Web lists-archives.com

Re: [Samba] getent not working after installing firewall




As extra comment on this mail. 

On that sonicwall.

If you had set in /etc/resolv.conf 
search lan.domain.tld domain.tld
nameserver 127.0.0.1
# only for backup, everything should resolve over 127.0.0.1
nameserver 192.168.0.2
nameserver 209.18.47.62
# setup a dns caching resolver in the mail and sonic wall. 


And if you had setup a dnsserver, you could have done 
Forward dns requests (for) lan.domain.tld to DNS Samba.
Forward dns requests (for) domain.tld to DNS ISP. 

This also prevents leaking dns info. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens Mark 
> Foley via samba
> Verzonden: dinsdag 5 maart 2019 7:15
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] getent not working after installing firewall
> 
> On Tue, 5 Mar 2019 06:17:59 +0100 Reindl Harald 
> <h.reindl@xxxxxxxxxxxxx> wrote:
> >
> > Am 05.03.19 um 00:22 schrieb Mark Foley via samba:
> > > /etc/resolv.conf:
> > > nameserver 192.168.0.2
> > > nameserver 209.18.47.62
> > > 
> > > /etc/hosts:
> > > 127.0.0.1               localhost
> > > 192.168.0.60            ccarter
> > > 
> > > So, the gateway is the Sonicwall firewall, 192.168.0.1. 
> Nameservers are the DC (192.168.0.2)
> > > and one of the ISP name servers. The IP is static and is 
> set in /etc/hosts. At this point,
> > > there should be no issues or questions with respect to 
> which gateway or DHCP usage (DHCP is not
> > > being used)
> > besides that oyu really could strip your quotes why in the 
> world are you
> > doing that? there is no point except asking for troubles 
> when you mix
> > your DC and a external nameserver
> 
> Personally, I like the quotes. It gives me, and hopefully 
> other, a clearer picture of the
> problem and what has been tried. A reader can always skip to 
> the bottom.
> 
> ANYWAY, Standby! I may have the problem solved. I need to do 
> a bit more experimentation with a
> couple of components, but I think it might be fixed. I'll 
> post again later when I've confirmed.
> 
> --Mark
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba