Linux and Unix DNS Configuration
Active Directory (AD) uses DNS in the background, to locate other DCs and services, such as Kerberos. Thus AD domain members and servers must be able to resolve the AD DNS zones.
The following describes how to manually configure Linux clients to use DNS servers. If you are running a DHCP server providing DNS settings to your client computers, configure your DHCP server to send the IP addresses of your DNS servers.
Configuring the /etc/resolv.conf
Set the DNS server IP and AD DNS domain in your
/etc/resolv.conf. For example:
nameserver 10.99.0.1 search samdom.example.com
Some utilities, such as NetworkManager can overwrite manual changes in that file. See your distribution's documentation for information about how to configure name resolution permanently.
Testing DNS resolution
To verify that your DNS settings are correct and your client or server is able to resolve IP addresses and host names use the
nslookup command. The command is available on Linux and Windows.
To resolve a host name its IP address:
# nslookup DC1.samdom.example.com Server: 10.99.0.1 Address: 10.99.0.1#53 Name: DC1.samdom.example.com Address: 10.99.0.1
To resolve a IP address to its host name:
# nslookup 10.99.0.1 Server: 10.99.0.1 Address: 10.99.0.1#53 184.108.40.206.in-addr.arpa name = DC1.samdom.example.com.
Note that in a Samba AD, the reverse zone is not automatically configured. To set up a reverse zone, see DNS Administration.
Resolving SRV Records
Active Directory (AD) uses SRV records to locate services, such as Kerberos and LDAP. To verify that SRV records are resolved correctly, use the
nslookup interactive shell:
$ nslookup > set type=SRV > _ldap._tcp.samdom.example.com Server: 192.168.0.4 Address: 192.168.0.4#53 _ldap._tcp.samdom.example.com service = 0 100 389 dc2.samdom.example.com. _ldap._tcp.samdom.example.com service = 0 100 389 dc1.samdom.example.com. > exit
Alternatively, you can use the host command.
$ host -t SRV _ldap._tcp.samdom.example.com _ldap._tcp.samdom.example.com has SRV record 0 100 389 dc1.samdom.example.com. _ldap._tcp.samdom.example.com has SRV record 0 100 389 dc2.samdom.example.com.
- The DNS server is not able to resolve the host name:
** server can't find DC1.samdom.example.com: NXDOMAIN
- The DNS server is not able to resolve the IP address:
** server can't find 220.127.116.11.in-addr.arpa: NXDOMAIN
- The DNS server used is not available:
;; connection timed out; no servers could be reached