[ale] Linux Bind9 and Windows .local dns?
Robert L. Harris
robert.l.harris at gmail.com
Wed Mar 4 14:15:04 EST 2015
So, after a week of searching, I found it. It seems that Corporate
changed some firewalls and blocked my subnet's ability to access 1/2 of the
DNS servers. My laptop ( linux ) looks like it was cached to a working DNS
server and was happy. The windows machines I was testing on were hitting
the blocked servers. Of course they swear it never changed though I have
logs from my initial setup showing they worked 2 weeks ago. /facepalm....
Thanks for the help guys.
Robert
On Wed, Mar 4, 2015 at 6:47 AM Lightner, Jeff <JLightner at dsservices.com>
wrote:
> +1
>
> Given the plethora of new TLDs already created there's already an issue
> with some internal IPs being exposed to internet and vice-versa causing
> issues for folks using domains they haven't registered even for "domain" as
> used by your Windows Domain Controllers. Many used internal .net for that
> and once someone has registered that domain outside it is apt to cause
> oddities in your Windows DNS lookups. In fact there is a report ICANN did
> regarding opening new TLDs where they specifically recommend against
> allowing ".home" and ".corp" as so many were known to be using those.
>
>
> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
> Michael Trausch
> Sent: Tuesday, March 03, 2015 9:39 PM
> To: Atlanta Linux Enthusiasts
> Subject: Re: [ale] Linux Bind9 and Windows .local dns?
>
> If you can't control it, change it. Get a map of needed addresses and load
> a DNS server up serving a .foo TLD that doesn't conflict with any of the
> several hundred TLDs available or available to be. Wait, no. Don't. Why?
> This is why. Conflict.
>
> Best practice: use a registered domain and create an .int.foo.tld DNS
> tree. That's the only sane and future proof solution.
>
> Sent from my iPad
>
> > On Mar 3, 2015, at 9:52 AM, Derek Atkins <warlord at mit.edu> wrote:
> >
> > Try to set up a wireshark session to see who the windows box is
> > actually asking. Is it using mDNS or is it asking the configured DNS
> Server?
> > Once you see what's going over the network you might better see where
> > the issue is and try to fix it.
> >
> > -derek
> >
> > "Robert L. Harris" <robert.l.harris at gmail.com> writes:
> >
> >> Corp is using .local for some internal services such as a key file
> >> server. I have no control over it.
> >>
> >> The first key issue I'm seeing is a windows box on my 172.27 subnet
> >> can ping the file server but trying to do a dns lookup on the
> >> hostname is failing to resolve. As a result all the procedures that
> >> tell my manufacturing users to open "\\share.local\Manufacturing"
> >> fail and updating them to do \\ 10.bbb.ccc.ddd\Manufacturing" would
> cause a lot more pain than it's worth.
> >>
> >> My Linux bind server has the windows domain servers as the upstream
> >> dns in my resolv.conf but I've never had to deal with this type of
> >> forwarding before so I'm not sure where the breakage is.
> >>
> >> Unfortunately we have critical documents on the shared server and I
> >> need to get it working this way.
> >>
> >> Robert
> >>
> >> On Mon, Mar 2, 2015 at 11:59 AM LnxGnome <lnxgnome at hopnet.net> wrote:
> >>
> >> .local is a concept of multicast DNS. If the host.local speaks
> mDNS, it
> >> should be responding to those replies for itself. This works find
> for a
> >> small shared LAN.
> >>
> >> If you have a distributed / firewalled network that isn't passing
> mDNS
> >> between segments, that is probably causing your problem. In this
> >> situation, don't use ".local".
> >>
> >> --LnxGnome
> >>
> >> On 3/2/15 12:35 PM, Robert L. Harris wrote:
> >>
> >> I've set up a bind9 server ( Ubuntu ) for a subnet ( 172.27/16
> ) at
> >> work to support some lab space. I've found a problem where it
> seems
> >> some Windows boxes are not correctly resolving the corp.local
> domain
> >> even though I'm referencing the corp dns servers and
> internal.corp.com
> >> works just fine, just not the .local. I can access with \\
> >> aaa.bbb.ccc.dd\share correctly and ping aaa.bbb.ccc.ddd without
> issue.
> >>
> >> Anyone seen this or have a link? Googling "linux bind9 windows
> domain"
> >> provides a lot of red herrings.
> >>
> >> Robert
> >>
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> >>
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> >>
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> >
> > --
> > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > Member, MIT Student Information Processing Board (SIPB)
> > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> > warlord at MIT.EDU PGP key available
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150304/dfe7c5fd/attachment.html>
More information about the Ale
mailing list