Forwarding DNS requests for realm to forward server

Adda Rathbone addarathbone at
Sun May 31 02:33:35 MDT 2015

Thank you for your answer.
I read up on the topic and found out that messing with DNS (especially with
the DNS authority/master servers) as I proposed it might result in lots of
unexpected behavior.

As my goal was to reuse the dhcp server of my router I just created a
subdomain for the AD DC ( and made following changes to
my router:
- set dns forwarder to route all traffic of to AD DC
- changed DHCP server settings to use IP of AD DC as DNS server

So far it's working
Thank you.

On Sat, May 23, 2015 at 7:37 PM, Rowland Penny <repenny241155 at>

> On 14/05/15 23:10, Adda Rathbone wrote:
>> Hello everyone,
>> I hope this is the right list to post this. During the last months I
>> played
>> with Samba4 as Active Directory Domain Controller in my home network
>> (windows
>> and linux machines), to create a single password environment. During
>> testing
>> however I realized, that I could not integrate samba as planed.
>> Requirements:
>> - (re-)use dhcp and dns of my router (domain:
>> - use samba to authenticate logon on most (but not all) machines using the
>>    realm
>> Problems:
>> After changing the dhcp server on my router to use the samba server as
>> DNS I
>> was not able to ping the linux machines that had not joined the AD. The
>> samba
>> server was configured to forward dns requests to the router.
>> Of course the internal DNS of the router could resolve the requests
>> (tested
>> via
>> host command).
>> Example:
>> $ ping
>> ping: unknown host ...
>> $ ping
>> 64 bytes from ...
>> $ host samba
>> ...
>> Host not found: 3(NXDOMAIN)
>> $ host router
>> ...
>> linux01 has address
>> Solution:
>> It would be nice if the samba server could be configured to forward dns
>> requests (of its domain) that could not be resolved (NXDOMAIN) by the
>> internal
>> server to the forward dns server.
>> This would allow for an easy setup of samba as AD DC in small businesses
>> or
>> home networks, without changing too much of the existing infrastructure.
>> Only the dhcp server settings needs to be adjusted to use the samba server
>> as
>> DNS server.
>> I would like to hear feedback if this change is sensible.
>> Thank you for your time
>> Adda
> You could also do what I do, turn off dhcp on the router and set up dhcp
> on the samba AD DC. The samba AD DC should be authoritative for the domain
> and should only forward external addresses to the forwarder set in
> smb.conf, or, as in my case, the bind conf files.
> I am fairly sure that what you are proposing is not a good idea, though
> undoubtedly somebody will suggest a way of doing it, all I can say is that
> I have been doing it this way for about 2 and half years now without any
> major problems.
> Rowland

More information about the samba-technical mailing list