Forwarding DNS requests for realm to forward server

Rowland Penny repenny241155 at gmail.com
Sat May 23 11:37:13 MDT 2015 

On 14/05/15 23:10, Adda Rathbone wrote:
> Hello everyone,
> I hope this is the right list to post this. During the last months I played
> with Samba4 as Active Directory Domain Controller in my home network
> (windows
> and linux machines), to create a single password environment. During testing
> however I realized, that I could not integrate samba as planed.
>
> Requirements:
> - (re-)use dhcp and dns of my router (domain: example.com)
> - use samba to authenticate logon on most (but not all) machines using the
>    realm example.com
>
> Problems:
> After changing the dhcp server on my router to use the samba server as DNS I
> was not able to ping the linux machines that had not joined the AD. The
> samba
> server was configured to forward dns requests to the router.
> Of course the internal DNS of the router could resolve the requests (tested
> via
> host command).
>
> Example:
> $ ping linux01.example.com
> ping: unknown host ...
>
> $ ping windows01.example.com
> 64 bytes from ...
>
> $ host linux01.example.com samba
> ...
> Host linux01.example.com not found: 3(NXDOMAIN)
>
> $ host linux01.example.com router
> ...
> linux01 has address 192.168.0.100
>
>
> Solution:
> It would be nice if the samba server could be configured to forward dns
> requests (of its domain) that could not be resolved (NXDOMAIN) by the
> internal
> server to the forward dns server.
>
> This would allow for an easy setup of samba as AD DC in small businesses or
> home networks, without changing too much of the existing infrastructure.
> Only the dhcp server settings needs to be adjusted to use the samba server
> as
> DNS server.
>
> I would like to hear feedback if this change is sensible.
>
> Thank you for your time
> Adda

You could also do what I do, turn off dhcp on the router and set up dhcp 
on the samba AD DC. The samba AD DC should be authoritative for the 
domain and should only forward external addresses to the forwarder set 
in smb.conf, or, as in my case, the bind conf files.

I am fairly sure that what you are proposing is not a good idea, though 
undoubtedly somebody will suggest a way of doing it, all I can say is 
that I have been doing it this way for about 2 and half years now 
without any major problems.

Rowland

More information about the samba-technical mailing list