Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Strange problem with DNS and _ldap._tcp

Andrew WatkinsJul 7 2014 — edited Jul 7 2014

Hello,

I noticed that one of my zones would not allow user authentication via LDAP (I use Active Directory) and after some looking all the zones on this hardware had the same problem. Looking at the global zone I noticed a problem with DNS which may be the problem but I do not understand it?

The global zone only has DNS and no LDAP and no Kerberos:

# nslookup -debug -query=any _ldap._tcp

Server:         193.61.29.134

Address:        193.61.29.134#53

------------

    QUESTIONS:

        _ldap._tcp, type = ANY, class = IN

    ANSWERS:

    AUTHORITY RECORDS:

    ->  .

        origin = a.root-servers.net

        mail addr = nstld.verisign-grs.com

        serial = 2014070700

        refresh = 1800

        retry = 900

        expire = 604800

        minimum = 86400

        ttl = 899

    ADDITIONAL RECORDS:

------------

** server can't find _ldap._tcp: NXDOMAIN

# cat /etc/resolve.conf (via svc:/network/dns/client:default)

domain  dcs.bbk.ac.uk

search  dcs.bbk.ac.uk

nameserver      193.61.29.134

nameserver      193.61.29.136

nameserver      193.61.29.37

What I other system give me is:

# nslookup -debug -query=any _ldap._tcp

Server:        193.61.29.134

Address:    193.61.29.134#53

------------

    QUESTIONS:

    _ldap._tcp, type = ANY, class = IN

    ANSWERS:

    AUTHORITY RECORDS:

    ->  .

    origin = a.root-servers.net

    mail addr = nstld.verisign-grs.com

    serial = 2014070700

    refresh = 1800

    retry = 900

    expire = 604800

    minimum = 86400

    ttl = 718

    ADDITIONAL RECORDS:

------------

** server can't find _ldap._tcp: NXDOMAIN

Server:        193.61.29.134

Address:    193.61.29.134#53

------------

    QUESTIONS:

    _ldap._tcp.dcs.bbk.ac.uk, type = ANY, class = IN

    ANSWERS:

    ->  _ldap._tcp.dcs.bbk.ac.uk

    service = 0 100 389 gordon.dcs.bbk.ac.uk.

    ttl = 600

    ->  _ldap._tcp.dcs.bbk.ac.uk

    service = 0 100 389 dcsntdc01.dcs.bbk.ac.uk.

    ttl = 600

    ->  _ldap._tcp.dcs.bbk.ac.uk

    service = 0 100 389 dcsntdclkl.dcs.bbk.ac.uk.

    ttl = 600

    ->  _ldap._tcp.dcs.bbk.ac.uk

    service = 0 100 389 dcsntdc02-v.dcs.bbk.ac.uk.

    ttl = 600

    AUTHORITY RECORDS:

    ADDITIONAL RECORDS:

    ->  gordon.dcs.bbk.ac.uk

    internet address = 193.61.29.37

    ttl = 3600

    ->  dcsntdc01.dcs.bbk.ac.uk

    internet address = 193.61.29.134

    ttl = 3600

    ->  dcsntdclkl.dcs.bbk.ac.uk

    internet address = 193.61.44.8

    ttl = 3600

    ->  dcsntdc02-v.dcs.bbk.ac.uk

    internet address = 193.61.29.136

    ttl = 3600

------------

_ldap._tcp.dcs.bbk.ac.uk    service = 0 100 389 gordon.dcs.bbk.ac.uk.

_ldap._tcp.dcs.bbk.ac.uk    service = 0 100 389 dcsntdc01.dcs.bbk.ac.uk.

_ldap._tcp.dcs.bbk.ac.uk    service = 0 100 389 dcsntdclkl.dcs.bbk.ac.uk.

_ldap._tcp.dcs.bbk.ac.uk    service = 0 100 389 dcsntdc02-v.dcs.bbk.ac.uk.

Problem is I am not sure what I should look at since I thought with a DNS client I would only need to modify svc:/network/dns/client:default.

Any pointer at what else I should look at?

Thanks,

Andrew
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 4 2014
Added on Jul 7 2014
#oracle-solaris, #solaris-11
2 comments
1,578 views