Linux and Unix DNS Configuration

From SambaWiki


Introduction

Active Directory (AD) uses DNS in the background, to locate other DCs and services, such as Kerberos. Thus AD domain members and servers must be able to resolve the AD DNS zones.

The following describes how to manually configure Linux clients to use DNS servers. If you are running a DHCP server providing DNS settings to your client computers, configure your DHCP server to send the IP addresses of your DNS servers.

Configuring the /etc/resolv.conf

Set the DNS server IP and AD DNS domain in your /etc/resolv.conf. For example:

nameserver 10.99.0.1
search samdom.example.com

Some utilities, such as NetworkManager can overwrite manual changes in that file. See your distribution's documentation for information about how to configure name resolution permanently.

For NetworkManager, set the DNS server using either the graphical interface or nmcli and restart the NetworkManager service. The visible /etc/resolv.conf file:

nameserver 127.0.0.53
search samdom.example.com

won't list the DNS server explicitly but nevertheless works correctly.




Testing DNS resolution

To verify that your DNS settings are correct and your client or server is able to resolve IP addresses and host names use the nslookup or host commands. The nslookup command is available on Linux and Windows.

Forward Lookup

To resolve a host name its IP address:

# nslookup DC1.samdom.example.com
Server:         10.99.0.1
Address:        10.99.0.1#53

Name:   DC1.samdom.example.com
Address: 10.99.0.1

alternatively you can use the host command:

# host DC1.samdom.example.com
DC1.samdom.example.com has address 10.99.0.1

Reverse Lookup

To resolve a IP address to its host name:

# nslookup 10.99.0.1
Server:        10.99.0.1
Address:	10.99.0.1#53

1.0.99.10.in-addr.arpa	name = DC1.samdom.example.com.

or

# host 10.99.0.1
1.0.99.10.in-addr.arpa domain name pointer DC1.samdom.example.com


Note that in a Samba AD, the reverse zone is not automatically configured. To set up a reverse zone, see DNS Administration.

Resolving SRV Records

Active Directory (AD) uses SRV records to locate services, such as Kerberos and LDAP. To verify that SRV records are resolved correctly, use the nslookup interactive shell:

$ nslookup
> set type=SRV
> _ldap._tcp.samdom.example.com
Server:	192.168.0.4
Address:	192.168.0.4#53

_ldap._tcp.samdom.example.com	service = 0 100 389 dc2.samdom.example.com.
_ldap._tcp.samdom.example.com	service = 0 100 389 dc1.samdom.example.com.
> exit

or

$ host -t SRV _ldap._tcp.samdom.example.com
_ldap._tcp.samdom.example.com has SRV record 0 100 389 dc1.samdom.example.com.
_ldap._tcp.samdom.example.com has SRV record 0 100 389 dc2.samdom.example.com.

Error Messages

  • The DNS server is not able to resolve the host name:
** server can't find DC1.samdom.example.com: NXDOMAIN
  • The DNS server is not able to resolve the IP address:
** server can't find 1.0.99.10.in-addr.arpa: NXDOMAIN
  • The DNS server used is not available:
;; connection timed out; no servers could be reached