2 Replies Latest reply: Jul 7, 2014 11:01 AM by Andrew Watkins RSS

    Strange problem with DNS and _ldap._tcp

    Andrew Watkins

      Hello,

       

      I noticed that one of my zones would not allow user authentication via LDAP (I use Active Directory) and after some looking all the zones on this hardware had the same problem. Looking at the global zone I noticed a problem with DNS which may be the problem but I do not understand it?

       

      The global zone only has DNS and no LDAP and no Kerberos:

       

      # nslookup -debug -query=any _ldap._tcp

      Server:         193.61.29.134

      Address:        193.61.29.134#53

      ------------

          QUESTIONS:

              _ldap._tcp, type = ANY, class = IN

          ANSWERS:

          AUTHORITY RECORDS:

          ->  .

              origin = a.root-servers.net

              mail addr = nstld.verisign-grs.com

              serial = 2014070700

              refresh = 1800

              retry = 900

              expire = 604800

              minimum = 86400

              ttl = 899

          ADDITIONAL RECORDS:

      ------------

      ** server can't find _ldap._tcp: NXDOMAIN

       

      # cat /etc/resolve.conf (via svc:/network/dns/client:default)

      domain  dcs.bbk.ac.uk

      search  dcs.bbk.ac.uk

      nameserver      193.61.29.134

      nameserver      193.61.29.136

      nameserver      193.61.29.37

       

       

      What I other system give me is:

      # nslookup -debug -query=any _ldap._tcp

      Server:        193.61.29.134

      Address:    193.61.29.134#53

       

      ------------

          QUESTIONS:

          _ldap._tcp, type = ANY, class = IN

          ANSWERS:

          AUTHORITY RECORDS:

          ->  .

          origin = a.root-servers.net

          mail addr = nstld.verisign-grs.com

          serial = 2014070700

          refresh = 1800

          retry = 900

          expire = 604800

          minimum = 86400

          ttl = 718

          ADDITIONAL RECORDS:

      ------------

      ** server can't find _ldap._tcp: NXDOMAIN

      Server:        193.61.29.134

      Address:    193.61.29.134#53

       

      ------------

          QUESTIONS:

          _ldap._tcp.dcs.bbk.ac.uk, type = ANY, class = IN

          ANSWERS:

          ->  _ldap._tcp.dcs.bbk.ac.uk

          service = 0 100 389 gordon.dcs.bbk.ac.uk.

          ttl = 600

          ->  _ldap._tcp.dcs.bbk.ac.uk

          service = 0 100 389 dcsntdc01.dcs.bbk.ac.uk.

          ttl = 600

          ->  _ldap._tcp.dcs.bbk.ac.uk

          service = 0 100 389 dcsntdclkl.dcs.bbk.ac.uk.

          ttl = 600

          ->  _ldap._tcp.dcs.bbk.ac.uk

          service = 0 100 389 dcsntdc02-v.dcs.bbk.ac.uk.

          ttl = 600

          AUTHORITY RECORDS:

          ADDITIONAL RECORDS:

          ->  gordon.dcs.bbk.ac.uk

          internet address = 193.61.29.37

          ttl = 3600

          ->  dcsntdc01.dcs.bbk.ac.uk

          internet address = 193.61.29.134

          ttl = 3600

          ->  dcsntdclkl.dcs.bbk.ac.uk

          internet address = 193.61.44.8

          ttl = 3600

          ->  dcsntdc02-v.dcs.bbk.ac.uk

          internet address = 193.61.29.136

          ttl = 3600

      ------------

      _ldap._tcp.dcs.bbk.ac.uk    service = 0 100 389 gordon.dcs.bbk.ac.uk.

      _ldap._tcp.dcs.bbk.ac.uk    service = 0 100 389 dcsntdc01.dcs.bbk.ac.uk.

      _ldap._tcp.dcs.bbk.ac.uk    service = 0 100 389 dcsntdclkl.dcs.bbk.ac.uk.

      _ldap._tcp.dcs.bbk.ac.uk    service = 0 100 389 dcsntdc02-v.dcs.bbk.ac.uk.

       

      Problem is I am not sure what I should look at since I thought with a DNS client I would only need to modify svc:/network/dns/client:default.

       

      Any pointer at what else I should look at?

       

      Thanks,

       

      Andrew