<div dir="ltr"> So, after a week of searching, I found it. It seems that Corporate changed some firewalls and blocked my subnet's ability to access 1/2 of the DNS servers. My laptop ( linux ) looks like it was cached to a working DNS server and was happy. The windows machines I was testing on were hitting the blocked servers. Of course they swear it never changed though I have logs from my initial setup showing they worked 2 weeks ago. /facepalm....<br><div><br></div><div><br></div><div>Thanks for the help guys.</div><div><br></div><div>Robert</div><div><br></div></div><br><div class="gmail_quote">On Wed, Mar 4, 2015 at 6:47 AM Lightner, Jeff <<a href="mailto:JLightner@dsservices.com">JLightner@dsservices.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">+1<br>
<br>
Given the plethora of new TLDs already created there's already an issue with some internal IPs being exposed to internet and vice-versa causing issues for folks using domains they haven't registered even for "domain" as used by your Windows Domain Controllers. Many used internal .net for that and once someone has registered that domain outside it is apt to cause oddities in your Windows DNS lookups. In fact there is a report ICANN did regarding opening new TLDs where they specifically recommend against allowing ".home" and ".corp" as so many were known to be using those.<br>
<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:ale-bounces@ale.org" target="_blank">ale-bounces@ale.org</a> [mailto:<a href="mailto:ale-bounces@ale.org" target="_blank">ale-bounces@ale.org</a>] On Behalf Of Michael Trausch<br>
Sent: Tuesday, March 03, 2015 9:39 PM<br>
To: Atlanta Linux Enthusiasts<br>
Subject: Re: [ale] Linux Bind9 and Windows .local dns?<br>
<br>
If you can't control it, change it. Get a map of needed addresses and load a DNS server up serving a .foo TLD that doesn't conflict with any of the several hundred TLDs available or available to be. Wait, no. Don't. Why? This is why. Conflict.<br>
<br>
Best practice: use a registered domain and create an .int.foo.tld DNS tree. That's the only sane and future proof solution.<br>
<br>
Sent from my iPad<br>
<br>
> On Mar 3, 2015, at 9:52 AM, Derek Atkins <<a href="mailto:warlord@mit.edu" target="_blank">warlord@mit.edu</a>> wrote:<br>
><br>
> Try to set up a wireshark session to see who the windows box is<br>
> actually asking. Is it using mDNS or is it asking the configured DNS Server?<br>
> Once you see what's going over the network you might better see where<br>
> the issue is and try to fix it.<br>
><br>
> -derek<br>
><br>
> "Robert L. Harris" <<a href="mailto:robert.l.harris@gmail.com" target="_blank">robert.l.harris@gmail.com</a>> writes:<br>
><br>
>> Corp is using .local for some internal services such as a key file<br>
>> server. I have no control over it.<br>
>><br>
>> The first key issue I'm seeing is a windows box on my 172.27 subnet<br>
>> can ping the file server but trying to do a dns lookup on the<br>
>> hostname is failing to resolve. As a result all the procedures that<br>
>> tell my manufacturing users to open "\\share.local\Manufacturing"<br>
>> fail and updating them to do \\ 10.bbb.ccc.ddd\Manufacturing" would cause a lot more pain than it's worth.<br>
>><br>
>> My Linux bind server has the windows domain servers as the upstream<br>
>> dns in my resolv.conf but I've never had to deal with this type of<br>
>> forwarding before so I'm not sure where the breakage is.<br>
>><br>
>> Unfortunately we have critical documents on the shared server and I<br>
>> need to get it working this way.<br>
>><br>
>> Robert<br>
>><br>
>> On Mon, Mar 2, 2015 at 11:59 AM LnxGnome <<a href="mailto:lnxgnome@hopnet.net" target="_blank">lnxgnome@hopnet.net</a>> wrote:<br>
>><br>
>> .local is a concept of multicast DNS. If the host.local speaks mDNS, it<br>
>> should be responding to those replies for itself. This works find for a<br>
>> small shared LAN.<br>
>><br>
>> If you have a distributed / firewalled network that isn't passing mDNS<br>
>> between segments, that is probably causing your problem. In this<br>
>> situation, don't use ".local".<br>
>><br>
>> --LnxGnome<br>
>><br>
>> On 3/2/15 12:35 PM, Robert L. Harris wrote:<br>
>><br>
>> I've set up a bind9 server ( Ubuntu ) for a subnet ( 172.27/16 ) at<br>
>> work to support some lab space. I've found a problem where it seems<br>
>> some Windows boxes are not correctly resolving the corp.local domain<br>
>> even though I'm referencing the corp dns servers and <a href="http://internal.corp.com" target="_blank">internal.corp.com</a><br>
>> works just fine, just not the .local. I can access with \\<br>
>> aaa.bbb.ccc.dd\share correctly and ping aaa.bbb.ccc.ddd without issue.<br>
>><br>
>> Anyone seen this or have a link? Googling "linux bind9 windows domain"<br>
>> provides a lot of red herrings.<br>
>><br>
>> Robert<br>
>><br>
>> ______________________________<u></u>_________________<br>
>> Ale mailing list<br>
>> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo/ale</a><br>
>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo</a><br>
>><br>
>> ______________________________<u></u>_________________<br>
>> Ale mailing list<br>
>> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo/ale</a><br>
>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo</a><br>
>><br>
>> ______________________________<u></u>_________________<br>
>> Ale mailing list<br>
>> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo/ale</a><br>
>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo</a><br>
><br>
> --<br>
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory<br>
> Member, MIT Student Information Processing Board (SIPB)<br>
> URL: <a href="http://web.mit.edu/warlord/" target="_blank">http://web.mit.edu/warlord/</a> PP-ASEL-IA N1NWH<br>
> <a href="mailto:warlord@MIT.EDU" target="_blank">warlord@MIT.EDU</a> PGP key available<br>
><br>
> ______________________________<u></u>_________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo</a><br>
<br>
______________________________<u></u>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo</a><br>
<br>
______________________________<u></u>_________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/<u></u>listinfo</a><br>
</blockquote></div>