I am not sure that all is ok but i have NO IDEA where and what i should change.
First of all, why im trying to confirm all this:
after using systemctl status named -l i got this:
Code: Select all
Mar 23 00:08:55 dc1.sub.domain.com named[1164]: all zones loaded
Mar 23 00:08:55 dc1.sub.domain.com named[1164]: running
Mar 23 00:08:55 dc1.sub.domain.com systemd[1]: Started Berkeley Internet Name Domain (DNS).
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: no longer listening on 192.168.1.100#53
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: no longer listening on 127.0.0.1#53
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: not listening on any interfaces
Mar 23 17:14:35 dc1.sub.domain.com named[1164]: not listening on any interfaces
Mar 23 17:14:36 dc1.sub.domain.com named[1164]: listening on IPv4 interface lo, 127.0.0.1#53
Mar 23 17:14:40 dc1.sub.domain.com named[1164]: listening on IPv4 interface enp0s3, 192.168.1.100#53
Mar 23 17:23:28 dc1.sub.domain.com named[1164]: [b]client 127.0.0.1#58024 (dc1): query (cache) 'dc1/A/IN' denied[/b]
Code: Select all
Mar 23 00:08:57 dc1.sub.domain.com winbindd[1334]: [2018/03/23 00:08:57.626359, 0] ../lib/util/become_daemon.c:124(daemon_ready)
Mar 23 00:08:57 dc1.sub.domain.com winbindd[1334]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Mar 23 16:43:49 dc1.sub.domain.com winbindd[1359]: [2018/03/23 16:43:49.619082, 0] ../source3/winbindd/winbindd_dual.c:107(child_write_response)
Mar 23 16:43:49 dc1.sub.domain.com winbindd[1359]: [b]Could not write result[/b]
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]: [2018/03/23 16:43:51.310978, 0] ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]: [b] ../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 110[/b]
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]: [2018/03/23 16:43:51.311524, 0] ../source4/dsdb/dns/dns_update.c:313(dnsupdate_spnupdate_done)
Mar 23 16:43:51 dc1.sub.domain.com samba[1330]: ../source4/dsdb/dns/dns_update.c:313: Failed SPN update - with error code 110
Mar 23 16:43:51 dc1.sub.domain.com smbd[1332]: [2018/03/23 16:43:51.733542, 0] ../lib/util/become_daemon.c:124(daemon_ready)
Mar 23 16:43:51 dc1.sub.domain.com smbd[1332]: STATUS=daemon 'smbd' finished starting up and ready to serve connections
And after using nslookup:
Code: Select all
[root@dc1 ~]# nslookup
> dc1
Server: 192.168.1.100
Address: 192.168.1.100#53
** server can't find dc1: NXDOMAIN
> dc1.sub.domain.com
Server: 192.168.1.100
Address: 192.168.1.100#53
Name: dc1.sub.domain.com
Address: 192.168.122.1
Name: dc1.sub.domain.com
Address: 192.168.1.100
> vsfiles
Server: 192.168.1.100
Address: 192.168.1.100#53
** server can't find vsfiles: NXDOMAIN
> vsfiles.sub.domain.com
Server: 192.168.1.100
Address: 192.168.1.100#53
** server can't find vsfiles.sub.domain.com: NXDOMAIN
After using dig:
Code: Select all
[root@dc1 ~]# dig dc1
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> dc1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23884
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dc1. IN A
;; AUTHORITY SECTION:
. 8491 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018032201 1800 900 604800 86400
;; Query time: 3 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:53:30 CET 2018
;; MSG SIZE rcvd: 107
[root@dc1 ~]# dig dc1.sub.domain.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> dc1.sub.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52581
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dc1.sub.domain.com. IN A
;; ANSWER SECTION:
dc1.sub.domain.com. 900 IN A 192.168.1.100
dc1.sub.domain.com. 900 IN A 192.168.122.1
;; AUTHORITY SECTION:
sub.domain.com. 900 IN NS dc1.sub.domain.com.
;; Query time: 2 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:53:39 CET 2018
;; MSG SIZE rcvd: 92
[root@dc1 ~]# dig dc1.sub.domain.com.
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> dc1.sub.domain.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19681
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;dc1.sub.domain.com. IN A
;; ANSWER SECTION:
dc1.sub.domain.com. 900 IN A 192.168.122.1
dc1.sub.domain.com. 900 IN A 192.168.1.100
;; AUTHORITY SECTION:
sub.domain.com. 900 IN NS dc1.sub.domain.com.
