[Samba] (S4) Neither AXFR nor authoritative nameserving available?
Andrew Bartlett
abartlet at samba.org
Sun Dec 23 13:14:14 MST 2012
On Sun, 2012-12-23 at 14:20 -0500, Michael B. Trausch wrote:
> On 12/22/2012 05:44 AM, Andrew Bartlett wrote:
> > On Tue, 2012-12-18 at 11:58 -0500, Michael B. Trausch wrote:
> >> Hello all,
> >>
> >> I'd like to have redundant DNS in our setup. But it seems that Samba 4
> >> does not yet support AXFR with its internal DNS server. Alright, that's
> >> fine, so I figured I'd configure the system such that at the very least,
> >> a caching nameserver was sitting in front of it. However, that doesn't
> >> work; the caching nameserver (BIND 9) returns SERVFAIL, apparently
> >> because Samba 4 isn't setting the authoritative bit on its DNS responses.
> >
> > That's odd. Please file a bug, so Kai can look into it.
>
> Well, I finally got it working, after an update. Yay. :)
>
> I still don't have the ability for AXFR, though, it seems. Is that
> supported, or in-the-works?
Neither, at this stage.
> >> Is this a known issue, a configuration error on my part, or something
> >> entirely different altogether?
> >
> > You could run another Samba DC to get the redundant DNS.
>
> I _could_... but I'm not there yet, and Samba seems to drop queries a
> fair bit on a lightly-loaded (about 1 QPS) network; what I mean there is
> that we've observed failure-to-resolve several times a day. This seems
> to have gone away now that we've turned off the forwarding option, and
> are using BIND "in front" of Samba 4 as a caching/forwarding nameserver.
> I'll know more as the week goes by.
>
> > Another option is to run the bind9 server and the dlz plugin.
>
> I'd opted to not set this domain up that way because I figured it'd be
> easier to manage if Samba handled the domain itself. We could switch to
> BIND for the server, but I have three questions there:
>
> 1. Can we switch from Samba 4 -> BIND without reprovisioning?
Yes. See the samba_upgradedns script, which handles the switching
required between backends.
> 2. Is there any loss of client-side functionality (e.g., the Microsoft
> DNS tool)?
No.
> 3. Are there any other downsides to using BIND over the internal Samba4
> DNS?
The internal DNS is simpler, follows our internal handling of 'bind
interfaces' and starts up with the rest of Samba.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba
mailing list