[ale] Linux Bind9 and Windows .local dns?

Lightner, Jeff JLightner at dsservices.com
Wed Mar 4 08:43:32 EST 2015


+1

Given the plethora of new TLDs already created there's already an issue with some internal IPs being exposed to internet and vice-versa causing issues for folks using domains they haven't registered even for "domain" as used by your Windows Domain Controllers.   Many used internal .net for that and once someone has registered that domain outside it is apt to cause oddities in your Windows DNS lookups.   In fact there is a report ICANN did regarding opening new TLDs where they specifically recommend against allowing ".home" and ".corp" as so many were known to be using those.


-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of Michael Trausch
Sent: Tuesday, March 03, 2015 9:39 PM
To: Atlanta Linux Enthusiasts
Subject: Re: [ale] Linux Bind9 and Windows .local dns?

If you can't control it, change it. Get a map of needed addresses and load a DNS server up serving a .foo TLD that doesn't conflict with any of the several hundred TLDs available or available to be. Wait, no. Don't. Why? This is why. Conflict.

Best practice: use a registered domain and create an .int.foo.tld DNS tree. That's the only sane and future proof solution.

Sent from my iPad

> On Mar 3, 2015, at 9:52 AM, Derek Atkins <warlord at mit.edu> wrote:
> 
> Try to set up a wireshark session to see who the windows box is 
> actually asking.  Is it using mDNS or is it asking the configured DNS Server?
> Once you see what's going over the network you might better see where 
> the issue is and try to fix it.
> 
> -derek
> 
> "Robert L. Harris" <robert.l.harris at gmail.com> writes:
> 
>> Corp is using .local for some internal services such as a key file 
>> server.  I have no control over it.
>> 
>>   The first key issue I'm seeing is a windows box on my 172.27 subnet 
>> can ping the file server but trying to do a dns lookup on the 
>> hostname is failing to resolve.  As a result all the procedures that 
>> tell my manufacturing users to open "\\share.local\Manufacturing" 
>> fail and updating them to do \\ 10.bbb.ccc.ddd\Manufacturing" would cause a lot more pain than it's worth.
>> 
>>   My Linux bind server has the windows domain servers as the upstream 
>> dns in my resolv.conf but I've never had to deal with this type of 
>> forwarding before so I'm not sure where the breakage is.
>> 
>>   Unfortunately we have critical documents on the shared server and I 
>> need to get it working this way.
>> 
>> Robert
>> 
>> On Mon, Mar 2, 2015 at 11:59 AM LnxGnome <lnxgnome at hopnet.net> wrote:
>> 
>>    .local is a concept of multicast DNS.  If the host.local speaks mDNS, it
>>    should be responding to those replies for itself.  This works find for a
>>    small shared LAN.
>> 
>>    If you have a distributed / firewalled network that isn't passing mDNS
>>    between segments, that is probably causing your problem.  In this
>>    situation, don't use ".local".
>> 
>>    --LnxGnome
>> 
>>    On 3/2/15 12:35 PM, Robert L. Harris wrote:
>> 
>>          I've set up a bind9 server ( Ubuntu ) for a subnet ( 172.27/16 ) at
>>        work to support some lab space.  I've found a problem where it seems
>>        some Windows boxes are not correctly resolving the corp.local domain
>>        even though I'm referencing the corp dns servers and internal.corp.com
>>        works just fine, just not the .local.  I can access with \\
>>        aaa.bbb.ccc.dd\share correctly and ping aaa.bbb.ccc.ddd without issue.
>> 
>>        Anyone seen this or have a link?  Googling "linux bind9 windows domain"
>>        provides a lot of red herrings.
>> 
>>        Robert
>> 
>>        _______________________________________________
>>        Ale mailing list
>>        Ale at ale.org
>>        http://mail.ale.org/mailman/listinfo/ale
>>        See JOBS, ANNOUNCE and SCHOOLS lists at
>>        http://mail.ale.org/mailman/listinfo
>> 
>>    _______________________________________________
>>    Ale mailing list
>>    Ale at ale.org
>>    http://mail.ale.org/mailman/listinfo/ale
>>    See JOBS, ANNOUNCE and SCHOOLS lists at
>>    http://mail.ale.org/mailman/listinfo
>> 
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at 
>> http://mail.ale.org/mailman/listinfo
> 
> -- 
>       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>       Member, MIT Student Information Processing Board  (SIPB)
>       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>       warlord at MIT.EDU                        PGP key available
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at 
> http://mail.ale.org/mailman/listinfo

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list