com not local host. There should be all the same records in BIND and here - its just a GUI. But its not working here.
When i host vsfiles or host vsfiles.sub.domain.com or ping the same names - it also cant be find.
Hmm Maybe its smth with virtual box networking?
Look, what happened when i ask from dc1 and from vsfiles about this testPC (host does not exist in environment ut DNS can resolve it properly):
It gives me information from DNS, so, the main logical purpose is that not /var/named/master/files store DNS records
Or i got smth bad with any network configuration maybe, not DNS?
There is no record for testPC (manually added how You do it in Windows, - i got it in company - samba ldap and bind DNS -and the difference is there are all records as it should be and there is reverse zone working, not on my test environment - but i can not find the issue why its not working here on test.
2.
[root@dc1 master]# dig vsfiles @dc1.sub.domain.com +search
<-snip->
;; AUTHORITY SECTION:
. 2768 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018032601 1800 9
Since you get a response from the root servers, your nameserver thinks it's not authoritative for the sub.domain.com zone
Quote:
3.
There is no record for testPC (manually added how You do it in Windows, - i got it in company - samba ldap and bind DNS -and the difference is there are all records as it should be and there is reverse zone working, not on my test environment - but i can not find the issue why its not working here on test.
My guess is that your client(s) are using windows AD/DC in order to resolve hosts.
As I told you I don't know much about windows esp. AD/DC etc, but your setup looks like this.
OMFG, Thanks for that link, its so funny that i didint see that before... Using samba manuals i had no need to go there, but there was no information on configuration BIND pages on samba wiki that when you install samba and DNS you edit it by samba-tool... SO, can anyone explain where exactly this records are stored and is it 100% right to leave /var/named/conffiles as it is shown here https://wiki.samba.org/index.php/Set...host_Zone_File ? And use only rsat gui after adding reverse zone manually or samba-tool ?
Ill check it in a minute but it gives me crazy that i try to find the issue for 2 days...
OK, i dont understand how it works. Maybe i did it in wrong way but i tried to add reverse zone by IP name form GUI, it worked, but my known for dc1 computer did not show up there
So i deleted it, accepted that it will be deleted from domain and now i do not know how to check what is configured and what i want to modify from dc1 samba tool.
Got this:
Code:
[root@dc1 master]# samba-tool dns query 192.168.1.100 1.168.192.in-addr.arpa vsfiles.sub.domain.com all
Password for [administrator@sub.domain.com]:
ERROR(runtime): uncaught exception - (9714, 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/dns.py", line 859, in run
raise e
Record or zone doessamba-tool dns zonelist
Usage: samba-tool dns zonelist <server> [options]
[root@dc1 master]# samba-tool dns zonelist 192.168.1.100
Password for [administrator@sub.domain.com]:
3 zone(s) found
pszZoneName : 1.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.sub.domain.com
pszZoneName : sub.domain.com
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.sub.domain.com
pszZoneName : _msdcs.sub.domain.com
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.sub.domain.com
[root@dc1 master]#
My question is:
Where this records are properly stored? How to check it? What for we got 1000 manuals where plp write to use /var/named/m/files and it does nothing as i see?
My question is:
Where this records are properly stored? How to check it? What for we got 1000 manuals where plp write to use /var/named/m/files and it does nothing as i see?
Better start reading this and this (esp. Part 2).
Also in the 2nd link since you've installed samba using your distro's package manager, don't prepend the various commands with /usr/local/samba/bin.
Hi, I do not realy understand what your last suggestion is about
I used this first link to create my environment.
It looks like all is working in good way but i dont exactly know how to connect this 1 zones in one organism. I know when i ask foward zone i shoould get info about PTR records from reverse look up (if i create also PTR record). Im doing it from GUI and it does not show up here...
Names of zones looks OK, look:
Code:
Record or zone does not exist.[root@dc1 etc]# samba-tool dns zonelist dc1
Password for [administrator@sub.domain.com]:
3 zone(s) found
pszZoneName : 1.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.sub.domain.com
pszZoneName : sub.domain.com
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.sub.domain.com
pszZoneName : _msdcs.sub.domain.com
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.sub.domain.com
[root@dc1 etc]#
How can i check association of this dns zones?
How can i add forward record with PTR automatically? Can i do that in linux?
Now, when i use:
samba-tool dns add dc1 sub.domain.com TESTLIN A 192.168.1.127 - new record A named TESLIN with 1.127 ip is created, no PTR record added.
(samba-tool dns query dc1 1.168.192.in-addr.arpa TESTLIN all shows ERROR(runtime): uncaught exception - (9714, 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')).
When i use samba-tool dns add dc1 1.168.192.in-addr.arpa 127 PTR TESLIN.sub.domain.com it is created correctly.
When i do it from Windows GUI (where i can properly see and resolve that added up records) it does not show up in resolve records.
Can anyone tell me what to do to have it working? Or i really must always use only this commands to create PTR records?
It must be here and admin who knows how make it working
EDIT - ok i got information, that its not working on samba AD like it works on Windows Server DNS (as DNS host).
You have to manually add forward and reverse record with samba-tool not config files.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.