Samba Internal DNS Back End: Difference between revisions
Mmuehlfeld (talk | contribs) m (Added category) |
m (/* added round robin limitation) |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 16: | Line 16: | ||
* stub zones |
* stub zones |
||
* zone transfers |
* zone transfers |
||
* wildcard DNS entries: [https://bugzilla.samba.org/show_bug.cgi?id=10435 See related bug report] |
|||
* Round Robin load balancing among DC's |
|||
Revision as of 08:15, 29 September 2018
Introduction
The Samba Active Directory (AD) domain controller (DC) provides an internal DNS server that supports the basic feature required in an AD. It is easy to configure and requires no additional software or knowledge about DNS. The INTERNAL_DNS
back end is recommended for simple DNS setups.
Limitations
The internal DNS does not support:
- acting as a caching resolver
- recursive queries
- shared-key transaction signature (TSIG)
- stub zones
- zone transfers
- wildcard DNS entries: See related bug report
- Round Robin load balancing among DC's
Setting up Dynamic DNS Updates Using Kerberos
Dynamic DNS updates using Kerberos is enabled by default in the internal DNS server. To change this setting, set the allow dns updates
parameter in the smb.conf
file.
For further details, see the smb.conf (5)
man page.
Setting up a DNS Forwarder
The internal DNS server is only able to resolve the Active Directory (AD) DNS zones. To enable recursive queries of other zones, set the dns forwarder
parameter in the smb.conf
file to one or more IP addresses of DNS servers that support recursive resolving. For example:
dns forwarder = 8.8.8.8
Samba 4.5 and later supports multiple space-separated IP addresses. Older versions support one IP address. |
For further details, see the smb.conf (5)
man page.
Troubleshooting
Clients Are Unable to Resolve DNS Queries
If you are not able to resolve records from your Active Directory (AD) DNS zone, verify that you have set the IP of a DNS server that is able to resolve the AD DNS zone in your operating system. See:
If the client configuration is correct, make sure that the Samba DNS server is running. For details, see Samba DNS Server Does Not Start.
Samba DNS Server Does Not Start
To verify that no other process uses the TCP and UDP port 53:
- Check the Samba log files for DNS related errors. For example:
[2016/01/01 00:00:00.000000, 0] ../source4/smbd/service_stream.c:346(stream_setup_socket) Failed to listen on 127.0.0.1:53 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
- Verify that no other process is listening on the TCP and UDP port 53. For example:
# netstat -tulpn | grep ":53" tcp 0 0 10.99.0.1:53 0.0.0.0:* LISTEN 972/dnsmasq tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 903/dnsmasq udp 0 0 10.99.0.1:53 0.0.0.0:* 972/dnsmasq udp 0 0 127.0.0.1:53 0.0.0.0:* 903/dnsmasq
- The example show, that the
dnsmasq
process is listening on port 53.
To fix the problem:
- Stop the service listening on port 53 and disable it to auto-start at boot time. For details, see your operating system's documentation.
- Restart Samba.