Author Topic: DNS with diffrent ip address  (Read 3261 times)

cnbx

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
DNS with diffrent ip address
« on: July 26, 2019, 01:54:45 pm »
Hi ALL,

i setup zentyal as domain controller and dns, but we have another ip for device zentyal using 192.168.x.x ip and another device using 172.172.x.x how we configure dns zentyal so 172.172 can query or use zentyal dns.

because client ip 172.172.x.x try nslookup got refused


really need advice.

Thanks
« Last Edit: July 26, 2019, 02:32:13 pm by cnbx »

doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: DNS with diffrent ip address
« Reply #1 on: July 27, 2019, 12:23:54 am »
 :)
If I have understanded rightly your problem you have a Zentyal server with three network interfaces: an external interface and two internal interfaces. Isn't it?

Usually Zentyal introduces automatically the IP of the Zentyal interfaces. Check the Domain IP Addresses record and the hostnames  (see this picture: https://doc.zentyal.org/en/_images/dns-04-domains.png)

If some of the IP of the internal interfaces hasn't being included, do it yourself (click on the correspondants gear icons)

Read this: https://doc.zentyal.org/en/dns.html#configuration-of-an-authoritative-dns-server-with-zentyal

(If you enables the transparent DNS option you'll not have to configure DNS on the client machines)

Cheers!
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,

cnbx

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: DNS with diffrent ip address
« Reply #2 on: July 27, 2019, 08:58:03 am »
:)
If I have understanded rightly your problem you have a Zentyal server with three network interfaces: an external interface and two internal interfaces. Isn't it?

Usually Zentyal introduces automatically the IP of the Zentyal interfaces. Check the Domain IP Addresses record and the hostnames  (see this picture: https://doc.zentyal.org/en/_images/dns-04-domains.png)

If some of the IP of the internal interfaces hasn't being included, do it yourself (click on the correspondants gear icons)

Read this: https://doc.zentyal.org/en/dns.html#configuration-of-an-authoritative-dns-server-with-zentyal

(If you enables the transparent DNS option you'll not have to configure DNS on the client machines)

Cheers!

hi Don,

sorry i only have one interface for this just for internal only but we have multiple ip address for employer,
so i want to configure zentyal as domain control and dns server is this possibly doing this with one interface...?

Thanks for reply.

doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: DNS with diffrent ip address
« Reply #3 on: July 29, 2019, 11:25:20 am »
 :)

You haven't to do any special configuration.

Read this: https://doc.zentyal.org/en/dns.html#dns-cache-server-configuration-with-zentyal

Quote
"Zentyal’s DNS module always works as a DNS cache server for networks marked as internal, so if you only want your server to cache DNS queries, simply enable the module."

If you are running the Zentyal DHCP on your internal network you can take advantage of dynamic DNS (so, hostnames IPs are changed dynamically. This is an integration of systems feature you don't need to manage)

If you works on static internal IPs simply add the hostnames and his IPs on the "hostnames" column on DNS "Domains" frame.

If you join these machines to the domain, these configurations will be setted automatically.

Let me know if you need more help.

Cheers!
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,

cnbx

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: DNS with diffrent ip address
« Reply #4 on: July 29, 2019, 11:58:18 am »
Hi Don,

so if use one interface it can be done.
i use static ip for this and zetyal configure for domain controller and dns.

i just add hostname client and ip address like you mentioned before just like that ..?
so how to add more then 1 client because use your method add one by one..

Thanks

doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: DNS with diffrent ip address
« Reply #5 on: July 31, 2019, 12:44:28 pm »
Hi!
The problem is that dynamic DNS is bugged. The right way to add automatically the ip's and host names is enable the DHCP module whit his dynamic DNS feature enabled. But, this doesn't run at all (I have readed some time ago that it will be fixed on Zentyal 6.1 in some moment around november 2019)
Other solutions are to do a little exercice of bash or perl scripting... Give me some time in order to try it.
Cheers!
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,

cnbx

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: DNS with diffrent ip address
« Reply #6 on: August 06, 2019, 01:01:58 pm »
Hi!
The problem is that dynamic DNS is bugged. The right way to add automatically the ip's and host names is enable the DHCP module whit his dynamic DNS feature enabled. But, this doesn't run at all (I have readed some time ago that it will be fixed on Zentyal 6.1 in some moment around november 2019)
Other solutions are to do a little exercice of bash or perl scripting... Give me some time in order to try it.
Cheers!

i want to achieve with one interface can deliver multiple ip address with dhcp and dns server this is cannot be done because of bugged this is correct ....?


