this is to forward all requests of finalistsoftware.com which is your AD to the samba container, you should have also
# Specify IP address of upstream servers directly. Setting this flag
# does not suppress reading of /etc/resolv.conf, use "no-resolv" to do
# that.
server=192.168.12.1
server=192.168.xxx.xxx
.
.
.
#
# 50sssd -- the Samba Domain controller is
# the authoritative DNS for our realm/domain
#
server=/ad.nethservertest.org/192.168.12.68
[root@gr110 ~]# cat /etc/dnsmasq.conf
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
#
# 10base
#
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
# as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
# domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
domain=finalistsoftware.com
#
# 20dns
#
# Never forward plain names (without a dot or domain part)
domain-needed
# Using private dns servers, forwarding requests
# Domain is automatically added to simple names in a hosts-file.
expand-hosts
cache-size=4000
#
# 25NameServers
#
# Don't read /etc/resolv.conf. Get upstream servers only from the
# command line or the dnsmasq configuration file.
no-resolv
# Specify IP address of upstream servers directly. Setting this flag
# does not suppress reading of /etc/resolv.conf, use "no-resolv" to do
# that.
server=172.16.1.5
# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers that are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
strict-order
# forward RBL queries to localhost unbound
server=/uribl.com/127.0.0.1#10053
server=/dnswl.org/127.0.0.1#10053
server=/spamhaus.org/127.0.0.1#10053
#
# 30dhcp
#
# Enable the DHCP server. Addresses will be given out from the range
# <start-addr> to <end-addr> and from statically defined addresses
# given in dhcp-host options.
# See db configuration getprop dnsmasq DhcpStatus
# Should be set when dnsmasq is definitely the only DHCP server on a
# network.
dhcp-authoritative
# Read dhcp reservations from dhcp-hostsfile.
# See dhcp-hosts option for more informations.
dhcp-hostsfile=/etc/dnsmasq-dhcp-hosts
#
# 40bind
#
except-interface=virbr0
#
# 40mx_record
#
mx-host=finalistsoftware.com,smtp.finalistsoftware.com
#
# 50sssd -- the Samba Domain controller is
# the authoritative DNS for our realm/domain
#
server=/finalistsoftware.com/172.16.1.6
#
# 80tftp
#
enable-tftp
tftp-root=/var/lib/tftpboot
dhcp-option=66,"172.16.1.12"
#
# Create Domain wildcard for remote hosts
#
#redirect dns queries to /var/log/messages (test purpose)
log-queries
This makes me wonder which DNS server I should enter in the network config. I went on the assumption that I needed to use the Nethserver as DNS server, as it has the DNS role. I am aware that AD needs an authorative DNS server, but clients work fine with this config.
Only my Nethservers are confused when I tell them to use 172.16.1.5 as DNS server.
I am not sure how functional the DNS role is on the Samba side… would need to test.
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
# as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
# domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
domain=finalistsoftware.com
and
#
# 50sssd -- the Samba Domain controller is
# the authoritative DNS for our realm/domain
#
server=/finalistsoftware.com/172.16.1.6
this is why the domain name must be a sub.domain for the samba container, dnsmasq seems to be confused
when domain=finalistsoftware.com match server=/finalistsoftware.com/172.16.1.6 I forward all my queries to my samba container ( 192.168.12.68 on my network)
Dec 4 11:11:40 ns7dev5 dnsmasq[6235]: query[A] pve.nethservertest.org from 127.0.0.1
Dec 4 11:11:40 ns7dev5 dnsmasq[6235]: forwarded pve.nethservertest.org to 192.168.12.68
that would put all my servers and computers in subdomain.domain.com … and any DNS entries made in Nethservser would be for domain.com … this seems like an issue with the implementation of the container tbh …
Given your remark, where would I make systems known to my windows clients ? In the container using the DNS snapin for mmc ?
I really don’t know, when I reproduce your setup, I can resolve the dns names but I am on the same host, I don’t know for a whole network like for you. The best is to test in real.
Now, as it stands I didnt do any configuration on the DNS side of AD yet. I didnt think I needed to. Gonna check if it is writeable but I need to close Kerbal Space Program for that, and reboot to Linux
I have little time for games as well … but I like to tinker a bit with virtual spacecraft and get Delta-V ratios and orbits right It’s all learning in a playfull way
My suspicion is correct … and I think I would like to call this a bug or implementation flaw.
When you use an AD account provider, you can not use the DNS role on the Nethserver host…
… and should edit the DNS records on a Windows workstation using the DNS snapin.
To me, this is pretty counter intuitive. In hindsight, it is logical that we should use the AD DNS server.
Maybe it would be wise to disable the DNS package when enabling the AD account provider, or at least displaying a warning?
Edit: this kinda ties into the other discussion about making AD accounts editable from the NethGui … maybe at that time integrate DNS a bit better as well, so that the DNS entries are at least entered on the Samba AD DNS as well (or removed) when edited on the NethGui