Active Directory does not allow dns queries from computers on lan network

System version: NethServer release 7.4.1708 (Final)
Kernel release: 3.10.0-693.21.1.el7.x86_64

Module: Active Directory

Hey support! ^^

The situation is as follow: After the Nethserver installation I have configured two NICs, one red that gets it’s IP from DHCP and one green that hands our IP addresses through it’s own DHCP. I’ve activated the Active Directory module on an IP within that local network with a result being that all computers (Windows) on that green network do not get their dns requests resolved.

What are the steps to get dns on the AD working? I already tried setting dns server manually as the Nethserver host and the AD host that was made by enabled the AD module.

Your configured DNS Server only resolves your internal names. For an external Name I think you have to put in a DNS-Server like google (8.8.8.8) at the network menu at DNS-Server tab.

I never changed that, so it is still on the default 8.8.8.8. No internal neither external domain names are being resolved.

What DNS-Settings does your clients get from DHCP?

As of default I believe it was the Nethserver host at 10.0.0.1 but I changed it to 10.0.0.3, which is the AD host. Both did not change a thing, although the Windows clients are pointing correctly to the dns that I configure.

I’m a bit confused…

The DNS settings of the clients where point? 10.0.0.1 or 8.8.8.8?

Please try a

nslookup
at the client. Is your Server resolved

8.8.8.8 is the setting at the Server for external DNS.

To clarify any confusion, there are two ways of setting the DNS:

• Through the Network page, I believe this is for the Nethserver it’s external network requests (this one is set to 8.8.8.8);
• Through the DHCP page, I believe this is for the LAN network it’s internal network requests(this one is set to 10.0.0.3, and I have tried 10.0.0.1 as well)

C:\Windows\System32>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server: UnKnown
Address: 10.0.0.3

Now I’m confused too, how do you reach your server webinterface?

10.0.0.1 or 10.0.0.3?

https://10.0.0.1:980, or https://{host}.{domain}.{tld}:980

10.0.0.3 is ad.{domain}.{tld}, the host that is running as container for AD

Ok, DNS at your clients has to be

10.0.0.1

Please change it and try nslookup again.

Try leaving the “DNS Servers” empty in “DHCP” -> “DHCP Server” -> “Advanced Options”

Then on one of your client give the commands (In a CMD Window with elevated privileges)

ipconfig /release
ipconfig /renew

So I pointed dns to 10.0.0.1 through Network -> Dns servers. Also left dns servers at DHCP -> Advanced empty. Released and renew through CMD. These are the results of the nslookup afterwards:

C:\Windows\System32>nslookup
DNS request timed out.
    timeout was 2 seconds.
Default Server: UnKnown
Address: 10.0.0.1

In “Network” -> “DNS Servers” put 8.8.8.8 and 8.8.4.4 it the 2 fields

Did that, release, renew, nslookup and still get the same timeout

You have a problem to reach your internal DNS. Is the gateway address pointed to your server?

this works?

According to ipconfig /all it does point to 10.0.0.1

It does yes, never had any problems with using the hostname of Nethserver itself.

The gateway is correct.

So I think it is resolved by DNS. Can you try to ping your nethserver by hostname (host) and by FQDN (host.domain.tld)

Both of the pings are able to reach the server and {host}.{domain}.{tld} resolves correctly to 10.0.0.1