Bug 14959 - WARNING: your /etc/hosts file may be broken! for a valid /etc/hosts
Summary: WARNING: your /etc/hosts file may be broken! for a valid /etc/hosts
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: 4.14.10
Hardware: x86 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-25 02:41 UTC by Michael Jones
Modified: 2022-01-26 21:53 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Jones 2022-01-25 02:41:55 UTC
My /etc/hosts file does not have any entry for the machine's hostname. 

multimedia /var/log/samba # cat /etc/hosts
# IPv4 and IPv6 localhost aliases
127.0.0.1       localhost
::1             localhost


/etc/nsswitch.conf is set according to the recommended settings from systemd ( https://www.freedesktop.org/software/systemd/man/nss-myhostname.html )

multimedia /var/log/samba # cat /etc/nsswitch.conf
hosts:      mymachines resolve [!UNAVAIL=return] files myhostname dns
group:      winbind [SUCCESS=merge] files [SUCCESS=merge] systemd
passwd:     winbind files systemd
...(irrelevant items omitted for brevity)

/etc/hostnmae is set correctly

multimedia /var/log/samba # cat /etc/hostname
multimedia

/etc/resolv.conf points to the systemd-resolved service.

multimedia /var/log/samba # ls -lah /etc/resolv.conf
lrwxrwxrwx 1 root root 32 May 19  2021 /etc/resolv.conf -> /run/systemd/resolve/resolv.conf

systemd-resolved is configured to first use my AD-DC (at 10.0.0.3) and my router if that fails (10.0.0.1), falling back to public DNS servers (e.g. google)

multimedia /var/log/samba # resolvectl
Global
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=allow-downgrade/unsupported
    resolv.conf mode: uplink
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com
                      2001:4860:4860::8844#dns.google

Link 2 (mv-general)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6 mDNS/IPv4 mDNS/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.0.3
       DNS Servers: 10.0.0.3 10.0.0.1 8.8.8.8 1.1.1.1 2601:248:557f:e47c::1
        DNS Domain: network-1.net






But Samba is warning me that my /etc/hosts is wrong multiple times per second.

[2022/01/24 20:07:09.713135,  1] ../../source3/lib/util.c:1695(name_to_fqdn)
  WARNING: your /etc/hosts file may be broken!
      Full qualified domain names (FQDNs) should not be specified
      as an alias in /etc/hosts. FQDN should be the first name
      prior to any aliases.



At the very minimum, this warning should be telling me *specifically* what part of my /etc/hosts file is wrong, if there is something wrong, either superfluous information should be printed, or missing information, or the line which has the wrong setting.

But I don't think anything is wrong with my /etc/hosts, and believe this is a problem with samba expecting unnecessarily strict settings.




Local package build info follows:

multimedia /var/log/samba # emerge --info gentoo
Portage 3.0.28 (python 3.9.9-final-0, default/linux/amd64/17.1, gcc-11.2.0, glibc-2.33-r7, 5.15.11-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-5.15.11-gentoo-x86_64-AMD_E-350D_APU_with_Radeon-tm-_HD_Graphics-with-glibc2.33
KiB Mem:    16099556 total,   1301104 free
KiB Swap:          0 total,         0 free
Timestamp of repository gentoo: Mon, 17 Jan 2022 15:36:53 +0000
Head commit of repository gentoo: 8dc12bdf9fa4f2c2994d92af3b7377542c1b9690

