enabling internal DNS
Andrew Bartlett
abartlet at samba.org
Mon Sep 17 09:46:44 MDT 2012
On Mon, 2012-09-17 at 14:34 +0200, Kai Blin wrote:
> On 2012-09-17 13:44, Peter Clark wrote:
>
> Hi Peter,
>
> > Does the internal server support split DNS?
>
> If by split DNS you mean "different replies depending on where the
> question is coming from", then no. If you need that, use BIND.
>
> Let me reiterate: The internal DNS is not an attempt to replace BIND.
> The goal is to get an AD-capable DNS implementation that's less fuss to
> set up than BIND for simple networks. If you need anything fancy,
> chances are you know enough BIND-fu to manage setting up the DLZ plugin
> as well.
Also to my understanding, split-DNS is used for situations where we
don't want to expose some details to external networks. NO component of
Samba should be exposed to external networks in this way (we have held
this policy for a very long time, and in Samba 4.0 AD particularly we
have a large number of complex protocols which all have access to the
most sensitive database on the network).
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list