Active Directory does not allow dns queries from computers on lan network

Hitmoky_Hitter (Hitmoky Hitter) 2018-04-12 08:05:19 UTC #1

System version: NethServer release 7.4.1708 (Final)
Kernel release: 3.10.0-693.21.1.el7.x86_64

Module: Active Directory

Hey support! ^^

The situation is as follow: After the Nethserver installation I have configured two NICs, one red that gets it’s IP from DHCP and one green that hands our IP addresses through it’s own DHCP. I’ve activated the Active Directory module on an IP within that local network with a result being that all computers (Windows) on that green network do not get their dns requests resolved.

What are the steps to get dns on the AD working? I already tried setting dns server manually as the Nethserver host and the AD host that was made by enabled the AD module.

m.traeumner (Michael Träumner) 2018-04-12 08:29:38 UTC #2

Your configured DNS Server only resolves your internal names. For an external Name I think you have to put in a DNS-Server like google (8.8.8.8) at the network menu at DNS-Server tab.

Hitmoky_Hitter (Hitmoky Hitter) 2018-04-12 08:42:32 UTC #3

I never changed that, so it is still on the default 8.8.8.8. No internal neither external domain names are being resolved.

m.traeumner (Michael Träumner) 2018-04-12 09:05:40 UTC #4

What DNS-Settings does your clients get from DHCP?

Hitmoky_Hitter (Hitmoky Hitter) 2018-04-12 09:06:58 UTC #5

As of default I believe it was the Nethserver host at 10.0.0.1 but I changed it to 10.0.0.3, which is the AD host. Both did not change a thing, although the Windows clients are pointing correctly to the dns that I configure.

saitobenkei (Saito Benkei) 2018-04-12 09:09:12 UTC #6

I’m a bit confused…

The DNS settings of the clients where point? 10.0.0.1 or 8.8.8.8?

m.traeumner (Michael Träumner) 2018-04-12 09:09:58 UTC #7

Please try a

nslookup
at the client. Is your Server resolved

8.8.8.8 is the setting at the Server for external DNS.

Hitmoky_Hitter (Hitmoky Hitter) 2018-04-12 09:11:50 UTC #8

To clarify any confusion, there are two ways of setting the DNS:

Through the Network page, I believe this is for the Nethserver it’s external network requests (this one is set to 8.8.8.8);
Through the DHCP page, I believe this is for the LAN network it’s internal network requests(this one is set to 10.0.0.3, and I have tried 10.0.0.1 as well)

Hitmoky_Hitter (Hitmoky Hitter) 2018-04-12 09:14:27 UTC #9

C:\Windows\System32>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server: UnKnown
Address: 10.0.0.3

m.traeumner (Michael Träumner) 2018-04-12 09:16:24 UTC #10

Now I’m confused too, how do you reach your server webinterface?

10.0.0.1 or 10.0.0.3?

Hitmoky_Hitter (Hitmoky Hitter) 2018-04-12 09:17:28 UTC #11

https://10.0.0.1:980, or https://{host}.{domain}.{tld}:980

10.0.0.3 is ad.{domain}.{tld}, the host that is running as container for AD

m.traeumner (Michael Träumner) 2018-04-12 09:19:49 UTC #12

Ok, DNS at your clients has to be

10.0.0.1

Please change it and try nslookup again.

saitobenkei (Saito Benkei) 2018-04-12 09:20:26 UTC #13

Try leaving the “DNS Servers” empty in “DHCP” -> “DHCP Server” -> “Advanced Options”

Then on one of your client give the commands (In a CMD Window with elevated privileges)

ipconfig /release
ipconfig /renew

Hitmoky_Hitter (Hitmoky Hitter) 2018-04-12 09:27:47 UTC #14

So I pointed dns to 10.0.0.1 through Network -> Dns servers. Also left dns servers at DHCP -> Advanced empty. Released and renew through CMD. These are the results of the nslookup afterwards:

C:\Windows\System32>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server: UnKnown
Address: 10.0.0.1

saitobenkei (Saito Benkei) 2018-04-12 09:30:14 UTC #15

In “Network” -> “DNS Servers” put 8.8.8.8 and 8.8.4.4 it the 2 fields

Hitmoky_Hitter (Hitmoky Hitter) 2018-04-12 09:31:47 UTC #16

Did that, release, renew, nslookup and still get the same timeout

m.traeumner (Michael Träumner) 2018-04-12 09:58:40 UTC #17

You have a problem to reach your internal DNS. Is the gateway address pointed to your server?

this works?

Hitmoky_Hitter (Hitmoky Hitter) 2018-04-12 10:09:42 UTC #18

According to ipconfig /all it does point to 10.0.0.1

It does yes, never had any problems with using the hostname of Nethserver itself.

m.traeumner (Michael Träumner) 2018-04-12 10:59:09 UTC #19

The gateway is correct.

So I think it is resolved by DNS. Can you try to ping your nethserver by hostname (host) and by FQDN (host.domain.tld)

Hitmoky_Hitter (Hitmoky Hitter) 2018-04-12 11:00:45 UTC #20

Both of the pings are able to reach the server and {host}.{domain}.{tld} resolves correctly to 10.0.0.1