Web lists-archives.com

Re: [Samba] DNS forwarding not working.




> > > 
> > > Is this dns server also authoritative for the same dns domain as
> > > the AD domain ? 
> > 
> >  Yes, the Fedora29 server is authoritative.
> > 
> > > 
> > > 
> > > Lets start with the smb.conf from the DC, your DC's FQDN and
> > > ipaddress (sanitised if you have to) and the same for your Fedora
> > > dns server. 
> > === DC server smb.conf ===
> > Ubuntu18.04> less /etc/samba/smb.conf 
> > # Global parameters
> > [global]
> >     netbios name = DC0
> >     realm = company.COM
> >     server role = active directory domain controller
> >     server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, 
> > winbindd, ntp_signd, kcc, dnsupdate
> >     workgroup = company
> >     idmap_ldb:use rfc2307 = yes
> > 
> > [netlogon]
> >     path = /var/lib/samba/sysvol/company.com/scripts
> >     read only = No
> > 
> > [sysvol]
> >     path = /var/lib/samba/sysvol
> >     read only = No
> > === END DC server smb.conf ===
> > 
> > DC FQDN - dc0.company.com (172.23.93.25)
> > 
> > Fedora server - zaphod.company.com (172.23.93.3)
> 
> 
> So your DC is authoritative for the 'company.com' dns domain and holds
> all the AD dns domain records.
> zaphod is authoritative for 'company.com' dns domain and presumably
> holds none of the AD dns domain records

It did not occur to me the AD had to be authoritative.  However,I
thought if DNS server could not find a record in it's database, it
would query a 'Forward' server.

I shall repeat the steps and use a subnet.

Thank you.

> 
> Can you not not see what is wrong here and why forwarding doesn't work ?
> 
> You should have used a subdomain of 'company.com' for your AD dns
> domain (perhaps ad.company.com)
> 
> When you ask your DC for 'dnsclient.company.com' (where 'dnsclient' is
> not an AD domain member), your DC will not forward it anywhere because
> it is authoritative for the 'company.com' dns domain, it will just
> return 'not known' or words to that effect.
> 
> I, personally, would transfer all the dns & dhcp roles from zaphod to
> your DC, or start again with a new subdomain on your DC.
> 
> Your forwarders need to be outside your AD dns domain.
> 



This email message and any attachments are for the sole use of the 
intended recipient(s) and may contain proprietary and/or confidential 
information which may be privileged or otherwise protected from 
disclosure. Any unauthorized review, use, disclosure or distribution is 
prohibited. If you are not the intended recipient(s), please contact the 
sender by reply email and destroy the original message and any copies of 
the message as well as any attachments to the original message.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba