enabling internal DNS
d.dario76 at gmail.com
Mon Sep 17 02:05:32 MDT 2012
On Mon, 2012-09-17 at 09:53 +0200, Kai Blin wrote:
> On 2012-09-17 09:19, Daniele Dario wrote:
> Hi Daniele,
> > I've seen during last days many discussions about enabling the internal
> > DNS and found that the "procedure" to follow on a already provisioned
> > system working with bind9+dlz should be to add in smb.conf
> If you already have a working bind-dlz setup, you're not necessarily the
> target audience. Our main aim is to save people the hassle of setting up
> bind-dlz in the first place.
> If you want to keep running bind-dlz, all you need to add is
> server services = -dns
> If you want to run with the internal DNS anyway, I suggest the following:
> dns forwarder = <your forwarder ip>
> And that's it. Unless you really want to allow nonsecure updates. If
> that's the case, you could have been running with the internal server
> for a year already, so I think that's an unlikely scenario.
> Oh, and currently the internal DNS server doesn't listen on the loopback
> interface, so make sure /etc/resolv.conf points to the actual IP address
> of your DC.
> > interfaces = w.x.y.x
> > dns forwarder = a.b.c.d
> > allow dns updates = nonsecure and secure
> I know this was recently proposed on the mailing list, but I don't think
> this is a good idea at all. Allowing nonsecure updates is the best way
> of getting into all sorts of trouble if you can't absolutely trust your
> I've gone through a lot of trouble to save people from having to take
> risks like that, and I'm not too happy to see people recommend the
> nonsecure update path now that we have better options.
thanks for the tips.
Can you please confirm that there are no problems running internal DNS
on one DC and keep using bind9+dlz on the other (until I update also
that at least to RC1)?
Thanks for your patience,
More information about the samba-technical