Samba internal dns

Support
1

Hello,

I have installed the ns8 as Ad Samba. Unfortunately, the name resolution of the internal dns does not work and therefore cannot access nexcloud and webtop. What is the error here?

ip address: 192.168.0.4
Gateway: 192.168.0.1
dns: 192.168.0.4

/etc/resolv.conf
192.1680.4

Thank you for your help

grafik
grafik934Ă—510 13.5 KB

2

Do not set Samba as the DNS resolver for your NS8 node!

On an NS8 node, the /etc/resolv.conf nameserver must point to a public DNS resolver, such as your internet provider’s DNS, or a public resolver like Google or Cloudflare.

For example,

  1. in the “DNS servers” input line, enter 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare).

  2. Save the connection and restart NetworkManager:

    systemctl restart NetworkManager

  3. Make sure /etc/resolv.conf contains the correct nameservers.

  4. Finally, restart Samba:

    runagent -m samba1 systemctl restart --user samba-dc

What happens next? Samba DNS is authoritative for the AD zone and always uses the entries in /etc/resolv.conf as forwarders for other zones.

In you LAN clients, configure the NS8 node’s IP address (192.168.0.4) as the DNS server.

Some say this setup works only in small environments because Samba’s DNS service is not an enterprise-grade DNS server. As an alternative, you can set up another LAN DNS resolver that conditionally forwards queries for the AD zone to NS8. I use this setup at the office: for this purpose NethSecurity can be configured to conditionally forward specific DNS zones.

3 Likes
3

Hello Davide,
Thank you very much for your quick reply. I have set up the clients manually with the dns (192.168.0.4). The nslookup query works.
Unfortunately I still can’t access via sogo.domain -remote.domain (error message the page is not reachable)

Best regards

4

Samba AD DNS by default handles only the AD zone, let’s say it’s ad.myns8.org. I’m assuming you want SOGo name under a different zone, like sogo.myns8.org.

It is possible to configure Samba to override also other public DNS zones: it’s a split-DNS configuration. I think you call them .domain and .remote.domain, right?

  1. Get a Samba DC shell prompt:

    runagent -m samba1 podman exec -ti samba-dc bash -l

  2. Override the public zone. Samba becomes authoritative also for myns8.org zone.

    samba-tool dns zonecreate 127.0.0.1 myns8.org -P

  3. Create the sogo A record:

    samba-tool dns add 127.0.0.1 myns8.org sogo A 192.168.0.4 -P

  4. Check the name resolution works

    getent hosts sogo.myns8.org

Output should be like

192.168.0.4     sogo.myns8.org

If you have other server names under your public myns8.org zone you’ve to insert them too, in the same way.

1 Like
5

Hello Davide,

thank you very much, it worked.

Grazie mille!!!