Tranquil IT Forum

dcardon wrote: ↑August 6, 2025 - 4:37 PM Hello again,

a few more questions: if using Samba, internal DNS or bind-dlz.
If bind-dlz, with the minimal-responses option or not?

Regards,

Denis

Good morning,

It's bind dlz (with dns forwarder = 127.0.0.1:5353 in smb.conf and the bind9 daemon is operational), but I did a test in the past few weeks using the internal DNS and it was the same, I will test again.

Yes, bind-dlz with the minimal-responses option.

Here is the content of my /etc/bind/named.conf.options file: THANKS

sfonteneau wrote: ↑August 7, 2025 - 10:45 AM Hello

, but I didn't understand.

In which cases does it not work (internal bind9 or forward)?

And in which cases does it work?

Good morning,

Sorry, I'll try to be clearer

When the machine uses the university's DNS (134.157.192.1 and 134.157.0.129), the OS deployment procedure with WinPE goes well (without domain integration, just a Win11 installation).

But since we've set up a Samba Active Directory, I'm trying to automate the domain integration, and for that, I need to point my client machine to the Samba DNS server. That's where I'm stuck, because the installation process stops, telling me it can't resolve the name wapt.polytech.sorbonne-universite.fr (the Wapt server), even though it pings the address correctly in the script (or when I test manually).
I made the change to the university's DNS so that the name wapt.polytech.sorbonne-universite.fr is indeed an A record.

As mentioned above, the Samba DNS is currently configured with bind dlz, but I will do another test with internal DNS.

THANKS

Hi Julien,

if you have `dns forwarder = 127.0.0.1:5353` in `smb.conf`, it means you're using "hybrid DNS" (as we call it in our configuration). In this case, it's the Samba DNS server that always responds (and not the BIND server, which is the front-end server) in this configuration.

This is the configuration we have at the office, and it works well with WADS. However, our `srvwapt` record is an A record directly in the Active Directory zone.

The ping.exe part in WinPE uses the Windows layer for resolution, while `getwads.exe` uses an internal recursive server. There must be a bug in the internal recursive server, but then again, the Windows resolution layer does some pretty "automatic" things from time to time (which is why we try to avoid it).

Could you set up a proper Bind-DLZ configuration on your Active Directory to see if that resolves the issue [1]? Bind-DLZ causes quite a few problems, both in terms of configuration and performance due to interlocking between the Samba process and the Bind9 process. However, this test would help determine if it's related to the behavior of Samba's internal DNS server (which isn't fully configured). Note: in the DLZ configuration, you don't need to configure the keytab for this test, as it's only necessary for the automatic registration of DNS A records for workstations.

Regards,

Denis

[1] https://samba.tranquil.it/doc/en/samba_ ... ebian.html

dcardon wrote: ↑August 7, 2025 - 3:38 PM Hello Julien,

Hello Denis,

Thank you for your reply, I just did a test by replacing the hybrid operation with a full bind9 operation and indeed it works well.

It seems that Samba's internal DNS is causing the problem and isn't behaving like a true 'bind9' with wgetwads64.exe

Would it be better for me to use a full bind9 setup instead of a hybrid DNS? Or is there another option?

Sincerely