[Samba] Samba 4 DNS name Planing
L.P.H. van Belle
belle at bazuin.nl
Wed Dec 4 03:26:00 MST 2013
Sure if you know what your doing with dns and domainnames, yes, i also preffer your the correct domain and yes, MS also prefers that,
but because of misusage of the domainnames MS also uses .local
As M.S. stats:
If you want to use a full DNS name for the internal domain other than the default, it is strongly recommended that you use the .local label for the extension.
Using an internal domain name different from your registered Internet domain name is a more secure configuration.
Using a publicly registered Internet domain name can result in name resolution issues.
Much to read about it :
here : http://technet.microsoft.com/en-us/library/cc708159(v=ws.10).aspx
must read: dns namespace planning : http://support.microsoft.com/kb/254680/en-us
but, if you want to use official certificates, yes, better u use the correct domainname.
and when your doing that, then you know what your doing.. ;-)
I myself preffer the following. ( i know how dns works, that helps. )
INTERNET DNS setup.
company.tld. main internet adres, and NO ip assigned, yes lots of people do that, but i dont like it.
www.company.tld. points to my webserver. ( external ipnumbers )
mail.company.tld. points to my mail server. ( external ipnumbers )
proxy.company.tld points to my proxy ip ( external ipnumbers )
location1.company.tld. is external resolvable. ( for use of mail server1 )
location2.company.tld. is external resolvable. ( for use of mail server2 )
location3.company.tld. is external resolvable. ( for use of mail server3 )
why resolvable, because of all of the spam traps and mail rules etc etc.
Im also into anti-spam setups so this is a must.
AD and INTERNAL !! dns setup.
headoffice.location1.company.tld. the AD server INTERNAL domain.
=> servername in FQDN : samba4-1.headoffice.location1.company.tld.
NETBIOS NAME: HEADOFFICE
mail.headoffice.company.tld. points to the internal ipadres
mail.locaction1.company.tld is a CNAME to mail.headoffice.company.tld.
mail.locaction2.company.tld is a CNAME to mail.headoffice.company.tld.
etc
so the big thing here is
hostname = samba4-1.headoffice.company.tld
AD = headoffice.company.tld
REALM = HEADOFFICE.COMPANY.TLD
DOMAINNAME ( NT Style ) COMPANY
yes long names, but scalable to any thing and any where.
but.. its just what you preffer or understand.
so think about your dns setup before you are installing any thing is my advice.
Louis
Van: James Cort [mailto:james.cort at bediwin.co.uk]
Verzonden: woensdag 4 december 2013 10:47
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba 4 DNS name Planing
Pretty sure use of .local is deprecated in recent versions of Windows Server - ISTR it's something to do with some Windows client devices requiring a certificate signed by a recognised CA, and of course none of them will sign a certificate ending in .local.
Personally, I d set up a subdomain of a registered domain - eg. ad.mydomain.com - and that d be the AD domain. But I haven t checked to see if that represents recommended practise so take it with all the salt you think it needs.
James.
--
Eckland-Cort Ltd T/A Bediwin Information Services
Registered in England and Wales, no. 02598654
Registered office: 3 Southleigh Road, Taunton, Somerset TA1 2XZ
Our Managed Workstation service deals with antivirus, backup and updates for just £5.00/month!
http://www.bediwin.co.uk/services/managed-workstations
On 4 Dec 2013, at 08:29, L.P.H. van Belle <belle at bazuin.nl> wrote:
I suggest you always use .local if only internal use..
see RFC 6762, which has been approved and was officially published on February 20, 2013,
essentially reserves the use of .local as a pseudo-TLD for link-local hostnames
that can be resolved via the Multicast DNS name resolution protocol.
http://tools.ietf.org/html/rfc6762
Louis
-----Oorspronkelijk bericht-----
Van: abartlet at samba.org [mailto:samba-bounces at lists.samba.org]
Namens Andrew Bartlett
Verzonden: woensdag 4 december 2013 9:15
Aan: Chan Min Wai
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba 4 DNS name Planing
On Tue, 2013-12-03 at 18:48 +0800, Chan Min Wai wrote:
Dear All,
Can help to advise if there are any name planing for dns?
e.g: I've a domain amtb-m.org
should my samba4 server be
ad.amtb-m.org?
OR should I create another non-reachable internal domain
e.g: ad.amtb-m.lan
For them?
What is the benefit on this or that?
Any documentation about that?
Use a proper subdomain of your registered DNS domain for your new AD
domain. Don't use .lan, .local, .corp as you have no idea
what suffixes
ICANN might sell off next, use the domain you already own as the base.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT
http://catalyst.net.nz/services/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list