Need help with DHCP/DNS on Nethserver 8

Support
, , ,
1

NethServer Version: 8

Just to explain what I try to achieve:

We ran Nethserver 7 as an internal AD/Samba/DHCP/DNS/Mailserver for nearly 8 years. Smoothly :rocket:
Now with its end of live we started the migration to Nethserver 8 last year: the migration tool always aborted, so we set up NS8 from scratch. I installed on Debian 12 and NS8 on top following the documentation. Applications Samba, DNSMasq, Mail and Roundcube have been installed.

Everything’s set up now (the network adapter is assigned a fixed IP4 address (192.168.9.110/255.255.255.0, Gateway 192.168.9.1), IP6 is (for now) disabled to track down the problems.

Samba config is

Domain: ad.my-company.de
NetBIOS Domain name: MY-COMPANY
Name of file server: dc1
File server IP address: 192.168.9.110
Schema: ad
Base DN: DC=ad,DC=my-company.de,DC=de
Bind DN: ldapservice@ad.my-company.de

DNSMasq config is

DHCP enabled
- Address range 192.168.9.130-192.168.9.254
- Gateway 192.168.9.1
DNS can't be enabled because of Samba DC

The final step was shutting down the NS7 server and turning on DHCP in the new server.

But: with the NS7 server the Windows PCs in the network received the following DHCP information (ipconfig /all).

   Verbindungsspezifisches DNS-Suffix: my-company.de
   Beschreibung. . . . . . . . . . . : Gigabit Ethernet Family Adapter
   Physische Adresse . . . . . . . . : ###
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::aadf:1937:6347:d98f%16(Bevorzugt)
   IPv4-Adresse  . . . . . . . . . . : 192.168.9.185(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Sonntag, 8. Februar 2026 15:56:26
   Lease läuft ab. . . . . . . . . . : Montag, 9. Februar 2026 15:56:26
   Standardgateway . . . . . . . . . : 192.168.9.1
   DHCP-Server . . . . . . . . . . . : 192.168.9.100
   DHCPv6-IAID . . . . . . . . . . . : 1075104537
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-2E-87-1B-C4-40-1C-83-BC-76-4F
   DNS-Server  . . . . . . . . . . . : 192.168.9.100
   NetBIOS ĂĽber TCP/IP . . . . . . . : Aktiviert

With NS8 they receive the following information:

   Verbindungsspezifisches DNS-Suffix:
   Beschreibung. . . . . . . . . . . : Gigabit Ethernet Family Adapter
   Physische Adresse . . . . . . . . : ###
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::aadf:1937:6347:d98f%16(Bevorzugt)
   IPv4-Adresse  . . . . . . . . . . : 192.168.9.185(Bevorzugt)
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Sonntag, 8. Februar 2026 16:06:51
   Lease läuft ab. . . . . . . . . . : Montag, 9. Februar 2026 04:06:51
   Standardgateway . . . . . . . . . : 192.168.9.1
   DHCP-Server . . . . . . . . . . . : 192.168.9.110
   DHCPv6-IAID . . . . . . . . . . . : 1075104537
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-2E-87-1B-C4-40-1C-83-BC-76-4F
   DNS-Server  . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS ĂĽber TCP/IP . . . . . . . : Aktiviert

DHCP works, but no DNS server is assigned (except this strange fec0:0:0:ffff::* settings), the “Verbindungsspezifisches DNS-Suffix” is empty and Windows PCs can’t connect to the new domain.
And I can’t configure DNS as part of the DHCP settings (as it was on NS7). In dnsmasq I get the message that “A DNS server is currently running” (the Samba DC).

Anything I forgot to do? How can this be changed to work as in NS7?

2

See the following post for explanation and how to set the dhcp option for nameservers:

To set the domain suffix, you may add

dhcp-option=15,my-company.de

to the dnsmasq config.

2 Likes
3

Thank you very much @mrmarkuz!
With setting DHCP Option 6 and 15 the clients now get the DNS-Suffix and DNS server IP and bringing them to the domain worked.

Now I have a follow-up question:
pinging the server (name is zeus2) doesn’t work

C:\Windows\System32>ping zeus2
Ping-Anforderung konnte Host "zeus2" nicht finden. ĂśberprĂĽfen Sie den Namen, und versuchen Sie es erneut.

and NSLookup returns an odd error (unknown type 41, unknown server name)

C:\Windows\System32>nslookup zeus2
(root)  ??? unknown type 41 ???
Server:  UnKnown
Address:  192.168.9.110

Name:    zeus2.my-company.de

Pinging Roundcube (configured as rc or rc.my-company.de) or Mail (configured as mail or mail.my-company.de) also doesn’t work.

But: pinging the dc1 or the fileserver with alias files works!

C:\Windows\System32>ping files

Ping wird ausgefĂĽhrt fĂĽr files [192.168.9.110] mit 32 Bytes Daten:
Antwort von 192.168.9.110: Bytes=32 Zeit=1ms TTL=64
Antwort von 192.168.9.110: Bytes=32 Zeit=1ms TTL=64
Antwort von 192.168.9.110: Bytes=32 Zeit=1ms TTL=64
Antwort von 192.168.9.110: Bytes=32 Zeit=1ms TTL=64

Do I need to add all names (for Server, Mail, Roundcube) again to the Samba config? Adding them in DNSMasq didn’t work.

1 Like
4

The dnsmasq DNS server can’t be enabled because of the Samba internal DNS server, so that doesn’t work.

Yes, you could add the names to the samba DNS.

But Samba uses the nameservers defined in the hosts /etc/resolv.conf as DNS forwarders so if the DNS records for Mail or Roundcube are setup in public DNS or on another internal DNS server, just set it in /etc/resolv.conf

Another way is to setup DNS on the router/firewall and just forward the AD domain to the Samba DC of the NS8.

1 Like
5

Thank you very much again, @mrmarkuz!

Using samba-tool to add the DNS entries worked, e.g.

samba-tool dns add 192.168.9.110 ad.my-company.de zeus2 A 192.168.9.110 -Uadministrator

Also verified the entries with Windows RSAT.

2 Likes