Thanks
« Last Edit: August 06, 2019, 01:24:32 pm by cnbx »

doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: DNS with diffrent ip address
« Reply #7 on: August 08, 2019, 05:10:31 pm »
Hi!  :)

It means that a process that should be done automatically have to be done manually.

However I have to remember you the basis because I don't understand how do you uses Zentyal. O_o

Zentyal DHCP server only can be configured to serve IP's on the "internal network interfaces". So, if you have an only interface which is configured as "external" in order to grant internet access to the Zentyal server you don't be able to use DHCP assignations on this network.

I think that to buy a cheap network interface is the better of the solutions.

Other case, please show me your domain topology in order to give you a more accurated response.

Cheers!
« Last Edit: August 08, 2019, 05:19:20 pm by doncamilo »
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,

cnbx

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: DNS with diffrent ip address
« Reply #8 on: August 13, 2019, 09:22:41 am »
Hi!  :)

It means that a process that should be done automatically have to be done manually.

However I have to remember you the basis because I don't understand how do you uses Zentyal. O_o

Zentyal DHCP server only can be configured to serve IP's on the "internal network interfaces". So, if you have an only interface which is configured as "external" in order to grant internet access to the Zentyal server you don't be able to use DHCP assignations on this network.

I think that to buy a cheap network interface is the better of the solutions.


Other case, please show me your domain topology in order to give you a more accurated response.

Cheers!

Hi Doncamilo,

we have mikrotik router act as DHCP server with multiple subnet our topology is
ISP ==> Mikrotik ==> Switch L3 ==> ESX Server (including zentyal)

hence,  zentyal for domain controller only with dns, my problem is if i not add manually ip client to zentyal dns they cannot browsing because query refused.

is there any solution for this to add segment ip without add manually one by one...
for example if we use bind9 for dns we can accept multiple subnet for any segment, so dns can serve multiple ip with one interface.
« Last Edit: August 13, 2019, 09:25:34 am by cnbx »

doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: DNS with diffrent ip address
« Reply #9 on: August 13, 2019, 11:37:50 pm »
 :)

(Do you really need Domain controller?)

###NB: Zentyal webadmin doesn't shows the new records introduced throught samba-tool.!!!!

Ok, I was supposing all the services were provided by Zentyal. So, I have wasted lot of time, I'm sorry. As you are using Zentyal as Domain Controller DNS records should have being automatically configured.

However, if your DNS clients aren't joined to the domain you can configure the DNS records for these machines this way:

Code: [Select]
#Create a samba user on the webadmin and add him to the Domain Admins group (in my case 'admindc' with password 'admindc')
#Add admindc to the DnsAdmins group:
sudo samba-tool group addmembers DnsAdmins admindc

I have done this really basic script:

Code: [Select]
while IFS=" " read -r name ip
        do
                echo " Creating DNS record for ${name} host with ip ${ip}";
                samba-tool dns add 192.168.1.43 zentyal-domain.lan ${name} A ${ip} --username=admindc --password=admindc &&
                        echo " A record successfully created";


        done< "hosts-list.csv"

 where host-list.csv is this:

Code: [Select]
windows1 192.168.2.2
windows2 192.168.2.3
windows3 192.168.2.4
windows4 192.168.2.5
windows5 192.168.2.6
windows6 192.168.2.7

Locate the script and the host-list.csv on the same folder and run the script. (Remember you have to grant -x permissions to the script)

As a result you have this:

Code: [Select]
root@curso:~# samba-tool dns query localhost zentyal-domain.lan @ ALL --user=admindc --password=admindc
(...)
  Name=, Records=5, Children=0
    SOA: serial=14, refresh=900, retry=600, expire=86400, minttl=3600, ns=curso.zentyal-domain.lan., email=hostmaster.zentyal-domain.lan. (flags=600000f0, serial=14, ttl=3600)
    NS: curso.zentyal-domain.lan. (flags=600000f0, serial=7, ttl=900)
    A: 192.168.1.43 (flags=600000f0, serial=7, ttl=259200)
    A: 192.168.2.1 (flags=600000f0, serial=7, ttl=259200)
    A: 192.168.3.1 (flags=600000f0, serial=7, ttl=259200)
  Name=_kerberos, Records=1, Children=0
    TXT: "zentyal-domain.lan" (flags=f0, serial=1, ttl=259200)
  Name=_msdcs, Records=0, Children=0
  Name=_sites, Records=0, Children=1
  Name=_tcp, Records=0, Children=5
  Name=_udp, Records=0, Children=3
  Name=control, Records=1, Children=0
    A: 192.168.2.250 (flags=f0, serial=7, ttl=259200)
  Name=control2, Records=1, Children=0
    A: 192.168.2.65 (flags=f0, serial=7, ttl=259200)
  Name=curso, Records=3, Children=0
    A: 192.168.1.43 (flags=f0, serial=7, ttl=259200)
    A: 192.168.2.1 (flags=f0, serial=7, ttl=259200)
    A: 192.168.3.1 (flags=f0, serial=7, ttl=259200)
  Name=DomainDnsZones, Records=0, Children=2
  Name=ForestDnsZones, Records=0, Children=2
  Name=windows1, Records=1, Children=0
    A: 192.168.2.2 (flags=f0, serial=9, ttl=900)
  Name=windows2, Records=1, Children=0
    A: 192.168.2.3 (flags=f0, serial=10, ttl=900)
  Name=windows3, Records=1, Children=0
    A: 192.168.2.4 (flags=f0, serial=11, ttl=900)
  Name=windows4, Records=1, Children=0
    A: 192.168.2.5 (flags=f0, serial=12, ttl=900)
  Name=windows5, Records=1, Children=0
    A: 192.168.2.6 (flags=f0, serial=13, ttl=900)
  Name=windows6, Records=1, Children=0
    A: 192.168.2.7 (flags=f0, serial=14, ttl=900)

