NetworkManager and Fedora – Great Lynx Designs

DNS, Identity, and Samba AD DC Interactions

Purpose of This Page

This page documents how NetworkManager, as used on Fedora-based systems, interacts with DNS, hostname resolution, and network configuration in a Samba Active Directory Domain Controller (AD DC) environment.

NetworkManager is not merely a convenience layer. On modern Fedora systems, it actively mediates DNS behavior, resolver configuration, and interface state. These behaviors can directly affect Samba AD DC operation, Kerberos authentication, and client domain joins—sometimes in non-obvious ways.

This page exists to surface those interactions and to document safe assumptions and boundaries.

Why NetworkManager Matters for Samba AD

Samba AD DC relies on several network invariants:

Stable IP addressing
Predictable DNS resolution
Consistent hostname identity
Clear separation between authoritative DNS and upstream resolvers

NetworkManager sits directly in the path of all four.

On Fedora, NetworkManager typically controls:

Interface configuration
DNS resolver behavior
Interaction with systemd-resolved (when enabled)
DHCP-provided DNS and search domains

If these are not aligned with Active Directory expectations, identity services may partially work, fail intermittently, or mislead diagnostics.

DNS Control and Resolver Behavior

One of the most common failure sources in Samba AD environments on Fedora is DNS ambiguity.

Potential issues include:

DHCP pushing external DNS servers ahead of the AD DC
NetworkManager overwriting /etc/resolv.conf
Split DNS behavior where some queries resolve correctly and others do not
Search domains being injected unexpectedly

Active Directory assumes:

The domain controller is authoritative for the domain zone
Clients use domain DNS first, not “one of many” resolvers

Operational principle:
If NetworkManager is allowed to override DNS indiscriminately, Active Directory will behave inconsistently.

Static IPs and Interface Stability

For a Samba AD DC, the network interface must be:

Predictably addressed
Stable across reboots
Immune to opportunistic reconfiguration

On Fedora, this usually means:

Defining a static IPv4 configuration in NetworkManager
Avoiding DHCP for the domain controller itself
Ensuring the hostname and IP association remain fixed

A domain controller that changes IPs or DNS identity effectively becomes a different machine from the perspective of the domain.

Hostname and Identity Consistency

NetworkManager can influence hostname behavior in subtle ways, especially when combined with DHCP or cloud-init–style defaults.

For a Samba AD DC:

Hostname must be explicitly set
Fully Qualified Domain Name (FQDN) should resolve consistently
Hostname changes after provisioning should be avoided

Active Directory binds machine identity tightly to naming. NetworkManager-assisted hostname changes can break trust relationships without obvious errors.

systemd-resolved Interaction (When Present)

On Fedora systems using systemd-resolved, NetworkManager often acts as a frontend to the resolver rather than managing /etc/resolv.conf directly.

This can introduce:

Multiple resolver paths
DNS caching behavior
Per-interface DNS routing

While powerful, this complexity can obscure which DNS server is actually being queried at any given moment.

Operational rule:
When diagnosing identity issues, confirm what resolver path is active—not just what configuration files claim.

Common Failure Patterns Involving NetworkManager

AD Works Until Reboot

Often caused by:

DHCP-provided DNS replacing domain DNS
NetworkManager reapplying default connection profiles

Kerberos Errors After Network Changes

Often caused by:

DNS resolution switching mid-session
Interface reordering or resolver precedence changes

Clients Can Reach DC by IP but Not by Name

Often caused by:

Search domain misconfiguration
External DNS taking precedence

These failures are frequently misattributed to Samba or Kerberos when the root cause lies in network management behavior.

Operational Boundaries and Safe Practices

Recommended practices when using Fedora with Samba AD DC:

Treat DNS as identity infrastructure, not networking convenience
Pin DNS configuration explicitly for the domain controller
Avoid mixing automatic DHCP DNS with AD DNS
Validate resolver behavior after any network change
Document NetworkManager connection profiles that affect identity

When changes are necessary, make them intentionally and verify identity services immediately afterward.

Summary

NetworkManager on Fedora is a powerful abstraction layer that can either support or undermine a Samba AD DC deployment depending on how it is configured. Its influence over DNS, hostname resolution, and interface state places it directly in the critical path of Active Directory identity.

Understanding and respecting this interaction reduces false diagnoses, prevents intermittent failures, and makes the overall system more legible and predictable—especially in small, production-critical environments.

Status

This page reflects observed and anticipated interactions between NetworkManager, Fedora, and Samba AD DC. It should be updated if resolver behavior, distribution defaults, or network architecture changes.

Official NetworkManager Documentation

NetworkManager Reference Manual (latest) — authoritative system admin documentation
This is the definitive reference for NetworkManager itself: configuration options, connection profile settings, command-line tools (nmcli), and the broader API. It’s intended for people who need to understand exactly what NetworkManager can do, how to configure it, and how it represents connection state programmatically.

NetworkManager Reference Manual (official) — https://networkmanager.dev/docs/api/latest/

This manual is especially valuable for:

understanding connection profile settings (IPv4, DNS, hostname, etc.)
seeing how nmcli settings map to underlying properties
exploring advanced topics like dispatcher scripts and service interaction

Fedora / Red Hat Networking Guides

While the Fedora Quick Docs site currently shows an access error, Fedora and its upstream ecosystems (Red Hat, CentOS, Rocky) publish networking guides that are still useful. These often include sections that explain:

how NetworkManager handles DNS
how to set static networking
how to override DHCP settings
and how to integrate NetworkManager with systemd resolvers

For example, the Red Hat Enterprise Linux Networking Guide (closely aligned with Fedora behavior) covers predictable network setup, interface naming, resolver behavior, and how NetworkManager config files relate to what’s actually in effect on the system.

Classic System Administration Texts with Relevant Coverage

Even though they pre-date modern NetworkManager, the Unix and Linux System Administration Handbook by Nemeth et al. contains relevant discussions of networking fundamentals that still apply:

Networking basics and predictable addressing
Resolver configuration and name service switch (nsswitch.conf)
Basic DNS troubleshooting and host identity
The underlying principles that NetworkManager abstracts

If you consult the table of contents or index of the book, you’ll find sections on networking and system identity — for example, the networking chapter and the NetworkManager subsection — which help ground why NetworkManager’s behavior matters in the context of AD services.

Even though the exact version you have may not directly cover NetworkManager (since older editions pre-date it), the network fundamentals and service configuration parts remain deeply relevant.