396.2 アクティブディレクトリの名前解決
主題396:Sambaのネームサービス
396.2 アクティブディレクトリの名前解決
LinuC300の試験範囲である主題390~397まであるうちの「主題396:Sambaのネームサービス」から「396.2 アクティブディレクトリの名前解決」についてのまとめ
重要度:2
説明:
社内のSamba4のDNSサーバを理解していること。主要な知識範囲:
- アクティブディレクトリドメインコントローラとしてSamba4のDNSを理解し管理できる
- 内部のSamba4のDNSサーバのDNSフォワーディング重要なファイル、用語、ユーティリティ:
- samba-tool dnsと、そのサブコマンド
- smb.conf
- dns forwarder
- /etc/resolv.conf
- dig、host
アクティブディレクトリドメインコントローラとしてSamba4のDNSを理解し管理できる
Samba4によるActiveDirectoryドメインコントローラーにはDNSとLDAPの機能が取り込まれている。これまで別々に構築し連携を図っていたものがSambaひとつで実現できる。
一方で、Samba4の内蔵機能は使わずDNSサーバーで知られるBINDを使うことも可能。
~Samba4でDNSにBINDを利用する方法~
samba-tool domain provisionコマンドで--dns-backendで指定できる。
もしくはsamba_upgradednsコマンドでSAMBA_INTERNALとBIND9_DLZの相互変換ができる。
・(既定値)SAMBA_INTERNAL:
DNSサーバーSamba内蔵のDNSサーバーを使用する。
・BIND9_DLZ:
DNSサーバーにBINDを使用し、ゾーン情報はADのものを使用する。
server services = -dns の設定をする。
・BIND9_FLATFILE:
DNSサーバーにBINDを使用し、BINDのゾーン情報を使用する。
server services = -dns の設定をする。
Samba4.11.0で非推奨となり4.12.0で削除されている。
Do not use the BIND9_FLATFILE DNS back end. It is not supported and will be formally deprecated when 4.11.0 is released and removed at 4.12.0.
~パラメーター~
Samba4内蔵のDNSに関連するパラメーター
dns port = 53
DNSサービスの待受ポートを指定する。dns proxy =Yes
nmbdのWINSによるNetBIOSの名前解決ができなかった時にDNS名としてDNSに問い合わせをする。dns update command = ${prefix}/sbin/samba_dnsupdate
ダイナミックDNSでレコードが更新された場合に実行されるコマンドを指定する。dns zone scavenging = No
未使用のダイナミックDNSレコードは定期的に削除する。dns zone transfer clients allow =
Sambaで構成したActiveDirectoryドメインコントローラーにおいてDNSをBIND9_DLZとした場合のDNS ゾーン転送を許可するホストを指定する。dns zone transfer clients deny =
Sambaで構成したActiveDirectoryドメインコントローラーにおいてDNSをBIND9_DLZとした場合のDNS ゾーン転送を拒否するホストを指定する。allow dns updates = secure only
動的DNSを更新する際にどのようなアップデートを許可するかを指定する。
disable:DNSアップデートをしない
secure only:Kerberosを使用した安全な接続のみ
nonsecure:安全でない接続も許可するasync dns timeout = 10
binddns dir(bind dns directory) = ${prefix}/bind-dns
SambaがDNSの設定ファイルを格納するディレクトリ
~samba-toolコマンド~
samba-tool dns serverinfo
サーバーの情報を表示
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns serverinfo rocky9-samba42.example.local -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
dwVersion : 0xece0205
fBootMethod : DNS_BOOT_METHOD_DIRECTORY
fAdminConfigured : FALSE
fAllowUpdate : TRUE
fDsAvailable : TRUE
pszServerName : ROCKY9-SAMBA42.example.local
pszDsContainer : CN=MicrosoftDNS,DC=DomainDnsZones,DC=example,DC=local
aipServerAddrs : ['127.0.0.1', '192.168.56.42']
aipListenAddrs : ['127.0.0.1', '192.168.56.42']
aipForwarders : []
dwLogLevel : 0
dwDebugLevel : 0
dwForwardTimeout : 3
dwRpcPrototol : 0x5
dwNameCheckFlag : DNS_ALLOW_MULTIBYTE_NAMES
cAddressAnswerLimit : 0
dwRecursionRetry : 3
dwRecursionTimeout : 8
dwMaxCacheTtl : 86400
dwDsPollingInterval : 180
dwScavengingInterval : 168
dwDefaultRefreshInterval : 72
dwDefaultNoRefreshInterval : 72
fAutoReverseZones : FALSE
fAutoCacheUpdate : FALSE
fRecurseAfterForwarding : FALSE
fForwardDelegations : TRUE
fNoRecursion : FALSE
fSecureResponses : FALSE
fRoundRobin : TRUE
fLocalNetPriority : FALSE
fBindSecondaries : FALSE
fWriteAuthorityNs : FALSE
fStrictFileParsing : FALSE
fLooseWildcarding : FALSE
fDefaultAgingState : FALSE
dwRpcStructureVersion : 0x2
aipLogFilter : []
pwszLogFilePath : None
pszDomainName : example.local
pszForestName : example.local
pszDomainDirectoryPartition : DC=DomainDnsZones,DC=example,DC=local
pszForestDirectoryPartition : DC=ForestDnsZones,DC=example,DC=local
dwLocalNetPriorityNetMask : 0xff
dwLastScavengeTime : 0
dwEventLogLevel : 4
dwLogFileMaxSize : 0
dwDsForestVersion : 4