Head commit of repository lto-overlay: 435a9d968854fef21015796a5f464243dc4caa03

Head commit of repository mv: e4e425a840bbc5a5ac4b470136ed01d45ef49eca

Head commit of repository wsdd: 1156bfeeee76150f811af9d8049d0edfb4277851

sh bash 5.1_p8
ld GNU ld (Gentoo 2.37_p1 p0) 2.37
distcc 3.4 x86_64-pc-linux-gnu [disabled]
ccache version 4.5.1 [disabled]
app-misc/pax-utils:        1.3.3::gentoo
app-shells/bash:           5.1_p8::gentoo
dev-lang/perl:             5.34.0-r6::gentoo
dev-lang/python:           3.9.9-r1::gentoo, 3.10.0_p1-r1::gentoo
dev-util/ccache:           4.5.1::gentoo
dev-util/cmake:            3.21.4::gentoo
dev-util/meson:            0.59.4::gentoo
sys-apps/baselayout:       2.7-r3::gentoo
sys-apps/sandbox:          2.25::gentoo
sys-apps/systemd:          249.9::gentoo
sys-devel/autoconf:        2.71-r1::gentoo
sys-devel/automake:        1.16.4::gentoo
sys-devel/binutils:        2.37_p1::gentoo
sys-devel/binutils-config: 5.4::gentoo
sys-devel/gcc:             11.2.0::gentoo
sys-devel/gcc-config:      2.5-r1::gentoo
sys-devel/libtool:         2.4.6-r6::gentoo
sys-devel/make:            4.3::gentoo
sys-kernel/linux-headers:  5.15-r3::gentoo (virtual/os-headers)
sys-libs/glibc:            2.33-r7::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: git
    sync-uri: git://anongit.gentoo.org/repo/sync/gentoo.git
    priority: -1000

lto-overlay
    location: /var/db/repos/lto-overlay
    sync-type: git
    sync-uri: https://github.com/InBetweenNames/gentooLTO.git
    masters: gentoo mv

mv
    location: /var/db/repos/mv
    sync-type: git
    sync-uri: https://anongit.gentoo.org/git/user/mv.git
    masters: gentoo

wsdd
    location: /var/db/repos/wsdd-gentoo
    sync-type: git
    sync-uri: https://github.com/christgau/wsdd-gentoo
    masters: gentoo

Installed sets: @pc-base-system, @portage
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O3 -fgraphite-identity -floop-nest-optimize -fdevirtualize-at-ltrans -fipa-pta -fno-semantic-interposition -flto=1 -fuse-linker-plugin -march=x86-64 -mtune=generic -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -O3 -fgraphite-identity -floop-nest-optimize -fdevirtualize-at-ltrans -fipa-pta -fno-semantic-interposition -flto=1 -fuse-linker-plugin -march=x86-64 -mtune=generic -pipe"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS=" --jobs --keep-going --newuse --changed-deps --deep --tree --backtrack=3000 --complete-graph --with-bdeps=y --binpkg-respect-use=y --binpkg-changed-deps=y --changed-slot=y --usepkg=y --usepkg"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg clean-logs compress-build-logs compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles installsources ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms split-elog split-log splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en en_US"
MAKEOPTS="-j1"
PKGDIR="/var/cache/binpkgs"
PORTAGE_COMPRESS="xz"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/sh"
USE="acl amd64 bzip2 crypt hardened iconv ipv6 libglvnd libtirpc multilib ncurses nls nptl openmp pam pcre pie readline seccomp split-usr ssl ssp systemd udev unicode xattr xtpax zlib" ABI_X86="64" ADA_TARGET="gnat_2020" APACHE2_MODULES="authn_core authz_core authz_host dir mime unixd socache_shmcb info log_config" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx sse sse2 mmxext" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="coreboot efi-64 emu qemu pc" INPUT_DEVICES="libinput" KERNEL="linux" L10N="en en-US" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3 php7-4" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_9" PYTHON_TARGETS="python3_9" QEMU_SOFTMMU_TARGETS="arm aarch64 x86_64" QEMU_USER_TARGETS="arm aarch64 x86_64" RUBY_TARGETS="ruby26 ruby27" USERLAND="GNU" VIDEO_CARDS="r600 radeon radeonsi amdgpu vesa modesetting fbdev qxl" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LEX, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS
Comment 1 Michael Jones 2022-01-25 02:50:40 UTC
Just in case it was the /etc/resolv.conf doing direct queries instead of using the stub-resolver, i switched /etc/resolve.conf to instead point to /run/systemd/resolve/resolv.conf, and that did not alter the behavior.


multimedia /var/log/samba # cat /etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search .
Comment 2 Michael Jones 2022-01-25 04:05:25 UTC
I also edited /etc/hosts to have the FQDN for the machine, and it similarly made no difference.


multimedia /var/log/samba # cat /etc/hosts

# IPv4 and IPv6 localhost aliases
127.0.0.1       multimedia.network-1.net multimedia localhost
::1             multimedia.network-1.net multimedia localhost
Comment 3 Louis 2022-01-25 12:14:02 UTC
(In reply to Michael Jones from comment #2)

first setup you /etc/hosts like this. 

# The following lines are desirable for IPv4 capable hosts
127.0.0.1       localhost
IP_OF_YOUR_SERVER  multimedia.network-1.net multimedia

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


You are using the systemd-stub resolver. 127.0.0.53 
search must have : network-1.net 


now, if you use systemd its network settings, you can use something like this. 

