samba4 samba-tool dns questions

Andrew Bartlett abartlet at
Thu Nov 15 17:55:14 MST 2012

On Fri, 2012-11-16 at 11:43 +1100, Amitay Isaacs wrote:
> Hi David,
> On Fri, Nov 16, 2012 at 9:23 AM, David Mansfield <samba at> wrote:
> > Hi all (apologies if this is received twice, I forgot my new identity):
> >
> > I'm testing migration of samba3 to samba4, on centos6, using 4.0.0.rc5.
> >
> > I've got the installation and migration completed and working, but I'm
> > uncertain exactly what the "best practice" is for DNS.
> >
> > I have a bunch of questions, sorry...
> >
> > Is the internal DNS server considered "rc" quality, as in, it'll be
> > production quality soon, or is the BIND9 solution the recommended path for
> > those of us planning to migrate to production shortly?
> Depending on your requirements, you can either use internal dns server
> or BIND9 with DLZ. Both solutions are working well.
> > Our DNS infrastructure is currently djbdns (which has been fantastic btw for
> > about a decade!).  As I understand clients MUST use the samba4 server for
> > DNS.  Does this mean we must migrate our entire internal DNS infrastructure
> > to samba4 (static stuff, reverse maps, sip server SRV records etc), or can
> > NXDOMAIN be delegated to a different dnscache and we only have the AD
> > specific stuff stored in samba4?
> You must use samba4 DNS server for AD domains. For the rest, you can
> continue to use your existing DNS setup. You can easily forward the
> requests for AD domains to samba4 dns server (internal or bind9+dlz)
> from dnscache of djbdns. And configure samba4 dns server to forward
> all the queries it cannot resolve locally to your dnscache. So your
> clients can point to either DNS servers (samba4 dns server / dbjdns
> dnscache).

And if you use bind9 and DLZ, you can simply define
master/slave/forwarder domains for the other domains as per typical

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list