Domain Join Tool - DNS 127.0.0.53 - How to handle it?

UCS - Univention Corporate Server
#1

I am writing this post to get some feedback on the domain join tool. I am using Xubuntu 18.04 and I was getting the DNS and DHCP from UCS. However, Network Settings was showing 127.0.0.53 and not my UCS DNS’s. I was able to solve the problem by:

sudo systemctl disable systemd-resolved
sudo apt-get install resolvconf

printf \
"nameserver 10.75.16.240\n\
nameserver 10.55.16.240\n\
nameserver 10.55.24.240\n\
search domainname.local\n" > /etc/resolvconf/resolv.conf.d/tail;

Which then got rid of the 127.0.0.53 leaving me with this:

image

Up to this point, I was able to join the PC into the domain with no errors and was able to login with a domain user.

Is this the right way of doing this? Is there a better way?

Thanks,

Carlos

Ubuntu Join, wo soll nun resolv.conf hinzeigen?
#2

Hi,

have you used the latest version of the Ubuntu-Join-Tool? I guess it was released a week ago or so. Especially with domains ending with “.local” there has been an issue about DNS configuration.

I do not know the differences between Xubuntu and Ubuntu, but officially supported is Ubuntu, no other distros.

IP 127.0.0.53 is the default internal DNS-resolve of systemd and as long as you have configured your network properly this should work fine.

Am I right you have three nameservers serving your UCS-Domain? Do all three reply the same information regarding the domain?

Again, if running in an supported environment with the latest release this should work even with 127.0.0.53.

Greetings

/CV

#3

Hi @Christian_Voelker,
Answers below:

Yes. I have followed the instructions from here.

As far as I can tell, Xubuntu uses XFCE. I honestly don’t know if that will make a difference. It seems not as I am getting the same results with Ubuntu.

How can I check this? I am using UCS’s DHCP and DNS for my Xubuntu client. As far as I can tell all works well.

Correct. 1 Master, 2 Backups and 1 slave. The first three are my name servers at this site.

Can you specify what test do you want me to perform to confirm this? As far as I can tell they all work well and talk to each other well and do replication well. In fact, I have created users in the backup DCs and the master has sync that info.

I have created a new VM (Xubuntu) just to test the 127.0.0.53 DNS problem again. This is the error I am getting without disabling systemd-resolved, installing resolvconf and writing my settings to the tail file:

image

image

I created a Ubuntu VM 18.04.1 and the results are exactly the same where there is the same problem with 127.0.0.53.

It works by disabling systemd-resolved, installing resolvconf and writing my settings to the tail file.

Carlos

#4

Strange. Before you disable the systemd-resolver could you verify it resolves properly?

dig @127.0.0.53 master.your.domain

There is a bug regarding this issue, see here. But it should be fixed, so I was asking about you using the latest version.

/CV

#5

Hi,
This is what I get:
image

Maybe it’s the .local thing that still needs working? This is what I have for nsswitch.conf:

image

I am using the latest version (I think). Is 1.0-16ubuntu1 the latest version? This is what apt-get installed.

So I am not sure if I should mess around with nsswitch or just disable systemd-resolved? If I disable systemd-resolved things work on my end. I have not encountered a problem yet. Nevertheless, this seems to be annoying a few people. Check here where it says: I vote for changing it from “Low” to “Insanely broken and wrong” (post 32).

Carlos

#6

Hi,

thanks for pointing out to the Ubuntu Bug- the bug in UCS is again under development.

So far until a reliable solution has been found I would suggest to disable systemd-resolver, too. And make sure the 127.0.0.53 entry in /etc/resolv.conf has gone away.
Just a workaround, but should be functional.

Oh, and besides of this: if you have any chance rename your domain- do NOT use .local as “ending”. As seen here this causes serious issues (and I bet in upcoming releases it will cause some more trouble).

/CV

#7

Thanks again @Christian_Voelker! I will start over the domain (instead of renaming it) because of what I have found here. My domain is not in production so it should be very easy to start over again. What ending should I be using? Just anything that is not local?

#8

See here. AS suggested I would just use the “official” domain of your company (ie mycompany.com) and add a PREfix so it goes to lan.mycompany.com.

/CV

Mastodon