dwDsDomainVersion : 4
dwDsDsaVersion : 4
fReadOnlyDC : FALSE
[root@rocky9-samba42 ~]#samba-tool dns zonelist
管理しているゾーンの一覧
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns zonelist rocky9-samba42.example.local -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
2 zone(s) found
pszZoneName : example.local
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.local
pszZoneName : _msdcs.example.local
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.example.local
[root@rocky9-samba42 ~]#
samba-tool dns zoneinfo
ゾーン情報の表示
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns zoneinfo rocky9-samba42.example.local example.local -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
pszZoneName : example.local
dwZoneType : DNS_ZONE_TYPE_PRIMARY
fReverse : FALSE
fAllowUpdate : DNS_ZONE_UPDATE_SECURE
fPaused : FALSE
fShutdown : FALSE
fAutoCreated : FALSE
fUseDatabase : TRUE
pszDataFile : None
aipMasters : []
fSecureSecondaries : DNS_ZONE_SECSECURE_NO_XFER
fNotifyLevel : DNS_ZONE_NOTIFY_LIST_ONLY
aipSecondaries : []
aipNotify : []
fUseWins : FALSE
fUseNbstat : FALSE
fAging : FALSE
dwNoRefreshInterval : 168
dwRefreshInterval : 168
dwAvailForScavengeTime : 0
aipScavengeServers : []
dwRpcStructureVersion : 0x2
dwForwarderTimeout : 0
fForwarderSlave : 0
aipLocalMasters : []
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.local
pwszZoneDn : DC=example.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=example,DC=local
dwLastSuccessfulSoaCheck : 0
dwLastSuccessfulXfr : 0
fQueuedForBackgroundLoad : FALSE
fBackgroundLoadInProgress : FALSE
fReadOnlyZone : FALSE
dwLastXfrAttempt : 0
dwLastXfrResult : 0
[root@rocky9-samba42 ~]#samba-tool dns zonecreate
ゾーンを作成する。
★ ゾーン hogehoge.local を追加 ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns zonecreate rocky9-samba42.example.local hogehoge.local -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
Zone hogehoge.local created successfully
[root@rocky9-samba42 ~]#
★ zonelistで確認 ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns zonelist rocky9-samba42.example.local -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
3 zone(s) found
pszZoneName : example.local
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.local
pszZoneName : hogehoge.local <--- ★作成されたゾーン
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.local
pszZoneName : _msdcs.example.local
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.example.local
[root@rocky9-samba42 ~]#
★ zoneinfoで確認 ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns zoneinfo rocky9-samba42.example.local hogehoge.local -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
pszZoneName : hogehoge.local
dwZoneType : DNS_ZONE_TYPE_PRIMARY
fReverse : FALSE
fAllowUpdate : DNS_ZONE_UPDATE_SECURE
fPaused : FALSE
fShutdown : FALSE
fAutoCreated : FALSE
fUseDatabase : TRUE
pszDataFile : None
aipMasters : []
fSecureSecondaries : DNS_ZONE_SECSECURE_NO_XFER
fNotifyLevel : DNS_ZONE_NOTIFY_LIST_ONLY
aipSecondaries : []
aipNotify : []
fUseWins : FALSE
fUseNbstat : FALSE
fAging : FALSE
dwNoRefreshInterval : 168
dwRefreshInterval : 168
dwAvailForScavengeTime : 0
aipScavengeServers : []
dwRpcStructureVersion : 0x2
dwForwarderTimeout : 0
fForwarderSlave : 0
aipLocalMasters : []
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.local
pwszZoneDn : DC=hogehoge.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=example,DC=local
dwLastSuccessfulSoaCheck : 0
dwLastSuccessfulXfr : 0