Do it for the needed records and modify it for other kind of records that you'll need

Cheers!
« Last Edit: August 13, 2019, 11:42:48 pm by doncamilo »
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,

cnbx

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: DNS with diffrent ip address
« Reply #10 on: August 14, 2019, 05:53:27 am »
:)

(Do you really need Domain controller?)

###NB: Zentyal webadmin doesn't shows the new records introduced throught samba-tool.!!!!

Ok, I was supposing all the services were provided by Zentyal. So, I have wasted lot of time, I'm sorry. As you are using Zentyal as Domain Controller DNS records should have being automatically configured.

However, if your DNS clients aren't joined to the domain you can configure the DNS records for these machines this way:

Code: [Select]
#Create a samba user on the webadmin and add him to the Domain Admins group (in my case 'admindc' with password 'admindc')
#Add admindc to the DnsAdmins group:
sudo samba-tool group addmembers DnsAdmins admindc

I have done this really basic script:

Code: [Select]
while IFS=" " read -r name ip
        do
                echo " Creating DNS record for ${name} host with ip ${ip}";
                samba-tool dns add 192.168.1.43 zentyal-domain.lan ${name} A ${ip} --username=admindc --password=admindc &&
                        echo " A record successfully created";


        done< "hosts-list.csv"

 where host-list.csv is this:

Code: [Select]
windows1 192.168.2.2
windows2 192.168.2.3
windows3 192.168.2.4
windows4 192.168.2.5
windows5 192.168.2.6
windows6 192.168.2.7

Locate the script and the host-list.csv on the same folder and run the script. (Remember you have to grant -x permissions to the script)

As a result you have this:

Code: [Select]
root@curso:~# samba-tool dns query localhost zentyal-domain.lan @ ALL --user=admindc --password=admindc
(...)
  Name=, Records=5, Children=0
    SOA: serial=14, refresh=900, retry=600, expire=86400, minttl=3600, ns=curso.zentyal-domain.lan., email=hostmaster.zentyal-domain.lan. (flags=600000f0, serial=14, ttl=3600)
    NS: curso.zentyal-domain.lan. (flags=600000f0, serial=7, ttl=900)
    A: 192.168.1.43 (flags=600000f0, serial=7, ttl=259200)
    A: 192.168.2.1 (flags=600000f0, serial=7, ttl=259200)
    A: 192.168.3.1 (flags=600000f0, serial=7, ttl=259200)
  Name=_kerberos, Records=1, Children=0
    TXT: "zentyal-domain.lan" (flags=f0, serial=1, ttl=259200)
  Name=_msdcs, Records=0, Children=0
  Name=_sites, Records=0, Children=1
  Name=_tcp, Records=0, Children=5
  Name=_udp, Records=0, Children=3
  Name=control, Records=1, Children=0
    A: 192.168.2.250 (flags=f0, serial=7, ttl=259200)
  Name=control2, Records=1, Children=0
    A: 192.168.2.65 (flags=f0, serial=7, ttl=259200)
  Name=curso, Records=3, Children=0
    A: 192.168.1.43 (flags=f0, serial=7, ttl=259200)
    A: 192.168.2.1 (flags=f0, serial=7, ttl=259200)
    A: 192.168.3.1 (flags=f0, serial=7, ttl=259200)
  Name=DomainDnsZones, Records=0, Children=2
  Name=ForestDnsZones, Records=0, Children=2
  Name=windows1, Records=1, Children=0
    A: 192.168.2.2 (flags=f0, serial=9, ttl=900)
  Name=windows2, Records=1, Children=0
    A: 192.168.2.3 (flags=f0, serial=10, ttl=900)
  Name=windows3, Records=1, Children=0
    A: 192.168.2.4 (flags=f0, serial=11, ttl=900)
  Name=windows4, Records=1, Children=0
    A: 192.168.2.5 (flags=f0, serial=12, ttl=900)
  Name=windows5, Records=1, Children=0
    A: 192.168.2.6 (flags=f0, serial=13, ttl=900)
  Name=windows6, Records=1, Children=0
    A: 192.168.2.7 (flags=f0, serial=14, ttl=900)

Do it for the needed records and modify it for other kind of records that you'll need

Cheers!

