Linux and Unix DNS Configuration
Active Directory (AD) uses DNS in the background, to locate other DCs and services, such as Kerberos. Thus AD domain members and servers must be able to resolve the AD DNS zones.
The following describes how to manually configure Linux clients to use DNS servers. If you are running a DHCP server providing DNS settings to your client computers, configure your DHCP server to send the IP addresses of your DNS servers.
Configuring the /etc/resolv.conf
Set the DNS server IP and AD DNS domain in your
/etc/resolv.conf. For example:
nameserver 10.99.0.1 search samdom.example.com
Some utilities, such as NetworkManager can overwrite manual changes in that file. See your distribution's documentation for information about how to configure name resolution permanently.
For NetworkManager, set the DNS server using either the graphical interface or nmcli and restart the NetworkManager service. The visible /etc/resolv.conf file:
nameserver 127.0.0.53 search samdom.example.com
won't list the DNS server explicitly but nevertheless works correctly.
Testing DNS resolution
To verify that your DNS settings are correct and your client or server is able to resolve IP addresses and host names use the
host commands. The
nslookup command is available on Linux and Windows.
To resolve a host name its IP address:
# nslookup DC1.samdom.example.com Server: 10.99.0.1 Address: 10.99.0.1#53 Name: DC1.samdom.example.com Address: 10.99.0.1
alternatively you can use the
# host DC1.samdom.example.com DC1.samdom.example.com has address 10.99.0.1
To resolve a IP address to its host name:
# nslookup 10.99.0.1 Server: 10.99.0.1 Address: 10.99.0.1#53 18.104.22.168.in-addr.arpa name = DC1.samdom.example.com.
# host 10.99.0.1 22.214.171.124.in-addr.arpa domain name pointer DC1.samdom.example.com
Note that in a Samba AD, the reverse zone is not automatically configured. To set up a reverse zone, see DNS Administration.
Resolving SRV Records
Active Directory (AD) uses SRV records to locate services, such as Kerberos and LDAP. To verify that SRV records are resolved correctly, use the
nslookup interactive shell:
$ nslookup > set type=SRV > _ldap._tcp.samdom.example.com Server: 192.168.0.4 Address: 192.168.0.4#53 _ldap._tcp.samdom.example.com service = 0 100 389 dc2.samdom.example.com. _ldap._tcp.samdom.example.com service = 0 100 389 dc1.samdom.example.com. > exit
$ host -t SRV _ldap._tcp.samdom.example.com _ldap._tcp.samdom.example.com has SRV record 0 100 389 dc1.samdom.example.com. _ldap._tcp.samdom.example.com has SRV record 0 100 389 dc2.samdom.example.com.
- The DNS server is not able to resolve the host name:
** server can't find DC1.samdom.example.com: NXDOMAIN
- The DNS server is not able to resolve the IP address:
** server can't find 126.96.36.199.in-addr.arpa: NXDOMAIN
- The DNS server used is not available:
;; connection timed out; no servers could be reached