fQueuedForBackgroundLoad : FALSE
fBackgroundLoadInProgress : FALSE
fReadOnlyZone : FALSE
dwLastXfrAttempt : 0
dwLastXfrResult : 0
[root@rocky9-samba42 ~]#samba-tool dns zonedelete
ゾーンを削除する。
★ ゾーン hogehoge.local を削除 ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns zonedelete rocky9-samba42.example.local hogehoge.local -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
Zone hogehoge.local deleted successfully
[root@rocky9-samba42 ~]#
★ zonelistで確認 ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns zonelist rocky9-samba42.example.local -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
2 zone(s) found
pszZoneName : example.local
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.local
pszZoneName : _msdcs.example.local
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.example.local
[root@rocky9-samba42 ~]#samba-tool dns query
登録されているレコードを参照
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns query rocky9-samba42.example.local example.local @ ALL -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
Name=, Records=5, Children=0
SOA: serial=10, refresh=900, retry=600, expire=86400, minttl=3600, ns=rocky9-samba42.example.local., email=hostmaster.example.local. (flags=600000f0, serial=10, ttl=3600)
NS: rocky9-samba42.example.local. (flags=600000f0, serial=110, ttl=900)
NS: rocky9-samba43.example.local. (flags=600000f0, serial=110, ttl=900)
A: 192.168.56.43 (flags=600000f0, serial=110, ttl=900)
A: 192.168.56.42 (flags=600000f0, serial=110, ttl=900)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=4
Name=_udp, Records=0, Children=2
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
Name=rocky9-samba42, Records=1, Children=0
A: 192.168.56.42 (flags=f0, serial=1, ttl=900)
Name=rocky9-samba43, Records=1, Children=0
A: 192.168.56.43 (flags=f0, serial=5, ttl=3600)
Name=rocky9-samba99, Records=1, Children=0
A: 192.168.56.99 (flags=f0, serial=9, ttl=900)
Name=win10-pc01, Records=1, Children=0
A: 192.168.56.152 (flags=f0, serial=110, ttl=1200)
[root@rocky9-samba42 ~]#samba-tool dns add
レコード追加
★ Aレコード rocky9-samba99 を追加 ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns add rocky9-samba42.example.local example.local rocky9-samba99 A 192.168.56.99 -U Administrator
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
Record added successfully
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns query rocky9-samba42.example.local example.local @ ALL -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
Name=, Records=5, Children=0
SOA: serial=10, refresh=900, retry=600, expire=86400, minttl=3600, ns=rocky9-samba42.example.local., email=hostmaster.example.local. (flags=600000f0, serial=10, ttl=3600)
NS: rocky9-samba42.example.local. (flags=600000f0, serial=110, ttl=900)
NS: rocky9-samba43.example.local. (flags=600000f0, serial=110, ttl=900)
A: 192.168.56.43 (flags=600000f0, serial=110, ttl=900)
A: 192.168.56.42 (flags=600000f0, serial=110, ttl=900)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=4
Name=_udp, Records=0, Children=2
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
Name=rocky9-samba42, Records=1, Children=0
A: 192.168.56.42 (flags=f0, serial=1, ttl=900)
Name=rocky9-samba43, Records=1, Children=0
A: 192.168.56.43 (flags=f0, serial=5, ttl=3600)
Name=rocky9-samba99, Records=1, Children=0 <--- ★追加された
A: 192.168.56.99 (flags=f0, serial=9, ttl=900) <--- ★追加された
Name=win10-pc01, Records=1, Children=0
A: 192.168.56.152 (flags=f0, serial=110, ttl1200)