Hi Doncamilo,

really appreciated your reply and help, but its look like more complicated.
how about if i create dedicated server for dns only hence, zentyal only for domain controller because we want to manage client laptop with GPO that's way we need zentyal for domain controller for manage using RSAT


Regards

doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: DNS with diffrent ip address
« Reply #11 on: August 14, 2019, 09:38:05 pm »
  :-[ Could you explain me your system topology extensely (a detailed graphic would be appreciated) and the problem one more time? I'm re-reading the topic and I fear I don't have understood rightly your issue.  :-[

Really, to keep a process  reading the dhcp leases in order to execute an script based on the samba-tool doesn't seems to me the better of the fixes. (Besides, Zentyal webadmin doesn't reflects these DNS records created by samba-tool)
However, the more I think about it the more i'm convinced that you should search the solution on the Ebox API.
(Obviously this task is undistinguisable of fixing the Zentyal dynamic dns bug) O_o

In relation with the possibility of using another DNS server, be conscious that the Zentyal Domain Controller has to be the DNS server (Samba4 manages the DNS server itself) so, you don't have to install another DNS server, ( it solves anything ). Simply you have to configure DDNS on the BIND9 of the Zentyal Samba4 implementation and the Zentyal DHCP without breaking them (nor Zentyal)
Remember that you have to modify the needed parameters on the Zentyal stubs. (read this: https://doc.zentyal.org/es/appendix-c.html#stubs )
I would like to try this this week end. I'll tell you about it!
Cheers!
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,

cnbx

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: DNS with diffrent ip address
« Reply #12 on: August 15, 2019, 07:13:06 am »
  :-[ Could you explain me your system topology extensely (a detailed graphic would be appreciated) and the problem one more time? I'm re-reading the topic and I fear I don't have understood rightly your issue.  :-[

Really, to keep a process  reading the dhcp leases in order to execute an script based on the samba-tool doesn't seems to me the better of the fixes. (Besides, Zentyal webadmin doesn't reflects these DNS records created by samba-tool)
However, the more I think about it the more i'm convinced that you should search the solution on the Ebox API.
(Obviously this task is undistinguisable of fixing the Zentyal dynamic dns bug) O_o

In relation with the possibility of using another DNS server, be conscious that the Zentyal Domain Controller has to be the DNS server (Samba4 manages the DNS server itself) so, you don't have to install another DNS server, ( it solves anything ). Simply you have to configure DDNS on the BIND9 of the Zentyal Samba4 implementation and the Zentyal DHCP without breaking them (nor Zentyal)
Remember that you have to modify the needed parameters on the Zentyal stubs. (read this: https://doc.zentyal.org/es/appendix-c.html#stubs )
I would like to try this this week end. I'll tell you about it!
Cheers!

topology

i just want user from wireless can join domain, hence from you statement by default if we configure zentyal as domain control it must be include dns in zentyal it self..?

but dhcp server from zentyal to simple, if we have multiple ip address with multiple class it can be done using multiple nic it is correct ...?


Thanks and Regards

cnbx

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Re: DNS with diffrent ip address
« Reply #13 on: September 09, 2019, 11:49:59 am »
is there any solution for this ...?



doncamilo

  • Zen Samurai
  • ****
  • Posts: 478
  • Karma: +165/-1
    • View Profile
Re: DNS with diffrent ip address
« Reply #14 on: September 10, 2019, 02:25:50 pm »
 :)

Hi! I simply forgotten this problem!

Last days I readed a fix for the dynamic DNS for dhcp leases here in the forum ( https://forum.zentyal.org/index.php/topic,31202.msg112401.html#msg112401 ) .

Afterwards I have found that DHCP doesn't check the category of the interface as "internal" as told us the documentation but only the static ip ( read this https://forum.zentyal.org/index.php/topic,34418.msg112343.html#msg112343 )

Let me know about this problem, please.

Cheers!
- Do my pigeons bother you passing over your land?
- They block the sun!

G. Guareschi., Don Camillo.,