Bug 9409 - Internal DNS will not correctly resolve CNAMES pointing to out-of-zone records
Summary: Internal DNS will not correctly resolve CNAMES pointing to out-of-zone records
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DNS server (internal) (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: 4.5
Assignee: Kai Blin
QA Contact: Samba QA Contact
Depends on:
Blocks: 10273
  Show dependency treegraph
Reported: 2012-11-17 08:26 UTC by Ricky
Modified: 2016-08-11 18:45 UTC (History)
7 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Ricky 2012-11-17 08:26:00 UTC
After switching from the bind9_dlz to the Internal DNS my CNAMES that ended the same as my realm stopped working, working with Kai on IRC we pinned this down to the recursion bit not being set properly. I am using Version 4.1.0pre1-GIT-d7cab97.
Comment 1 Ricky 2012-12-04 06:18:00 UTC
So after working with Amitay, he discovered that this wasn't actually the recursion bit at all, but adding an A record with the IP address of your cname, then adding a cname that points to that a record makes this work. He has more info on this, but basically the following 2 commands:

samba-tool dns add some.lan foobar A
samba-tool dns add some.lan testname CNAME foobar.some.lan

The results are in the following paste for a standard cname and a cname that points to an internal host (that points to the external cname ip address).


I have tried this on my production server as a work around and can confirm it works well.
Comment 2 Amitay Isaacs 2012-12-04 06:23:02 UTC
Kai, the recursion in handle_question() will only resolve the names from the domains hosted in AD.  New query should actually be resolved using dns_server_process_query_send(), so it can resolve CNAME pointing out of the AD domains.
Comment 3 Kai Blin 2013-05-25 10:15:26 UTC
Changed the tiltle to reflect actual bug.
Comment 4 Volker Lendecke 2015-04-29 14:21:14 UTC
Would it be sufficient if we asked the forwarder in this case?
Comment 5 Volker Lendecke 2015-04-29 14:31:51 UTC
Ok, going through the dns_server_process_query_send is the right thing to do here. We need to add a check for recursion depth within our AD though anyway.
Comment 6 Volker Lendecke 2015-12-15 07:31:59 UTC
is supposed to fix this. I'd appreciate comments.


Comment 7 Kris Lou 2016-08-11 18:29:41 UTC
Was this patch ever merged?  Ran into the issue with not resolving CNAMEs pointing to external FQDNs on 4.2.14.
Comment 8 Volker Lendecke 2016-08-11 18:34:13 UTC
It will be part of Samba 4.5.