[root@rocky9-samba42 ~]#
★ nslookupコマンドで名前解決できるか確認 ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# nslookup rocky9-samba99.example.local
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: rocky9-samba99.example.local
Address: 192.168.56.99
[root@rocky9-samba42 ~]#
★ digコマンドで名前解決できるか確認 ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# dig rocky9-samba99.example.local
; <<>> DiG 9.16.23-RH <<>> rocky9-samba99.example.local
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17723
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;rocky9-samba99.example.local. IN A
;; ANSWER SECTION:
rocky9-samba99.example.local. 900 IN A 192.168.56.99
;; AUTHORITY SECTION:
example.local. 3600 IN SOA rocky9-samba42.example.local. hostmaster.example.local. 9 900 600 86400 3600
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Aug 09 00:58:35 JST 2023
;; MSG SIZE rcvd: 124
[root@rocky9-samba42 ~]#samba-tool dns delete
レコード削除
★ Aレコード rocky9-samba99 を削除 ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns delete rocky9-samba42.example.local example.local rocky9-samba99 A 192.168.56.99 -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]: ********
Record deleted successfully
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# samba-tool dns query rocky9-samba42.example.local example.local @ ALL -U Administrator
:
Using binding ncacn_ip_tcp:rocky9-samba42.example.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name rocky9-samba42.example.local<0x20>
Password for [EXAMPLE\Administrator]:
Name=, Records=5, Children=0
SOA: serial=12, refresh=900, retry=600, expire=86400, minttl=3600, ns=rocky9-samba42.example.local., email=hostmaster.example.local. (flags=600000f0, serial=12, ttl=3600)
NS: rocky9-samba42.example.local. (flags=600000f0, serial=110, ttl=900)
NS: rocky9-samba43.example.local. (flags=600000f0, serial=110, ttl=900)
A: 192.168.56.43 (flags=600000f0, serial=110, ttl=900)
A: 192.168.56.42 (flags=600000f0, serial=110, ttl=900)
Name=_msdcs, Records=0, Children=0
Name=_sites, Records=0, Children=1
Name=_tcp, Records=0, Children=4
Name=_udp, Records=0, Children=2
Name=DomainDnsZones, Records=0, Children=2
Name=ForestDnsZones, Records=0, Children=2
Name=rocky9-samba42, Records=1, Children=0
A: 192.168.56.42 (flags=f0, serial=1, ttl=900)
Name=rocky9-samba43, Records=1, Children=0
A: 192.168.56.43 (flags=f0, serial=5, ttl=3600)
Name=win10-pc01, Records=1, Children=0
A: 192.168.56.152 (flags=f0, serial=110, ttl=1200)
[root@rocky9-samba42 ~]#内部のSamba4のDNSサーバのDNSフォワーディング
~パラメーター~
dns forwarder =
Sambaサーバー自身で名前解決ができなかった場合に問い合わせをする上流のDNSサーバーを指定する。
この設定はSambaの内蔵DNS サーバー(SAMBA_INTERNAL)が使用されている場合のみ有効。
(補足)Linuxホストが参照するDNSサーバー
Linuxホスト自身が参照(問い合わせ)するDNSサーバーは/etc/resolv.confで設定されている。
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# cat /etc/resolv.conf
search example.local
nameserver 127.0.0.1
[root@rocky9-samba42 ~]#ただし、最近のディストリビューションでは/etc/resolv.confの内容はNetworkManagerやnetplanといったネットワーク管理ツールやsystemd-resolvedというsystemdの仕組みで自動生成されることが多くなっており、/etc/resolv.confを直接編集してもLinuxホストを再起動するともとに戻ってしまうため、/etc/resolv.confの編集方法についてはそれぞれのディストリビューションの作法に従う必要がある。
(補足)名前解決を確認するコマンド
nslookupコマンド
★ 192.168.56.42に対してSOAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# nslookup -type=SOA example.local 192.168.56.42
Server: 192.168.56.42
Address: 192.168.56.42#53
example.local
origin = rocky9-samba42.example.local
mail addr = hostmaster.example.local
serial = 12
refresh = 900