# /etc/systemd/network/30-lan.network
[Match]
Name=eth0

[Network]
DHCP=no
DNSSEC=allow-downgrade
IPv6PrivacyExtensions=no
IPv6AcceptRouterAdvertisements=no
LinkLocalAddressing=no

DNS=192.168.xxx.xx3
DNS=192.168.xxx.xx2
DNS=192.168.xxx.xx1
Domains=network-1.net 

# Time
NTP=192.168.xxx.xx3
NTP=192.168.xxx.xx2
NTP=192.168.xxx.xx1

[Address]
Address=IPv4_OF_YOUR_SERVER

[Route]
Destination=0.0.0.0/0
Gateway=IPv4_OF_Your_Gateway


but you have a config problem in your resolving, thats clear.
Comment 4 Rowland Penny 2022-01-25 19:31:43 UTC
(In reply to Michael Jones from comment #2)
That is so wrong.

Is the computer getting its ipaddress via dhcp or does it have a fixed IP ?

Not sure if this is a Samba bug, you really shouldn't have opened a bug report before discussing it on the samba mailing list.
Comment 5 Michael Jones 2022-01-26 01:11:58 UTC
> Is the computer getting its ipaddress via dhcp or does it have a fixed IP ?

DHCP.

> first setup you /etc/hosts like this. 

Ok. I changed it to

10.0.0.154	multimedia.network-1.net multimedia
127.0.0.1	localhost
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

and reproduced the problem, using a windows10 client.

[2022/01/25 19:05:22.269687,  1] ../../source3/lib/util.c:1695(name_to_fqdn)
  WARNING: your /etc/hosts file may be broken!
      Full qualified domain names (FQDNs) should not be specified
      as an alias in /etc/hosts. FQDN should be the first name
      prior to any aliases.


> You are using the systemd-stub resolver. 127.0.0.53 

I tried both the stub resolver, as well as an /etc/resolv.conf pointing to my samba domain controller at 10.0.0.3

Currently it's set to the stub resolver.

multimedia /var/log/samba # ls -lah /etc/resolv.conf
lrwxrwxrwx 1 root root 37 Jan 24 20:43 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf

This is the systemd-networkd file associated with this machine. It's a linux-container, so Virtualization=true.

The container gets it's IP via DHCP.

multimedia /var/log/samba # cat /etc/systemd/network/mv-general.network
[Match]
Name=mv-general
Virtualization=true

[Network]
DHCP=yes
DNSSEC=false
MulticastDNS=false
Domains=network-1.net

> search must have : network-1.net 

Yep, it does.

multimedia /var/log/samba # resolvectl
Global
           Protocols: +LLMNR -mDNS -DNSOverTLS DNSSEC=allow-downgrade/unsupported
    resolv.conf mode: stub
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com
                      2001:4860:4860::8844#dns.google

Link 2 (mv-general)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
         Protocols: +DefaultRoute +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.0.1
       DNS Servers: 10.0.0.3 10.0.0.1 8.8.8.8 1.1.1.1 2601:248:557f:e47c::1
        DNS Domain: network-1.net
Comment 6 Michael Jones 2022-01-26 01:21:34 UTC
There's two problems here.

The first is that the warning samba gives is not actionable by the end user. I had to find the error message on google (Not as easy as it could have been...) before i could figure out what it was upset about.

The second is that for some reason, samba cares about this in a way that the recommended settings from Gentoo / systemd-resolved don't provide properly.

Gentoo recommends putting the machine's name on the same line as localhost.

https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/System#The_hosts_file

`man hosts` (https://man7.org/linux/man-pages/man5/hosts.5.html), recommends

# The following lines are desirable for IPv4 capable hosts
127.0.0.1       localhost

# 127.0.1.1 is often used for the FQDN of the machine
127.0.1.1       thishost.mydomain.org  thishost

# The following lines are desirable for IPv6 capable hosts
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters


Samba wiki has multiple different recommendations:
https://wiki.samba.org/index.php/1.3_/etc/hosts
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Preparing_the_Installation

at least a few others that i remember seeing in the past.

My AD-DC, is, of course a static IP address, but that's not the problem I'm running into.

