cannot resolve Active Directory realm name with large number of A records

Bug #1801495 reported by Jason Haar on 2018-11-03
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
trace-summary (Ubuntu)
Undecided
Unassigned

Bug Description

We have 3 Active Directory "realms". One has 25 domain controllers/DNS servers and the other two both have 35+. The way that AD works means this creates DNS 'A' records for the realm name that resolves to all the Domain Controllers/DNS servers that service it (ie a DNS name with many A records).

If we have a fully patched/updated Ubuntu-18.04.1 system, running "nslookup small.realm.name" returns the 25 DNS servers, and life is good. Running "nslookup large.realm.name" works - but only returns 30 DNS servers (out of 35+). Running the same command on a CentOS-6 system (ie no systemd) returns 35+ DNS servers. So that's a (minor) bug?

...but ping and other real applications are the real problem - they don't work at all in the larger realms. "ping small.realm.name" works fine, but "ping large.realm.name" returns "Temporary failure in name resolution". Also telnet, etc doesn't work. "ping servername.large.realm.name" works fine - just the domain name itself doesn't work - which makes me think it's related to the number of A records being returned.

We are trying to add these Ubuntu laptops to our AD domains - which requires several calls to "large.realm.name" - which is failing - but so far can only get it to work in small.realm.name due to this issue. I think this is a systemd-resolved bug? (237-3ubuntu10.3)

Thanks

Jason

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers