Samba Internal DNS - Systemd resolve safe to disable?

Question

So I had a Ubuntu 16.04 instance running a samba ad dc, I upgraded to 18.04 and when starting samba I was getting the error;

[2018/12/27 11:09:56.483755, 0] ../source4/dsdb/dns/dns_update.c:290(dnsupdate_nameupdate_done)
../source4/dsdb/dns/dns_update.c:290: Failed DNS update - with error code 110

After some digging and running sudo lsof -i :53 I could see

systemd-r  767 systemd-resolve   12u  IPv4  18656      0t0  UDP 127.0.0.53:domain 
systemd-r  767 systemd-resolve   13u  IPv4  18657      0t0  TCP 127.0.0.53:domain (LISTEN)
samba     1594            root   36u  IPv6  23058      0t0  TCP *:domain (LISTEN)
samba     1594            root   38u  IPv6  23059      0t0  UDP *:domain

Which lead me to disable systemd-resolve using the instructions here, this has fixed all my problems within the network (other domain machines not being able to apt-get update etc) but im worndering is disabling systemd-resolve safe ?

Edit

This is a VM running on vsphere 6.0 its a bridged networked. Netplan folder is empty after the upgrade (which Ive just remembered should have to be set) the old network details /etc/network/interfaces is set to;

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto ens160
iface ens160 inet static
address 192.168.2.23
netmask 255.255.255.0
gateway 192.168.2.254

dns-nameservers 192.168.2.23
dns-search MYDOMAINNAME.co.uk

I can manually set the resolv.conf (after removing the sym link) to the following and it works

nameserver 192.168.2.23
nameserver 127.0.0.53
search MYDOMAIN.co.uk
DNSStubListener=no

heynnema · Answer 1 · 2022-05-04T18:36:59.293

5

Re-enable systemd-resolve.

Two possibilities...

Regarding dnsmasq and systemd-resolved...

Do a ps auxc | grep -i dns and ps auxc | grep -i resolv and look for dnsmasq and systemd-resolved, and if both are running, you need to disable the DNS part of systemd-resolved by editing /etc/systemd/resolved.conf and...

change:

#DNSStubListener=yes

to:

DNSStubListener=no

then restart systemd-resolve and dnsmasq, or reboot.

you MAY need to reset the symlink that is /etc/resolv.conf (if dnsmasq is not running)...

sudo mv /etc/resolv.conf /etc/resolv.conf.OLD # save the old symlink

sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf # create new symlink

Update #1:

Many details of this installation came forward in the comments, and we still don't have a final working solution. Here are some points to recognize...

DNSStubListener=no does not belong in /etc/resolv.conf. (/etc/resolv.conf should not (normally) be edited directly). It's an edit to /etc/systemd/resolved.conf. DNS= can also be edited there to add DNS server addresses.

/etc/resolv.conf should be a symlink, linked to one of two possible locations in /run.

NEW -> /run/systemd/resolve/resolv.conf
OLD -> ../run/resolvconf/resolv.conf

and should contain either 127.0.0.53 (or 127.0.0.1 if dnsmasq was running), or DNS nameserver addresses, or your router's address (ex: 192.168.1.1)

If you're going to use NetworkManager instead of netplan, then /etc/netplan should contain at least one .yaml file containing...

network:
  version: 2
  renderer: NetworkManager

followed by...

sudo netplan generate # generate config files

sudo netplan apply # apply configuration

If you're using NetworkManager, then /etc/NetworkManager/NetworkManager.conf should exist... and should look something like...

[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=false
[device]
wifi.scan-rand-mac-address=no

If dnsmasq AND systemd-resolve are running, then you should do #1 in my answer.

