DNS forwarding

2017-05-17 Thread Elias Pereira 
Hello,

Our scenario today consists of one:

- DNS Server (Authoritative to our subdomains. Ex: www.mydomain.com*,
moodle.mydomain.com, etc)
- samba3 PDC server
- Openldap server (user base for samba)

All our IPs are public.

This scenario above works like a charm!! :D

Now, I'm implementing a new samba4 AD server.

In order for me to be able to put users in the AD domain, I need to
configure the samba4 AD IP as primary dns on the computers. In the bind
installed on samba4 AD I configured the "forwarder" variable with the IP of
our DNS server.

The problem is that from this computer, if I need to access an internal
subdomain, for example our webserver*, I can not access. Gives resolution
error. For any other site, for example, google.com, I can access.

I'm not finding the problem. Any idea?

-- 
Elias Pereira
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS forwarding

2017-05-17 Thread John Miller 
Hi Elias,

Perhaps you could post your BIND configs for the existing server and
for the new Samba4 server?  Forwarders may not be exactly what you
want here - they're generally meant for recursive, rather than
authoritative traffic.

IP addresses would be helpful as well: it's always annoying when
people try to obfuscate these.

John

On Wed, May 17, 2017 at 4:44 PM, Elias Pereira  wrote:
> Hello,
>
> Our scenario today consists of one:
>
> - DNS Server (Authoritative to our subdomains. Ex: www.mydomain.com*,
> moodle.mydomain.com, etc)
> - samba3 PDC server
> - Openldap server (user base for samba)
>
> All our IPs are public.
>
> This scenario above works like a charm!! :D
>
> Now, I'm implementing a new samba4 AD server.
>
> In order for me to be able to put users in the AD domain, I need to
> configure the samba4 AD IP as primary dns on the computers. In the bind
> installed on samba4 AD I configured the "forwarder" variable with the IP of
> our DNS server.
>
> The problem is that from this computer, if I need to access an internal
> subdomain, for example our webserver*, I can not access. Gives resolution
> error. For any other site, for example, google.com, I can access.
>
> I'm not finding the problem. Any idea?
>
> --
> Elias Pereira
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS forwarding

2017-05-17 Thread Alberto Colosi 
If u 've as forwarder the dns master for such zones (meaning that dns know how 
to resolve)


   >check acl inside conf

   >check authoritative (master dns) logs and if not 
implemented , put some log channels inside conf to check




From: bind-users  on behalf of Elias Pereira 

Sent: Wednesday, May 17, 2017 10:44 PM
To: bind-users@lists.isc.org
Subject: DNS forwarding

Hello,

Our scenario today consists of one:

- DNS Server (Authoritative to our subdomains. Ex: 
www.mydomain.com*, 
moodle.mydomain.com, etc)
MyDomain | Domain Names, Web Hosting, and Free Domain 
Services
www.mydomain.com
Small business web hosting offering additional business services such as: 
domain name registrations, email accounts, web services, online community 
resources and ...

- samba3 PDC server
- Openldap server (user base for samba)

All our IPs are public.

This scenario above works like a charm!! :D

Now, I'm implementing a new samba4 AD server.

In order for me to be able to put users in the AD domain, I need to configure 
the samba4 AD IP as primary dns on the computers. In the bind installed on 
samba4 AD I configured the "forwarder" variable with the IP of our DNS server.

The problem is that from this computer, if I need to access an internal 
subdomain, for example our webserver*, I can not access. Gives resolution 
error. For any other site, for example, google.com, I can 
access.
[http://upload.wikimedia.org/wikipedia/commons/thumb/3/30/Googlelogo.png/220px-Googlelogo.png]

Google
google.com
Search the world's information, including webpages, images, videos and more. 
Google has many special features to help you find exactly what you're looking 
for.


I'm not finding the problem. Any idea?

--
Elias Pereira
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: DNS forwarding

2017-05-17 Thread Darcy Kevin (FCA) 
As others have commented, more information about your config and your setup 
need to be provided, before a proper troubleshooting can occur. I would add, 
you should be more specific than just “resolution error”. Is it a timeout? An 
NXDOMAIN? A SERVFAIL? A so-called “NODATA” response or a referral (i.e. 
NOERROR, but 0 answers)? You might need to use a tool like “dig” to see for 
sure what the response is (nslookup often triggers domain-suffixing behavior, 
which obfuscates the actual error, so I would stay away from nslookup as a DNS 
troubleshooting tool). Another important piece of information about the 
response is the status of the flags, e.g. whether the RA (Recursion Available) 
and/or AA (Authoritative Answer) flags are set.

What I would say, generally, is that if you want your new setup to look as 
close as possible to your old setup, then your new server should be 
authoritative for the same zones as your old server is/was. Thus, I would lean 
in the direction of making the new server slave for those zones. That will give 
you a better “apples-to-apples” comparison, than trying to mix-and-match 
authoritative and forwarding behavior, which can greatly complicate things.




- Kevin


From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Elias 
Pereira
Sent: Wednesday, May 17, 2017 4:44 PM
To: bind-users@lists.isc.org
Subject: DNS forwarding

Hello,

Our scenario today consists of one:

- DNS Server (Authoritative to our subdomains. Ex: 
www.mydomain.com*, 
moodle.mydomain.com, etc)
- samba3 PDC server
- Openldap server (user base for samba)

All our IPs are public.

This scenario above works like a charm!! :D

Now, I'm implementing a new samba4 AD server.

In order for me to be able to put users in the AD domain, I need to configure 
the samba4 AD IP as primary dns on the computers. In the bind installed on 
samba4 AD I configured the "forwarder" variable with the IP of our DNS server.

The problem is that from this computer, if I need to access an internal 
subdomain, for example our webserver*, I can not access. Gives resolution 
error. For any other site, for example, google.com, I can 
access.

I'm not finding the problem. Any idea?

--
Elias Pereira
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users