The Samba-Bugzilla – Bug 9409
Internal DNS will not correctly resolve CNAMES pointing to out-of-zone records
Last modified: 2016-08-11 18:45:22 UTC
After switching from the bind9_dlz to the Internal DNS my CNAMES that ended the same as my realm stopped working, working with Kai on IRC we pinned this down to the recursion bit not being set properly. I am using Version 4.1.0pre1-GIT-d7cab97.
So after working with Amitay, he discovered that this wasn't actually the recursion bit at all, but adding an A record with the IP address of your cname, then adding a cname that points to that a record makes this work. He has more info on this, but basically the following 2 commands:
samba-tool dns add 192.168.1.135 some.lan foobar A 220.127.116.11
samba-tool dns add 192.168.1.135 some.lan testname CNAME foobar.some.lan
The results are in the following paste for a standard cname and a cname that points to an internal host (that points to the external cname ip address).
I have tried this on my production server as a work around and can confirm it works well.
Kai, the recursion in handle_question() will only resolve the names from the domains hosted in AD. New query should actually be resolved using dns_server_process_query_send(), so it can resolve CNAME pointing out of the AD domains.
Changed the tiltle to reflect actual bug.
Would it be sufficient if we asked the forwarder in this case?
Ok, going through the dns_server_process_query_send is the right thing to do here. We need to add a check for recursion depth within our AD though anyway.
is supposed to fix this. I'd appreciate comments.
Was this patch ever merged? Ran into the issue with not resolving CNAMEs pointing to external FQDNs on 4.2.14.
It will be part of Samba 4.5.