Forwarding DNS requests for realm to forward server
Adda Rathbone
addarathbone at googlemail.com
Sun May 31 02:33:35 MDT 2015
Thank you for your answer.
I read up on the topic and found out that messing with DNS (especially with
the DNS authority/master servers) as I proposed it might result in lots of
unexpected behavior.
As my goal was to reuse the dhcp server of my router I just created a
subdomain for the AD DC (samdom.example.com). and made following changes to
my router:
- set dns forwarder to route all traffic of samdom.example.com to AD DC
- changed DHCP server settings to use IP of AD DC as DNS server
So far it's working
Thank you.
On Sat, May 23, 2015 at 7:37 PM, Rowland Penny <repenny241155 at gmail.com>
wrote:
> On 14/05/15 23:10, Adda Rathbone wrote:
>
>> Hello everyone,
>> I hope this is the right list to post this. During the last months I
>> played
>> with Samba4 as Active Directory Domain Controller in my home network
>> (windows
>> and linux machines), to create a single password environment. During
>> testing
>> however I realized, that I could not integrate samba as planed.
>>
>> Requirements:
>> - (re-)use dhcp and dns of my router (domain: example.com)
>> - use samba to authenticate logon on most (but not all) machines using the
>> realm example.com
>>
>> Problems:
>> After changing the dhcp server on my router to use the samba server as
>> DNS I
>> was not able to ping the linux machines that had not joined the AD. The
>> samba
>> server was configured to forward dns requests to the router.
>> Of course the internal DNS of the router could resolve the requests
>> (tested
>> via
>> host command).
>>
>> Example:
>> $ ping linux01.example.com
>> ping: unknown host ...
>>
>> $ ping windows01.example.com
>> 64 bytes from ...
>>
>> $ host linux01.example.com samba
>> ...
>> Host linux01.example.com not found: 3(NXDOMAIN)
>>
>> $ host linux01.example.com router
>> ...
>> linux01 has address 192.168.0.100
>>
>>
>> Solution:
>> It would be nice if the samba server could be configured to forward dns
>> requests (of its domain) that could not be resolved (NXDOMAIN) by the
>> internal
>> server to the forward dns server.
>>
>> This would allow for an easy setup of samba as AD DC in small businesses
>> or
>> home networks, without changing too much of the existing infrastructure.
>> Only the dhcp server settings needs to be adjusted to use the samba server
>> as
>> DNS server.
>>
>> I would like to hear feedback if this change is sensible.
>>
>> Thank you for your time
>> Adda
>>
>
> You could also do what I do, turn off dhcp on the router and set up dhcp
> on the samba AD DC. The samba AD DC should be authoritative for the domain
> and should only forward external addresses to the forwarder set in
> smb.conf, or, as in my case, the bind conf files.
>
> I am fairly sure that what you are proposing is not a good idea, though
> undoubtedly somebody will suggest a way of doing it, all I can say is that
> I have been doing it this way for about 2 and half years now without any
> major problems.
>
> Rowland
>
>
More information about the samba-technical
mailing list