retry = 600
expire = 86400
minimum = 3600
[root@rocky9-samba42 ~]#
★ 192.168.56.43に対してSOAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# nslookup -type=SOA example.local 192.168.56.43
Server: 192.168.56.43
Address: 192.168.56.43#53
example.local
origin = rocky9-samba43.example.local
mail addr = hostmaster.example.local
serial = 12
refresh = 900
retry = 600
expire = 86400
minimum = 3600
[root@rocky9-samba42 ~]#★ 192.168.56.42に対してAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# nslookup -type=A rocky9-samba42.example.local 192.168.56.42
Server: 192.168.56.42
Address: 192.168.56.42#53
Name: rocky9-samba42.example.local
Address: 192.168.56.42
[root@rocky9-samba42 ~]#
★ 192.168.56.43に対してAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# nslookup -type=A rocky9-samba42.example.local 192.168.56.43
Server: 192.168.56.43
Address: 192.168.56.43#53
Name: rocky9-s
amba42.example.local
Address: 192.168.56.42
[root@rocky9-samba42 ~]#digコマンド
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# dig -h
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Where: domain is in the Domain Name System
q-class is one of (in,hs,ch,...) [default: in]
q-type is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]
(Use ixfr=version for type ixfr)
q-opt is one of:
-4 (use IPv4 query transport only)
-6 (use IPv6 query transport only)
-b address[#port] (bind to source address/port)
-c class (specify query class)
-f filename (batch mode)
-k keyfile (specify tsig key file)
-m (enable memory usage debugging)
-p port (specify port number)
-q name (specify query name)
-r (do not read ~/.digrc)
-t type (specify query type)
-u (display times in usec instead of msec)
-x dot-notation (shortcut for reverse lookups)
-y [hmac:]name:key (specify named base64 tsig key)
d-opt is of the form +keyword[=value], where keyword is:
+[no]aaflag (Set AA flag in query (+[no]aaflag))
+[no]aaonly (Set AA flag in query (+[no]aaflag))
+[no]additional (Control display of additional section)
+[no]adflag (Set AD flag in query (default on))
+[no]all (Set or clear all display flags)
+[no]answer (Control display of answer section)
+[no]authority (Control display of authority section)
+[no]badcookie (Retry BADCOOKIE responses)
+[no]besteffort (Try to parse even illegal messages)
+bufsize[=###] (Set EDNS0 Max UDP packet size)
+[no]cdflag (Set checking disabled flag in query)
+[no]class (Control display of class in records)
+[no]cmd (Control display of command line -
global option)
+[no]comments (Control display of packet header
and section name comments)
+[no]cookie (Add a COOKIE option to the request)
+[no]crypto (Control display of cryptographic
fields in records)
+[no]defname (Use search list (+[no]search))
+[no]dnssec (Request DNSSEC records)
+domain=### (Set default domainname)
+[no]dscp[=###] (Set the DSCP value to ### [0..63])
+[no]edns[=###] (Set EDNS version) [0]
+ednsflags=### (Set EDNS flag bits)
+[no]ednsnegotiation (Set EDNS version negotiation)
+ednsopt=###[:value] (Send specified EDNS option)
+noednsopt (Clear list of +ednsopt options)
+[no]expandaaaa (Expand AAAA records)
+[no]expire (Request time to expire)
+[no]fail (Don't try next server on SERVFAIL)
+[no]header-only (Send query without a question section)
+[no]identify (ID responders in short answers)
+[no]idnin (Parse IDN names [default=on on tty])
+[no]idnout (Convert IDN response [default=on on tty])
+[no]ignore (Don't revert to TCP for TC responses.)
+[no]keepalive (Request EDNS TCP keepalive)
+[no]keepopen (Keep the TCP socket open between queries)
+[no]mapped (Allow mapped IPv4 over IPv6)
+[no]multiline (Print records in an expanded format)
+ndots=### (Set search NDOTS value)
+[no]nsid (Request Name Server ID)
+[no]nssearch (Search all authoritative nameservers)
+[no]onesoa (AXFR prints only one soa record)
+[no]opcode=### (Set the opcode of the request)
+padding=### (Set padding block size [0])
+[no]qr (Print question before sending)
+[no]question (Control display of question section)
+[no]raflag (Set RA flag in query (+[no]raflag))
+[no]rdflag (Recursive mode (+[no]recurse))
+[no]recurse (Recursive mode (+[no]rdflag))
+retry=### (Set number of UDP retries) [2]
+[no]rrcomments (Control display of per-record comments)
+[no]search (Set whether to use searchlist)
+[no]short (Display nothing except short
form of answers - global option)
+[no]showsearch (Search with intermediate results)
+[no]split=## (Split hex/base64 fields into chunks)
+[no]stats (Control display of statistics)
+subnet=addr (Set edns-client-subnet option)
+[no]tcflag (Set TC flag in query (+[no]tcflag))
+[no]tcp (TCP mode (+[no]vc))
+timeout=### (Set query timeout) [5]
+[no]trace (Trace delegation down from root [+dnssec])
+tries=### (Set number of UDP attempts) [3]
+[no]ttlid (Control display of ttls in records)
+[no]ttlunits (Display TTLs in human-readable units)
+[no]unexpected (Print replies from unexpected sources
default=off)
+[no]unknownformat (Print RDATA in RFC 3597 "unknown" format)
+[no]vc (TCP mode (+[no]tcp))
+[no]yaml (Present the results as YAML)
+[no]zflag (Set Z flag in query)
global d-opts and servers (before host name) affect all queries.
local d-opts and servers (after host name) affect only that lookup.