But this machine isn't an AD DC, so there should be no need to put anything about it into /etc/hosts, as it receives it's ipaddress via DHCP, and if Samba is going to warn me about the configuration setting, it shouldn't warn about /etc/hosts, it should warn about "Reverse lookup of your machine returned a different result than expected" or something along those lines. At the very least, the warning should say what it expected and what it actually received, so that an admin can understand what it's upset about and do something about it.
Comment 7 Louis 2022-01-26 10:30:47 UTC
(In reply to Michael Jones from comment #6)

This works all fine with systemd, i know, im running it.
with of without DHCP, but its all a matter of configuring it correctly. 

This part, (*line in /etc/hosts) this is added because you used DHCP at install, 
set Static IP, change 127.0.1.1 to the real ip and thats fixed. 

if you dont want to set a Static ip, at least set a fixed-dhcp adres. 
in my personal opinion, its maddness to set a server with random DHCP adresses, 
and again its possible, but then you also should make sure that DHCP is adding the entry to the DNS server. 

So, this line is added ONLY if you install a "SERVER" with dhcp.. 
(* line in hosts)
# 127.0.1.1 is often used for the FQDN of the machine
127.0.1.1       thishost.mydomain.org  thishost 

Next is the DHCP settings, it seems that you or a default setting did set DNS ipnumbers to internet,
i suggest.. You remove these DNS ipnumbers that are NOT the AD-DC's. 
The AD-DC should have the forwarder DNS settings. 
*( not saying that it doesnt work with the 127.0.1.1 line in hosts, but lets make it work first).. 

Samba wiki has multiple different recommendations:
this one..  : https://wiki.samba.org/index.php/1.3_/etc/hosts  
has wrong entries, i'll fix that. 

And you said in your first post. 
>> My /etc/hosts file does not have any entry for the machine's hostname.  
which is correct and also works fine, if the resolving works as it should. 

Did you add/checked of the at least the A record is set in the DNS? 
is it added, did it change for example? 
because, when you add the server to a AD-DC domain, the A record is registered, so 
you much check what is registered, the 127.0.1.1 or the needed DHCP IP 10.0.0.3 

So now, i suggest the following..
1) remove or change the entry in hosts with 127.0.1.1 to real ip. 
2) set fix-dhcp ip or static ip.
3) /etc/systemd/resolved.conf
   Do set the DNS servers in here and point them to the AD-DC's there IP's. 
   DONT set fallbackDNS, when possible if you dont use it, disable MulticastDNS
4) configure the "per interface" settings for systemd-networkd as i showed. 

systemctl daemon-reload
systemctl restart systemd-networkd
systemctl restart systemd-resolved

and reboot and this "should" work.
Comment 8 Louis 2022-01-26 10:40:33 UTC
(In reply to Louis from comment #7)
in addition, after a better look on this 
https://wiki.samba.org/index.php/1.3_/etc/hosts 
this is set for CTDB and its an very old part of the documentation. 
I dont know if this part is valid, as i dont use CTDB. 

Rowland, can you verify this part of the wiki.
Comment 9 Michael Jones 2022-01-26 18:44:09 UTC
(In reply to Louis from comment #7)

> This works all fine with systemd, i know, im running it. with of without DHCP, but its all a matter of configuring it correctly. 

Sure, and i've been using systemd as well for years. I'm only posting about this issue because some arbitrary change somewhere else in my system is causing problems, and I'm going line by line through the logs and addressing any warnings. This warning in particular is either wrong, or misleading and uninformative.

> This part, (*line in /etc/hosts) this is added because you used DHCP at install, set Static IP, change 127.0.1.1 to the real ip and thats fixed. 

If you're referring to the line for 127.0.1.1, that line wasn't there until i started investigating this.

I reproduced the problem with and without 127.0.1.1. Adding or removing it doesn't appear to make a difference.

> if you dont want to set a Static ip, at least set a fixed-dhcp adres. in my personal opinion, its maddness to set a server with random DHCP adresses, and again its possible, but then you also should make sure that DHCP is adding the entry to the DNS server. 

I'm afraid that I disagree. The only machine in my network that has a staticly assigned IP is the AD-DC, and that's been true since i configured it in 2015. Windows file sharing, even when connected to the AD-DC, works perfectly fine with DHCP.

I'm happy to agree with you that DHCP vs static configuration can require different configurations, but it's fundamentally no more of a challange than any other basic linux admin task, until you run into software that makes weird demands.

