Discussion:
[Dnsmasq-discuss] dnsmasq and samba internal dns server on the same machine
Yann Lehmann
2016-04-24 16:42:40 UTC
Permalink
Hi

I am trying to setup a computer to act as an active directory controller
with samba (which brings an internal DNS server), but I also need it to
work as a dhcp server.

I have found how to set up the machine to have samba respond to dns
requests for the records it knows and forward queries for external
addresses to dnsmasq.

According to this [1], I have set up a 'lo:0' loopback interface with
address '127.0.0.5'.

dnsmasq is only listening on this address ('listen-address=127.0.0.5'
and 'bind-interfaces' are both set in '/etc/dnsmasq.conf').

samba is restricted to listen on 'eth0' and 'lo' only.

This seems to work fine for dns queries.

A dig query from the host itself for an address known by samba's
internal dns server (for example '_kerberos._tcp.mydomain') gets
answered by the "server" '127.0.0.1#53(127.0.0.1)' and nothing gets
logged by dnsmasq.

A query for an address unknown by samba's dns server gets forwarded to
dnsmasq, which itself forwards it to my ISP's dns servers (according to
the log of dnsmasq).

Unfortunately, dnsmasq doesn't respond to dhcp-requests.

Is there a way to enable only dns-requests on the 'lo:0' interface and
only dhcp-requests on the 'eth0' interface ?

Thanks and regards
Yann
Albert ARIBAUD
2016-04-24 17:55:00 UTC
Permalink
Hi Yann,

Le Sun, 24 Apr 2016 18:42:40 +0200
Post by Yann Lehmann
Hi
I am trying to setup a computer to act as an active directory
controller with samba (which brings an internal DNS server), but I
also need it to work as a dhcp server.
I have found how to set up the machine to have samba respond to dns
requests for the records it knows and forward queries for external
addresses to dnsmasq.
According to this [1], I have set up a 'lo:0' loopback interface with
address '127.0.0.5'.
dnsmasq is only listening on this address ('listen-address=127.0.0.5'
and 'bind-interfaces' are both set in '/etc/dnsmasq.conf').
samba is restricted to listen on 'eth0' and 'lo' only.
This seems to work fine for dns queries.
A dig query from the host itself for an address known by samba's
internal dns server (for example '_kerberos._tcp.mydomain') gets
answered by the "server" '127.0.0.1#53(127.0.0.1)' and nothing gets
logged by dnsmasq.
A query for an address unknown by samba's dns server gets forwarded
to dnsmasq, which itself forwards it to my ISP's dns servers
(according to the log of dnsmasq).
Unfortunately, dnsmasq doesn't respond to dhcp-requests.
Is there a way to enable only dns-requests on the 'lo:0' interface
and only dhcp-requests on the 'eth0' interface ?
There is a way to disable DHCP on a given interface: option -2 aka
--no-dhcp-interface will allow you to do that.

I don't know of a way to disable DNS on a specific interface. There is
a way to disable it globally (-p aka --port, set port to 0 to disable).

But -p can also be used to make dnsmasq respond on a nonstandard DNS
port (again, globally IIUC). Therefore, you set dnsmasq to run on e.g.
port 553, and have samba use that port for its upstream queries to
dnsmasq.

But then... you don't need two loopback interfaces any more: you can
run both services on lo, since they won't be serving the same port any
more.
Post by Yann Lehmann
Thanks and regards
Yann
NP, HTH.

Amicalement,
--
Albert.
Yann Lehmann
2016-04-26 09:48:53 UTC
Permalink
Hi Albert,

Thank you for your suggestion.
Post by Albert ARIBAUD
There is a way to disable DHCP on a given interface: option -2 aka
--no-dhcp-interface will allow you to do that.
I don't know of a way to disable DNS on a specific interface. There is
a way to disable it globally (-p aka --port, set port to 0 to disable).
A --no-dns-interface option would be what I need :-).
Post by Albert ARIBAUD
But -p can also be used to make dnsmasq respond on a nonstandard DNS
port (again, globally IIUC). Therefore, you set dnsmasq to run on e.g.
port 553, and have samba use that port for its upstream queries to
dnsmasq.
Unfortunately, samba seems to have the port 53 hardcoded (found a
mention of this on the net). I have tried to append a different port
number to the address samba uses as its DNS forwarder (and having
dnsmasq listening on that port), with no success.
Post by Albert ARIBAUD
But then... you don't need two loopback interfaces any more: you can
run both services on lo, since they won't be serving the same port any
more.
I guess I will have to redirect all queries from samba to its DNS
forwarder on port 53 to another port and have dnsmasq listen on it, as
suggested here:

https://medium.com/matematica-e-informatica/dnsmasq-and-samba4-ad-dc-74e69d46a1db#.v64phzaht

(I forgot to put the link in my first post)

But that will be another step on the path...

Thanks again and regards



PS: sorry Albert, I repost to the list

Loading...