[Samba] (S4) Neither AXFR nor authoritative nameserving available?

[Michael B. Trausch]

On 12/22/2012 05:44 AM, Andrew Bartlett wrote:
> On Tue, 2012-12-18 at 11:58 -0500, Michael B. Trausch wrote:
>> Hello all,
>>
>> I'd like to have redundant DNS in our setup.  But it seems that Samba 4
>> does not yet support AXFR with its internal DNS server.  Alright, that's
>> fine, so I figured I'd configure the system such that at the very least,
>> a caching nameserver was sitting in front of it.  However, that doesn't
>> work; the caching nameserver (BIND 9) returns SERVFAIL, apparently
>> because Samba 4 isn't setting the authoritative bit on its DNS responses.
>
> That's odd.  Please file a bug, so Kai can look into it.

Well, I finally got it working, after an update.  Yay.  :)

I still don't have the ability for AXFR, though, it seems.  Is that 
supported, or in-the-works?

>> Is this a known issue, a configuration error on my part, or something
>> entirely different altogether?
>
> You could run another Samba DC to get the redundant DNS.

I _could_... but I'm not there yet, and Samba seems to drop queries a 
fair bit on a lightly-loaded (about 1 QPS) network; what I mean there is 
that we've observed failure-to-resolve several times a day.  This seems 
to have gone away now that we've turned off the forwarding option, and 
are using BIND "in front" of Samba 4 as a caching/forwarding nameserver. 
  I'll know more as the week goes by.

> Another option is to run the bind9 server and the dlz plugin.

I'd opted to not set this domain up that way because I figured it'd be 
easier to manage if Samba handled the domain itself.  We could switch to 
BIND for the server, but I have three questions there:

1.  Can we switch from Samba 4 -> BIND without reprovisioning?

2.  Is there any loss of client-side functionality (e.g., the Microsoft
     DNS tool)?

3.  Are there any other downsides to using BIND over the internal Samba4
     DNS?

	--- Mike