;; Query time: 2 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:53:44 CET 2018
;; MSG SIZE rcvd: 92
[root@dc1 ~]# dig vsfiles.sub.domain.com.
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> vsfiles.sub.domain.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41015
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vsfiles.sub.domain.com. IN A
;; AUTHORITY SECTION:
sub.domain.com. 3600 IN SOA dc1.sub.domain.com. hostmaster.sub.domain.com. 21 900 600 86400 3600
;; Query time: 6 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:54:06 CET 2018
;; MSG SIZE rcvd: 101
[root@dc1 ~]# dig vsfiles.sub.domain.com
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> vsfiles.sub.domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6486
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vsfiles.sub.domain.com. IN A
;; AUTHORITY SECTION:
sub.domain.com. 3600 IN SOA dc1.sub.domain.com. hostmaster.sub.domain.com. 21 900 600 86400 3600
;; Query time: 7 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:54:19 CET 2018
;; MSG SIZE rcvd: 101
[root@dc1 ~]# dig vsfiles
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> vsfiles
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25419
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;vsfiles. IN A
;; AUTHORITY SECTION:
. 8425 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018032300 1800 900 604800 86400
;; Query time: 3 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Fri Mar 23 17:54:28 CET 2018
;; MSG SIZE rcvd: 111
Why i dont have answer for vsfiles record? Are other queries ok? Shouldn't it be ANSWER:1 not 0 for some questions?
I got vsfiles added to domain, i can see it as computer account in rsat from windows, i do not have any idea why i dont get information about this machine.
My named.conf:
Code: Select all
#Global BIND configuration optionsGlbal BIND configuration options
include "/usr/local/samba/private/named.conf";
options {
auth-nxdomain yes;
directory "/var/named";
notify no;
empty-zones-enable no;
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
listen-on port 53 {
127.0.0.1;
192.168.1.100;};
allow-query {
127.0.0.1;
localhost;
192.168.1.0/24;
# add other networks you want to allow to query your DNS
};
allow-recursion {
192.168.1.0/24;
# add other networks you want to allow to do recursive queries
};
forwarders {
# Google public DNS server here - replace with your own if necessary
8.8.8.8;
8.8.4.4;
};
allow-transfer {
# this config is for a single master DNS server
localhost;
};
};
# Root servers (required zone for recursive queries)
zone "." {
type hint;
file "named.root";
};
# Required localhost forward-/reverse zones
zone "domain.com" {
type master;
file "master/sub.domain.com.zone";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "master/192.168.1.zone";
};
Code: Select all
$TTL 1D
@ IN SOA sub.domain.com. root.sub.domain.com. (
2018032301 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dc1.sub.domain.com.
;IN NS srv12.linuxphobia.com.
IN MX 5 smpt.sub.domain.com.
dc1.sub.domain.com. IN A 192.168.1.100
dc2.sub.domain.com. IN A 192.168.1.200
mail.sub.domain.com. IN CNAME smtp.sub.domain.com.
;webserver.linuxphobia.com. IN A 192.168.1.111
;sai-scan.linuxphobia.com. IN A 192.168.1.71
; IN A 192.168.1.72
; IN A 192.168.1.73
; IN TXT "Round-robin IP for Scan"
sub.domain.com. IN A 192.168.1.100
smtp.sub.domain.com. IN A 192.168.1.111
;www IN CNAME webserver.linuxphobia.com
vsfiles.sub.domain.com. IN A 192.168.1.101
Code: Select all
$TTL 1D
@ IN SOA sub.domain.com. root.sub.domain.com. (
2018032301 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
NS dc1.sub.domain.com.
;IN NS srv12.linuxphobia.com.
; IN MX 5 smpt.sub.domain.com.
;dc1.sub.domain.com. IN A 192.168.1.100
;dc2.sub.domain.com. IN A 192.168.1.200
;mail.sub.domain.com. IN CNAME smtp.sub.domain.com.
;webserver.linuxphobia.com. IN A 192.168.1.111
;sai-scan.linuxphobia.com. IN A 192.168.1.71
; IN A 192.168.1.72
; IN A 192.168.1.73
; IN TXT "Round-robin IP for Scan"
;sub.domain.com. IN A 192.168.1.100
;www IN CNAME webserver.linuxphobia.com.
100 IN PTR dc1.sub.domain.com.
200 IN PTR dc2.sub.domain.com.
100 IN PTR sub.domain.com.
101 IN PTR vsfiles.sub.domain.com.
~