DNS issue after fresh install

after a fresh install I am apparently unable to resolve hosts which belong to the same domain, trying to explain below: say my domain is bar.com, and I already have my own DNS server for that zone:

dns1.bar.com
dns2.bar.com

now, I installed UCS (is the only one, i.e. master DC) and gave those two above during installation time (as dns servers), so I ended up with:

# for i in 1 2 3; do ucr get nameserver$i; done
ipadd.of.ucs.host
# for i in 1 2 3; do ucr get dns/forwarder$i; done
ipadd.of.dns1.bar.com
ipadd.of.dns2.bar.com

then, resolving external stuff works, i.e.

# nslookup www.google.com
Server:		ipaddr.of.ucs.host
Address:	ipaddr.of.ucs.host#53

Non-authoritative answer:
Name:	www.google.com
Address: 172.217.23.164

however trying the same for other hosts in my domain fails, i.e:

# nslookup foo.bar.com
Server:		ipaddr.of.ucs.host
Address:	ipaddr.of.ucs.host#53

** server can't find foo.bar.com: NXDOMAIN

I probably missed something trivial in the setup, any suggestion/advice?
Many thanks in advance.
A.

PS: I have read the How-To: Set Correct Nameserver and Forwarder Entries for UCS Servers
PS2: if I set nameserver (via ‘ucr set …’ ) to one of my already exisitng DNS servers all works.

Hi,

you are having a concept misunderstanding. UCS has to be the authoritative nameserver for your domain!
Using an external nameserver for the same domain will not work.

Let’s say you join some clients to your UCS domain (or just install additional UCS server)- they should be resolvable by name. So your UCS creates an entry in it’s configuration and it can be resolved. But as UCS sees itself as authoritative it “knows” about ALL entries. And if there is not “foo.bar.com” configured in UCS you will get the error: NXDOMAIN.

So you have three ways:

1. Re-install your UCS domain as a subdomain of your main domain (ie sub.bar.com) and your ucs will then be named “ucs.sub.bar.com”.
2. Re-install your UCS domain as a complete different domain (ie bar.internal), so you have the same result and bar.com will be treated as an external zone.
3. Sync your entries from your existing nameservers to your UCS server (has to be done manually!) and then you will have in your UCS domain the names as desired.

MY suggestion if it does not change too frequently: choose option 3.

/CV

ach, ok, that was indeed not clear at all for me … I’ll then try to work out a way forward via option 3 as you suggested. Just to be 100% sure, If you could please confdirm on where to write to sync’ed data on the ucs host I would appreciate (I guess in a db file under /etc/bind?) and then how to reload bind (ucs command or usual systemctl reload … )?

Thanks
A.

Hi,

best use the web interface (“UMC”) to edit your DNS. It is really easy to do so. And by “sync” I mean manually editing and syncing…
And service can be reloaded there, too.

/CV

Hi,

looks like you are familar with Liinux. So you usually can use your well-known commands for services restart (ie systemctl restart bind9) and so on.
For Univention you usually have the condiguration data stored in LDAP where the daemons get it from (dhcpd, bind9). Very often you have the possibility to create so called “local…” files with manual settings to overwrite or add desired settings.
The original configurations files should not be touched as they get frequently re-written based on LDAP configuration data.

KNEBB

ok, so if I already have 3 authoritative DNS server in my domain (one master, two slaves), can I then configure UCS to act as a 3rd slave? Would that suffice?

No. Again: UCS is the authoritative one. If a host name is not registered in UCS it answers as “NXDOMAIN”. No matter what the other ones say.

/CV