Jabber - Active Directory Host Could not be reverse resolved

[Lonniebiz]

Numerous times I've attempted to get a Jabber server running on a domain controlled by a Windows Active Directory server.

During installation, I choose the option to "connect to an exiting active directory server" and I supply correct administrative credentials to Zentyal 3.3's setup and configuration wizard, for this existing MS Active Directory server.

After logging in for the first time, I then go to DNS and put my active directory servers IPs as forwarders in Zentyal's resolver list.

Then, when I go to the Computers and Users menu, I always get this error:

Code: [Select]

The IP address '192.168.1.10' belonging to the domain controller 'ad1.work.local' could not be reverse resolved.
Please, make sure you are using one of the AD DNS servers as the primary resolver in the resolvers list,
and it contains the required reverse zones.
I do indeed have both AD DNS servers in Zentyal's resolvers list.

As a matter of fact, if I do a nslookup of 192.168.1.10 (from this Zentyal Server's command line), I do indeed get a correct reverse lookup:

Code: [Select]

admin@chatbox:~$ nslookup 192.168.1.10
Server: 192.168.1.10
Address: 1192.168.1.10#53

10.1.168.192.in-addr.arpa name = ad1.work.local.
Please look at line 722 in the code base. This is the line of code rejecting my progress.

On the Microsoft AD DNS server, I see both forward and reverse zones, and nslookup is clearly getting the correct reverse lookup, so why isn't Zentyal web interface moving forward past this so I can get this Jabber server up and running?

In addition to this forum posting, I've also submitted ticket here:
http://trac.zentyal.org/ticket/7932

Any workarounds are appreciated.

[christian]

Does "DNS forwarding" work for DNS domain handled (authoritative) by your primary DNS ? I don't think so.
Although this is not 100% clear in Zentyal documentation, I believe there is no forwarding for local domain. I might be wrong...

On the other hand, I'm not aware of any flexible "reverse DNS configuration" on Zentyal...

From Zentyal doc.

The redirectors or forwarders are external DNS servers that will support your server . First your server will search in the local cache, among the registered domains and previously cached queries; in case there is no answer, it will query the redirectors. For example, the first time you query www.google.com, Zentyal’s DNS server will query redirectors and store the request in cache if the domain google.com is not registered to your server.

[Lonniebiz]

The are two places you can input the AD DNS server's IP addresses, in the Zentyal web interface:
1) CORE > Network > DNS
2) INFRASTRUCTURE > DNS

When I only list them at #1, I get this error (when going to "Users and Computers" menu):

Code: [Select]

The domain controller ad1.work.local could not be resolved to its IP address.
Please, make sure you are using one of the AD DNS servers as the primary resolver in the [u]resolvers list[/u].
When I also list them at #2, as a fowarder, I get this error (when going to "Users and Computers" menu):

Code: [Select]

The IP address '192.168.1.10' belonging to the domain controller 'ad1.work.local' could not be reverse resolved.
Please, make sure you are using one of the AD DNS servers as the primary resolver in the resolvers list,
and it contains the required reverse zones.

[christian]

I can't really comment about Zentyal implementation but would like to elaborate on one specific point about forwarders:
DNS forwarders are used when DNS query is not resolved locally, either because not in cache or not served by local DNS server.
If your DNS is authoritative for mydomain.com, there is no reason to forward request outside as DNS is authoritative. Because of this, I don't understand how forwarders could be used to distribute, if I can say so, DNS domain management across different DNS, i.e. one being Zentyal, another being Microsoft if both cover same domain.

That's for the basic forwarding mechanism.

Then back to your question that is more related to reverse DNS, I've to say that I've no clear idea about what would be the result. I need to think further about this.

[Lonniebiz]

I agree that a forwarder doesn't seem logically necessary here, but adding one is the only thing that got me passed the first error I mentioned in my previous message.

All I'm trying to do, is to get Zentyal to sync Users from the MS Active Directory for the purpose of creating Jabber accounts (automatically) that a user can consume with Pidgin using their AD credentials.

Without the forwarder, Zentyal doesn't seem to be able to verify that the "external active directory I told it to sync with" exists.

When I added the forwarder, it then notices that it exists, but then complains about that fact that it is unable to reverse resolve it by ip lookup. I don't know why Zentyal is unable to reverse resolve, when at the same time I can go to the command line on this very server and reverse resolve without issue.

It seems like Zentyal's Users and Computers module is not truly consuming the DNS I've specified at:
CORE > Network > DNS

Maybe, instead, it is incorrectly looking to this module to resolve these things:
INFRASTRUCTURE > DNS

When I'm at the command line, using nslookup, it is correctly using the settings at CORE > Network > DNS and successfully resolving forward and reverse, but the "Users and Computers" module seems to only be looking at INFRASTRUCTURE > DNS to resolve the Active Directory server I chose to sync with during installation.

See the Connect with External Active Directory option I chose during installation.

You would expect to be able to simply go to the "Users and Computers" module after installation, having chosen this installation option, but as you can see, I'm getting these strange errors instead.