use of a DNS cache in front of samba4 internal DNS
samba at dm.cobite.com
Wed Feb 13 09:58:55 MST 2013
I'd like to understand a little more about how samba4 as an AD uses DNS.
In every document, it stresses the point the DNS must be working
correctly (and resolving against the AD) to have a working domain, but
I'm not sure why.
The reason is that I'd like my mail server to authenticate users against
samba4, however to do this it must resolve DNS against it. But the mail
server gets multiple mails per second and resolves all remote ip
addresses and does other header checks etc. i.e. a ton of DNS traffic.
My current configuration is to have a dedicated DNS cache (djbdns
dnscache) which resolves for the mail server, and I'd to keep this
configuration if possible.
djbdns dnscache can be configured to resolve different zones using
different servers, so it is possible to configure the cache to resolve
"samdom.example.com" against samba4 and other zones as usual.
So my question is, does samba4 properly use TTL etc. so that this
configuration will work correctly in general?
In particular I'd like postfix to auth. my users, and as I understand it
I have two options, one is to join the machine to the domain
(pam_winbind) and then postfix will authenticate that way (via pam), and
the other would be to use postfix with SASL and in turn have sasl use
kerberos5 or ldap.
In case anyone has read this far and has suggestions, I'd love to hear
them, and also w.r.t using sasl and kerberos5, how do I set up a keytab
and SPN using samba4? I've googled and googled and cannot seem to get
Thanks in advance!
More information about the samba-technical