-h (print help and exit)
-v (print version and exit)
[root@rocky9-samba42 ~]#★ 192.168.56.42に対してSOAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# dig SOA example.local @192.168.56.42
; <<>> DiG 9.16.23-RH <<>> soa example.local @192.168.56.42
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21398
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;example.local. IN SOA
;; ANSWER SECTION:
example.local. 3600 IN SOA rocky9-samba42.example.local. hostmaster.example.local. 12 900 600 86400 3600
;; AUTHORITY SECTION:
example.local. 3600 IN SOA rocky9-samba42.example.local. hostmaster.example.local. 12 900 600 86400 3600
;; Query time: 4 msec
;; SERVER: 192.168.56.42#53(192.168.56.42)
;; WHEN: Thu Aug 10 22:23:56 JST 2023
;; MSG SIZE rcvd: 129
[root@rocky9-samba42 ~]#
★ 192.168.56.43に対してSOAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# dig SOA example.local @192.168.56.43
; <<>> DiG 9.16.23-RH <<>> soa example.local @192.168.56.43
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10654
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;example.local. IN SOA
;; ANSWER SECTION:
example.local. 3600 IN SOA rocky9-samba43.example.local. hostmaster.example.local. 12 900 600 86400 3600
;; AUTHORITY SECTION:
example.local. 3600 IN SOA rocky9-samba43.example.local. hostmaster.example.local. 12 900 600 86400 3600
;; Query time: 4 msec
;; SERVER: 192.168.56.43#53(192.168.56.43)
;; WHEN: Thu Aug 10 22:24:00 JST 2023
;; MSG SIZE rcvd: 129
[root@rocky9-samba42 ~]#★ 192.168.56.42に対してAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# dig A rocky9-samba42.example.local @192.168.56.42
; <<>> DiG 9.16.23-RH <<>> A rocky9-samba42.example.local @192.168.56.42
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52899
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;rocky9-samba42.example.local. IN A
;; ANSWER SECTION:
rocky9-samba42.example.local. 900 IN A 192.168.56.42
;; AUTHORITY SECTION:
example.local. 3600 IN SOA rocky9-samba42.example.local. hostmaster.example.local. 12 900 600 86400 3600
;; Query time: 4 msec
;; SERVER: 192.168.56.42#53(192.168.56.42)
;; WHEN: Thu Aug 10 22:25:28 JST 2023
;; MSG SIZE rcvd: 109
[root@rocky9-samba42 ~]#
★ 192.168.56.43に対してAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# dig A rocky9-samba42.example.local @192.168.56.43
; <<>> DiG 9.16.23-RH <<>> A rocky9-samba42.example.local @192.168.56.43
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5536
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;rocky9-samba42.example.local. IN A
;; ANSWER SECTION:
rocky9-samba42.example.local. 900 IN A 192.168.56.42
;; AUTHORITY SECTION:
example.local. 3600 IN SOA rocky9-samba43.example.local. hostmaster.example.local. 12 900 600 86400 3600
;; Query time: 0 msec
;; SERVER: 192.168.56.43#53(192.168.56.43)
;; WHEN: Thu Aug 10 22:25:30 JST 2023
;; MSG SIZE rcvd: 124
[root@rocky9-samba42 ~]#hostコマンド
-vオプションをつける:digコマンドと同程度の情報が得られる。
-vオプションをつけない:非常に簡素な情報しか得られない。
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# host
Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time]
[-R number] [-m flag] [-p port] hostname [server]
-a is equivalent to -v -t ANY
-A is like -a but omits RRSIG, NSEC, NSEC3
-c specifies query class for non-IN data
-C compares SOA records on authoritative nameservers
-d is equivalent to -v
-l lists all hosts in a domain, using AXFR
-m set memory debugging flag (trace|record|usage)
-N changes the number of dots allowed before root lookup is done
-p specifies the port on the server to query
-r disables recursive processing
-R specifies number of retries for UDP packets
-s a SERVFAIL response should stop query
-t specifies the query type
-T enables TCP/IP mode
-U enables UDP mode
-v enables verbose output
-V print version number and exit
-w specifies to wait forever for a reply
-W specifies how long to wait for a reply
-4 use IPv4 query transport only
-6 use IPv6 query transport only
[root@rocky9-samba42 ~]#★ 192.168.56.42に対してSOAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# host -t SOA example.local 192.168.56.42
Using domain server:
Name: 192.168.56.42
Address: 192.168.56.42#53
Aliases:
example.local has SOA record rocky9-samba42.example.local. hostmaster.example.local. 12 900 600 86400 3600