> So, this line is added ONLY if you install a "SERVER" with dhcp.. 
> (* line in hosts)
> # 127.0.1.1 is often used for the FQDN of the machine
> 127.0.1.1       thishost.mydomain.org  thishost 

I assume that based on your previous statement about removing 127.0.1.1, you only included this to show me what to remove?

> Next is the DHCP settings, it seems that you or a default setting did set DNS ipnumbers to internet, i suggest.. 
> You remove these DNS ipnumbers that are NOT the AD-DC's. 
> The AD-DC should have the forwarder DNS settings.
> *( not saying that it doesnt work with the 127.0.1.1 line in hosts, but lets make it work first).. 

My experience with the built in samba DNS forwarder is that it's unbelievably buggy, and most of my DNS clients (windows and linux) need to fall back to the indicated fallback DNS servers.

I can remove the fallback for purposes of testing, but I'm going to put it back in.

If my DNS clients are contacting the fallback DNS, then they're doing so because Samba is breaking them in some way... So either my AD-DC is returning a bad answer for multimedia.network-1.net looking itself up, or my AD-DC is breaking and causing multimedia.network-1.net to fallback to the backup DNS.

> Samba wiki has multiple different recommendations: this one..  : https://wiki.samba.org/index.php/1.3_/etc/hosts  has wrong entries, i'll fix that. 
Many thanks.

> And you said in your first post. 
> >> My /etc/hosts file does not have any entry for the machine's hostname.  
> which is correct and also works fine, if the resolving works as it should. 

Ok, so removing the lines for multimedia.network-1.net is fine?
Should the warning in samba be adjusted to talk, not about /etc/hosts, but instead about "resolving the FQDN of this machine returned unexpected results, expected X but got Y, fix your local host name resolution settings" ??

> Did you add/checked of the at least the A record is set in the DNS? is it added, did it change for example? 
> because, when you add the server to a AD-DC domain, the A record is registered, so 
> you much check what is registered, the 127.0.1.1 or the needed DHCP IP 10.0.0.3 

Well, doing a "net ads leave" and then "new ads join" gives me a warning about failure to update the DNS. Not sure why, very few helpful results in Google for this problem, and doing that also appears to have broken other domain members, e.g. "userfiles.network-1.net" can't look itself up now. So that's fun.

Prior to leaving and rejoining, i did check that the A record existed.

samba-tool domain join network-1.net MEMBER

was apparently *not* the right thing to do, and it's not clear how to undo it, or if undoing that is even possible.
The documentation in "man samba-tool" for it implies it's just an alternative to "net ads join", but apparently not.

samba_dnsupdate --all-names --all-interfaces --use-samba-tool 

returns warnings about TSID, but otherwise just says it can't do anything because the records already exist.

Overall, the trend is that the Samba software has lots of excellent error / consistency / sanity checks, but when the warnings are generated in the logs, there is nothing about the thing being warned about that is actionable by the local admin. E.g. Warnings about TSID with zero indication of "why" those warnings were caused, or what the local admin can do about it. So we're stuck searching Google, we find one post from 2015 that had the exact same message but the fix is already in place locally, and one other post with an even closer match that got no replies on the mailing list.

> So now, i suggest the following..
> 1) remove or change the entry in hosts with 127.0.1.1 to real ip. 
> 2) set fix-dhcp ip or static ip.
> 3) /etc/systemd/resolved.conf
>    Do set the DNS servers in here and point them to the AD-DC's there IP's. 
>    DONT set fallbackDNS, when possible if you dont use it, disable MulticastDNS
> 4) configure the "per interface" settings for systemd-networkd as i showed. 

Thank you for the advice.

I'll, of course, try to more closely match what I have configured locally to see if there is any behavior differences, but as described in the rest of this response, I'm skeptical that these specific changes are going to actually resolve my difficulties. But i'll let you know.
Comment 10 Rowland Penny 2022-01-26 21:42:58 UTC
(In reply to Louis from comment #8)
That is a very old page, it pre-dates Samba 4 and it wouldn't use anything on that page.
Comment 11 Rowland Penny 2022-01-26 21:53:10 UTC
(In reply to Michael Jones from comment #9)
While I would agree with Louis about AD DC's having fixed IP's, I do not think that Unix domain members need to have fixed IP's. You must however have the dns setup correctly. If you are using dhcp, then /etc/hosts only requires '127.0.0.1 localhost' and its IPv6 equivalent. The problem with /etc/resolv.conf is that its contents will depend on what packages you are using, Network Manager, netplan etc.