How-To: Set Correct Nameserver and Forwarder Entries for UCS Servers

Knowledge Base Community
, ,
#1

How to set correct nameserver and forwarder entries for UCS servers

UCS (and ActiveDirectory) relies on reliable DNS resolving. It is very important to have DNS up and running correctly.

Foreword

You can fix the UCS-domain and forward DNS servers by running the following script:

/usr/share/univention-server/univention-fix-ucr-dns

Step 1: Set forwarder

The forwarder will resolve all non-local domains so you will be able to access Internet services. You have to decide if you use the DNS server of your Internet provider or if you use some public available servers.
Ideally, you should set at least a second forwarder as fallback in case of failure. If you have a choice, use the DNS servers close to your geographical location.
Note: Usually this is NOT a UCS server!

ucr set dns/forwarder1=45.33.97.5 \
        dns/forwarder2=51.15.98.97 \
        dns/forwarder3=208.67.222.222

Step 2: Set nameserver for your local network

On each UCS server (except member server) you should set it’s own IP as first nameserver and then add the IP addresses of other UCS hosts in order to get some load balancing and fallback in case of failure. You should NOT use the localhost address (127.0.0.1) here:

ucr set nameserver1=<IP of this UCS server> \
        nameserver2=<IP of other UCS server> \
        nameserver3=<IP of third UCS server>

For UCS systems with the role “Member server” use the IP addresses of a UCS Master, Backup and/or Slave of your domain.

Step 3: Define the nameserver for your clients

No matter if you assign IP-adresses to your clients by DHCP (even a non-UCS DHCP server) or manually. Your clients should use the UCS servers as DNS server (“nameserver”).

Check for Windows:

C:\Users\foo@multi.ucs>ipconfig /all

Windows-IP-Konfiguration

   Hostname  . . . . . . . . . . . . : bar
   Primäres DNS-Suffix . . . . . . . : multi.ucs     <-- UCS domain
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein
   DNS-Suffixsuchliste . . . . . . . : multi.ucs     <-- UCS domain

Ethernet-Adapter Ethernet:
[...]
   Verbindungsspezifisches DNS-Suffix: multi.ucs     <-- UCS domain
[...]
   DHCP-Server . . . . . . . . . . . : 192.168.9.10    <--- UCS server!

Check for Ubuntu-Linux:

foo@bar:~$ systemd-resolve --status
[...]
Link 6 (tun1)
      Current Scopes: DNS
       LLMNR setting: yes
MulticastDNS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
         DNS Servers: 192.168.9.10 # Should be a UCS server!
                      192.168.9.100 # Should be a UCS server!
                      192.168.1.10 # Should be a UCS server!
          DNS Domain: multi.ucs # Should be your UCS domain!
3 Likes
UCS does not solve any domain/host
Big trouble with UCS as DNS Server
UCS multisite network architecture
Problem: DNS Queries Are very Slow Through UCS
Udn replication error
DNS issue after fresh install
DNS forwarding not working, how to debug?
DNS does not work for all ip's
UCS 4.4/Kopano - DNS
Problem: Join Gives Error or Users Can Not Login Sometimes or Join Fails
Mastodon