Difference between revisions of "Linux and Unix DNS Configuration"

From SambaWiki
m (/* change header font size)
m (/* minor edit)
Line 25: Line 25:
== Testing DNS resolution ==
== Testing DNS resolution ==
See [[Testing_the_DNS_Name_Resolution]].

Revision as of 10:49, 28 November 2018


Active Directory (AD) uses DNS in the background, to locate other DCs and services, such as Kerberos. Thus AD domain members and servers must be able to resolve the AD DNS zones.

The following describes how to manually configure Linux clients to use DNS servers. If you are running a DHCP server providing DNS settings to your client computers, configure your DHCP server to send the IP addresses of your DNS servers.

Configuring the /etc/resolv.conf

Set the DNS server IP and AD DNS domain in your /etc/resolv.conf. For example:

search samdom.example.com

Some utilities, such as NetworkManager can overwrite manual changes in that file. See your distribution's documentation for information about how to configure name resolution permanently.

Testing DNS resolution

To verify that your DNS settings are correct and your client or server is able to resolve IP addresses and host names use the nslookup or host commands. The nslookup command is available on Linux and Windows.

Forward Lookup

To resolve a host name its IP address:

# nslookup DC1.samdom.example.com

Name:   DC1.samdom.example.com

alternatively you can use the host command:

# host DC1.samdom.example.com
DC1.samdom.example.com has address

Reverse Lookup

To resolve a IP address to its host name:

# nslookup
Address:	name = DC1.samdom.example.com.


# host domain name pointer DC1.samdom.example.com

Note that in a Samba AD, the reverse zone is not automatically configured. To set up a reverse zone, see DNS Administration.

Resolving SRV Records

Active Directory (AD) uses SRV records to locate services, such as Kerberos and LDAP. To verify that SRV records are resolved correctly, use the nslookup interactive shell:

$ nslookup
> set type=SRV
> _ldap._tcp.samdom.example.com

_ldap._tcp.samdom.example.com	service = 0 100 389 dc2.samdom.example.com.
_ldap._tcp.samdom.example.com	service = 0 100 389 dc1.samdom.example.com.
> exit


$ host -t SRV _ldap._tcp.samdom.example.com
_ldap._tcp.samdom.example.com has SRV record 0 100 389 dc1.samdom.example.com.
_ldap._tcp.samdom.example.com has SRV record 0 100 389 dc2.samdom.example.com.

Error Messages

  • The DNS server is not able to resolve the host name:
** server can't find DC1.samdom.example.com: NXDOMAIN
  • The DNS server is not able to resolve the IP address:
** server can't find NXDOMAIN
  • The DNS server used is not available:
;; connection timed out; no servers could be reached