How I can setup dns role from cmd?

beats me … I installed a Nethserver as AD domain controller … the 172.16.1.5 which created the nsdc on 172.16.1.6

I installed the others as member servers, telling them to use 172.16.1.5 as only DNS server they know of.

I suspect the AD domain membership may play part here.

Edit, yup:

#
# 50sssd -- the Samba Domain controller is
# the authoritative DNS for our realm/domain
#
server=/finalistsoftware.com/172.16.1.6

There are more issues in this conf file. My mx record should NOT point to my domainname … it should never.

#
# 40mx_record
#
mx-host=finalistsoftware.com,smtp.finalistsoftware.com

this is to forward all requests of finalistsoftware.com which is your AD to the samba container, you should have also

# Specify IP address of upstream servers directly. Setting this flag
# does not suppress reading of /etc/resolv.conf, use "no-resolv" to do
# that.
server=192.168.12.1
server=192.168.xxx.xxx
.
.
.

#
# 50sssd -- the Samba Domain controller is
# the authoritative DNS for our realm/domain
# 
server=/ad.nethservertest.org/192.168.12.68

Here is my complete resolv.conf

[root@gr110 ~]# cat /etc/dnsmasq.conf
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
#
# 10base
#

# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
#     as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
#    domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
domain=finalistsoftware.com


#
# 20dns
#

# Never forward plain names (without a dot or domain part)
domain-needed

# Using private dns servers, forwarding requests


# Domain is automatically added to simple names in a hosts-file.
expand-hosts

cache-size=4000
#
# 25NameServers
#

# Don't read /etc/resolv.conf. Get upstream servers only from the
# command line or the dnsmasq configuration file.
no-resolv

# Specify IP address of upstream servers directly. Setting this flag
# does not suppress reading of /etc/resolv.conf, use "no-resolv" to do
# that.
server=172.16.1.5


# By  default,  dnsmasq  will  send queries to any of the upstream
# servers it knows about and tries to favour servers that are known
# to  be  up.  Uncommenting this forces dnsmasq to try each query
# with  each  server  strictly  in  the  order  they   appear   in
# /etc/resolv.conf
strict-order


# forward RBL queries to localhost unbound
server=/uribl.com/127.0.0.1#10053
server=/dnswl.org/127.0.0.1#10053
server=/spamhaus.org/127.0.0.1#10053
#
# 30dhcp
#

# Enable the DHCP server. Addresses will be given out from the range
# <start-addr> to <end-addr> and from statically defined addresses
# given in dhcp-host options.
# See db configuration getprop dnsmasq DhcpStatus



# Should be set when dnsmasq is definitely the only DHCP server on a
# network.
dhcp-authoritative

# Read dhcp reservations from dhcp-hostsfile.
# See dhcp-hosts option for more informations.
dhcp-hostsfile=/etc/dnsmasq-dhcp-hosts



#
# 40bind
#
except-interface=virbr0

#
# 40mx_record
#
mx-host=finalistsoftware.com,smtp.finalistsoftware.com


#
# 50sssd -- the Samba Domain controller is
# the authoritative DNS for our realm/domain
#
server=/finalistsoftware.com/172.16.1.6


#
# 80tftp
#
enable-tftp
tftp-root=/var/lib/tftpboot
dhcp-option=66,"172.16.1.12"

#
# Create Domain wildcard for remote hosts
#

#redirect dns queries to /var/log/messages (test purpose)
log-queries

This makes me wonder which DNS server I should enter in the network config. I went on the assumption that I needed to use the Nethserver as DNS server, as it has the DNS role. I am aware that AD needs an authorative DNS server, but clients work fine with this config.

Only my Nethservers are confused when I tell them to use 172.16.1.5 as DNS server.

I am not sure how functional the DNS role is on the Samba side… would need to test.

Otherwise, this would imply that using an AD account provider cancels the DNS role for the Nethserver … ?

# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
#     as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
#    domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
domain=finalistsoftware.com

and

#
# 50sssd -- the Samba Domain controller is
# the authoritative DNS for our realm/domain
#
server=/finalistsoftware.com/172.16.1.6

this is why the domain name must be a sub.domain for the samba container, dnsmasq seems to be confused

yep I can reproduce your behaviour

when domain=finalistsoftware.com match server=/finalistsoftware.com/172.16.1.6 I forward all my queries to my samba container ( 192.168.12.68 on my network)

Dec  4 11:11:40 ns7dev5 dnsmasq[6235]: query[A] pve.nethservertest.org from 127.0.0.1
Dec  4 11:11:40 ns7dev5 dnsmasq[6235]: forwarded pve.nethservertest.org to 192.168.12.68

that would put all my servers and computers in subdomain.domain.com … and any DNS entries made in Nethservser would be for domain.com … this seems like an issue with the implementation of the container tbh …

Given your remark, where would I make systems known to my windows clients ? In the container using the DNS snapin for mmc ?

So, set all my servers to use the Samba container for DNS. Would be MS preferred, but what then happens to any DNS entries on Nethserver ?

I really don’t know, when I reproduce your setup, I can resolve the dns names but I am on the same host, I don’t know for a whole network like for you. The best is to test in real.

As expected, I completely loose any dns entries on the Nethserver DNS page that way.

On the client, using the container as DNS:

C:\Users\jeroenvisser>nslookup ftp.finalistsoftware.com
(root)  ??? unknown type 41 ???
Server:  UnKnown
Address:  172.16.1.6

*** UnKnown can't find ftp.finalistsoftware.com: Non-existent domain

Now, as it stands I didnt do any configuration on the DNS side of AD yet. I didnt think I needed to. Gonna check if it is writeable but I need to close Kerbal Space Program for that, and reboot to Linux :blush:

Edit: also, ftp.finalistsoftware.com should resolve just fine … for anyody really …

the last game I played, I had still some hair, it was IL2 sturmovik, and I spoke with .50 calibre :smiley:

1 Like

I have little time for games as well … but I like to tinker a bit with virtual spacecraft and get Delta-V ratios and orbits right :stuck_out_tongue: It’s all learning in a playfull way :slight_smile:

My suspicion is correct … and I think I would like to call this a bug or implementation flaw.

When you use an AD account provider, you can not use the DNS role on the Nethserver host…
… and should edit the DNS records on a Windows workstation using the DNS snapin.
To me, this is pretty counter intuitive. In hindsight, it is logical that we should use the AD DNS server.

Maybe it would be wise to disable the DNS package when enabling the AD account provider, or at least displaying a warning?

Edit: this kinda ties into the other discussion about making AD accounts editable from the NethGui … maybe at that time integrate DNS a bit better as well, so that the DNS entries are at least entered on the Samba AD DNS as well (or removed) when edited on the NethGui

I’d advice you to bring details of this discussion to https://github.com/NethServer/dev/issues and see what we can enhance or change

1 Like

Sorry for hi-jacking this thread … seems different issues, unless you use an AD account provider on that same Nethserver.