If dnsmasq is not running, and systemd-resolve is running, then you should do #2 in my answer.

edited May 04 '22 at 18:36

answered Dec 27 '18 at 11:59

heynnema

70,711

When i run ps auxc | grep -i dns there is no output (pressumeably because I have disabled systemd-resolve, I will try this a minute when a machine has finished its upgrade – Dan Dec 27 '18 at 12:14
That command is looking for dnsmasq. You must not be running it. Re-enable systemd-resolve, and then cat /etc/resolv.conf and you'll probably see 127.0.0.53 indicating that systemd-resolve is managing /etc/resolv.conf. Try item #2 in my answer then. – heynnema Dec 27 '18 at 12:40
/run/systemd/resolve/ doesn't exist but i restored the original resolv.conf adding the line DNSStubListener=no and this appears to have fixed the issue – Dan Dec 27 '18 at 12:46
@Dan That should be /run/systemd/resolve/resolv.conf, It will only be there if systemd-resolve is running. Great news! Please remember to accept my answer. Thanks! – heynnema Dec 27 '18 at 12:53
Just rebooted and tried again, thanks for the help! – Dan Dec 27 '18 at 12:59
@Dan Just curious... what does cat /etc/resolv.conf show? – heynnema Dec 27 '18 at 13:00
it shows the usual spiel and then ## No DNS servers known. but samba_dnsupdate works along with the rest of the samba and the network using the server for dns ? – Dan Dec 27 '18 at 13:02
@Dan That's why I asked about /etc/resolv.conf. Show me the cat as it is now. Then remove the DNSStubListener=no, restart systemd-resolve, and show me the catagain. I want to see /etc/resolv.conf before AND after systemd-resolve is restarted. Also see if /run/systemd/resolve/resolv.conf exists. – heynnema Dec 27 '18 at 13:06
/run/systemd/resolve/resolv.conf now exists, this has broken the setup both before and after DNSStubListener=no it shows # No DNS servers known. it has broken it because re-allowing DNSStubListener has blocked the port for samba – Dan Dec 27 '18 at 13:10
@Dan You're not following my instructions exactly. I wanted you to remove DNSStubListener=no, restart systemd-resolve, and I asked for TWO cat /etc/resolv.conf from before and after systemd-resolve has been restarted. Now I also need cat /run/systemd/resolve/resolv.conf. Exactly when do you see the "no DNS servers known" error message? – heynnema Dec 27 '18 at 13:15
I followed your instructions and im saying regardless of whether the DNSStubListener is enabled / disabled it shows #No DNS servers known. When I cat the file /run/systemd/resolve/resolv.conf it says #No DNS servers known. – Dan Dec 27 '18 at 13:17
@Dan ah, I get it. Are you using wired or wireless connection? Is your computer connected to a hub/switch/router/modem? Is your connection profile set to DHCP? – heynnema Dec 27 '18 at 13:21
@Dan I just looked back to your question, and when you did the instructions at the link you gave, did you do "Then put the following line in the [main] section of your /etc/NetworkManager/NetworkManager.conf: dns=default". If so, that's probably one reason why it's broken. Unfortunately DNS is really broken in 18.xx, and sometimes it takes some playing around like we're doing to get it working mostly. – heynnema Dec 27 '18 at 13:37
This is a vm using 18.04.1 there is no NetworkManager folder, this was solved simply by setting DNSStubListener=no as its spawning a process thats blocking port 53 – Dan Dec 27 '18 at 13:50
@Dan Ah again. More good details to know. Does DNS work on your host machine? What OS is your host... Windows or Ubuntu or something else? Is this Virtualbox, and if so, is your network setting set to NAT or something else? – heynnema Dec 27 '18 at 13:56
@Dan edit your question to include cat /etc/netplan/*.yaml. Thanks. – heynnema Dec 27 '18 at 14:00
please see the edit question this is a production server so I may have to manually make the resolv.conf with DNSStubListener=no – Dan Dec 27 '18 at 14:13
@Dan I've added a semi-detailed Update #1 to my answer. Please review it and make sure that it matches your current/final configuration. Ask questions if you like. – heynnema Dec 27 '18 at 14:43

Samba Internal DNS - Systemd resolve safe to disable?

Edit

1 Answers1