[root@rocky9-samba42 ~]#
★ 192.168.56.43に対してSOAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# host -t SOA example.local 192.168.56.43
Using domain server:
Name: 192.168.56.43
Address: 192.168.56.43#53
Aliases:
example.local has SOA record rocky9-samba43.example.local. hostmaster.example.local. 12 900 600 86400 3600
[root@rocky9-samba42 ~]#★ 192.168.56.42に対してAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# host -t A rocky9-samba42.example.local 192.168.56.42
Using domain server:
Name: 192.168.56.42
Address: 192.168.56.42#53
Aliases:
rocky9-samba42.example.local has address 192.168.56.42
[root@rocky9-samba42 ~]#
★ 192.168.56.43に対してAレコードを問い合わせしている ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# host -t A rocky9-samba42.example.local 192.168.56.43
Using domain server:
Name: 192.168.56.43
Address: 192.168.56.43#53
Aliases:
rocky9-samba42.example.local has address 192.168.56.42
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]#★ 192.168.56.42に対してAレコードを問い合わせしている:詳細版 ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# host -v -t A rocky9-samba42.example.local 192.168.56.42
Trying "rocky9-samba42.example.local"
Using domain server:
Name: 192.168.56.42
Address: 192.168.56.42#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34675
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;rocky9-samba42.example.local. IN A
;; ANSWER SECTION:
rocky9-samba42.example.local. 900 IN A 192.168.56.42
;; AUTHORITY SECTION:
example.local. 3600 IN SOA rocky9-samba42.example.local. hostmaster.example.local. 12 900 600 86400 3600
Received 109 bytes from 192.168.56.42#53 in 3 ms
[root@rocky9-samba42 ~]#
★ 192.168.56.43に対してAレコードを問い合わせしている:詳細版 ★
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# host -v -t A rocky9-samba42.example.local 192.168.56.43
Trying "rocky9-samba42.example.local"
Using domain server:
Name: 192.168.56.43
Address: 192.168.56.43#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16823
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;rocky9-samba42.example.local. IN A
;; ANSWER SECTION:
rocky9-samba42.example.local. 900 IN A 192.168.56.42
;; AUTHORITY SECTION:
example.local. 3600 IN SOA rocky9-samba43.example.local. hostmaster.example.local. 12 900 600 86400 3600
Received 124 bytes from 192.168.56.43#53 in 0 ms
[root@rocky9-samba42 ~]#[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# host -a example.local 192.168.56.42
Trying "example.local"
Using domain server:
Name: 192.168.56.42
Address: 192.168.56.42#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6535
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;example.local. IN ANY
;; ANSWER SECTION:
example.local. 3600 IN SOA rocky9-samba42.example.local. hostmaster.example.local. 12 900 600 86400 3600
example.local. 900 IN NS rocky9-samba42.example.local.
example.local. 900 IN NS rocky9-samba43.example.local.
example.local. 900 IN A 192.168.56.43
example.local. 900 IN A 192.168.56.42
;; AUTHORITY SECTION:
example.local. 3600 IN SOA rocky9-samba42.example.local. hostmaster.example.local. 12 900 600 86400 3600
Received 204 bytes from 192.168.56.42#53 in 4 ms
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]#
[root@rocky9-samba42 ~]# host -a example.local 192.168.56.43
Trying "example.local"
Using domain server:
Name: 192.168.56.43
Address: 192.168.56.43#53
Aliases:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13476
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;example.local. IN ANY
;; ANSWER SECTION:
example.local. 3600 IN SOA rocky9-samba43.example.local. hostmaster.example.local. 12 900 600 86400 3600
example.local. 900 IN NS rocky9-samba42.example.local.
example.local. 900 IN NS rocky9-samba43.example.local.
example.local. 900 IN A 192.168.56.43
example.local. 900 IN A 192.168.56.42
;; AUTHORITY SECTION:
example.local. 3600 IN SOA rocky9-samba43.example.local. hostmaster.example.local. 12 900 600 86400 3600
Received 204 bytes from 192.168.56.43#53 in 4 ms
[root@rocky9-samba42 ~]#(補足)WindowsからDNSを管理する
WindowsPCからDNSマネージャーというツールを使うことでActiveDirectoryのDNSサーバーを管理することができる。
~インストール方法~
WindowsPCで [設定] → [アプリと機能] → [オプション機能] から「RSAT: DNS サーバーツール」をインストールすると利用できる。
参考文献
この記事が気に入ったらサポートをしてみませんか?