samba4 samba-tool dns questions

Amitay Isaacs amitay at gmail.com
Thu Nov 15 17:43:25 MST 2012 

Hi David,

On Fri, Nov 16, 2012 at 9:23 AM, David Mansfield <samba at dm.cobite.com> wrote:
> Hi all (apologies if this is received twice, I forgot my new identity):
>
> I'm testing migration of samba3 to samba4, on centos6, using 4.0.0.rc5.
>
> I've got the installation and migration completed and working, but I'm
> uncertain exactly what the "best practice" is for DNS.
>
> I have a bunch of questions, sorry...
>
> Is the internal DNS server considered "rc" quality, as in, it'll be
> production quality soon, or is the BIND9 solution the recommended path for
> those of us planning to migrate to production shortly?

Depending on your requirements, you can either use internal dns server
or BIND9 with DLZ. Both solutions are working well.

> Our DNS infrastructure is currently djbdns (which has been fantastic btw for
> about a decade!).  As I understand clients MUST use the samba4 server for
> DNS.  Does this mean we must migrate our entire internal DNS infrastructure
> to samba4 (static stuff, reverse maps, sip server SRV records etc), or can
> NXDOMAIN be delegated to a different dnscache and we only have the AD
> specific stuff stored in samba4?

You must use samba4 DNS server for AD domains. For the rest, you can
continue to use your existing DNS setup. You can easily forward the
requests for AD domains to samba4 dns server (internal or bind9+dlz)
from dnscache of djbdns. And configure samba4 dns server to forward
all the queries it cannot resolve locally to your dnscache. So your
clients can point to either DNS servers (samba4 dns server / dbjdns
dnscache).

> (based on the previous answer this one may be moot!:)
>
> Most of our hosts are currently linux boxes with _static_ IPs, but they will
> be (eventually) authenticating to samba4.  Is "samba-tool" the preferred way
> to manage DNS entries, or is it possible with BIND9 integration to have all
> of the "static" stuff in regular named.conf type text files and only the
> parts that are dynamic will be managed internally and automatically by
> samba4 and I'll never need samba-tool?

You only need to worry about AD related domains in samba4 DNS. You can
host the other domains if required, but that depends on your needs.
For managing AD domains, you can use windows DNS management tool or
equivalently use samba-tool dns which uses the same protocol as
windows DNS management tool to manage zones.

> With "samba-tool dns"  subcommands there appears to be no documentation of
> the various fields.  E.g how do I set the TTL of an SOA record? Using
> "samba-tool dns zonecreate --help " just shows:
>
> samba-tool dns zonecreate <server> <zone> [options]
>
> What are the "options"? I'm willing to dig around in source and update the
> wiki or something if it would be helpful, but where do I look?

samba-tool dns zonecreate currently creates an empty zone.  The SOA
settings are actually part of '@' record.  So first you create an
empty zone and then add '@ record using samba-tool dns add.

It seems I have missed the implementation of adding SOA records in
samba-tool . Coming soon. :)
Meanwhile you can use windows dns management tool to create zone with
correct SOA record.

> This seams like a fantastic development in the linux world, keep up the
> great work.!
>
> Thanks,
> David Mansfield
>

Amitay.

More information about the samba-technical mailing list