[Samba] AD DC without integrated DNS

[Magnus Holmgren]

måndag 4 maj 2020 kl. 21:17:13 CEST skrev  Rowland penny via samba:
> > samba_dnsupdate can insert all the records from dns_update_cache, *except*
> > the NS record for the _msdcs zone
> 
> Not sure I understand that, by default a Samba AD DC has two zones:
> samdom.example.com (DomainDnsZone)
> _msdcs.samdom.example.com (ForestDnsZone)
> 
> Both of which can be updated by samba_dnsupdate

Yes, samba_dnsupdate successfully injects all the necessary RRs, both for the 
domain and for the forest, except they don't get separated into two zones. But 
that's just an technical-organizational detail when there's only one AD domain 
anyway. As long as all the A/AAAA and SRV records are in place and can be 
found by the clients, what, exactly, would not work? Joining a machine to an 
AD domain doesn't require adding DNS records to its zone; the FQDN of the 
machine can be entirely different, AFAICT. Are there any DNS-related 
operations that require talking some other protocol? (samba_dnsupgrade falling 
back to samba-tool when DDNS doesn't work will of course not be an option.)

> > hardly planning to join any Windows machines to this domain, except for
> > one or two for the purpose of testing software that we can't install on
> > multiple personal laptops (most of which were bought with Windows Home
> > pre-installed),
> That is never going to work, you cannot join a Windows Home client to a
> domain.

Exactly. I said we're hardly planning on joining any Windows machines to the 
domain, and they're mostly running Windows Home anyway (we could buy Pro 
upgrades, though).

-- 
Magnus Holmgren        holmgren at lysator.liu.se
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba/attachments/20200504/19f1b9a1/signature.sig>