[Samba] Samba 4 DNS name Planing

L.P.H. van Belle belle at bazuin.nl
Wed Dec 4 03:26:00 MST 2013


Sure if you know what your doing with dns and domainnames, yes, i also preffer your the correct domain and yes, MS also prefers that, 
but because of misusage of the domainnames MS also uses .local  
 
As M.S. stats: 
If you want to use a full DNS name for the internal domain other than the default, it is strongly recommended that you use the .local label for the extension. 
Using an internal domain name different from your registered Internet domain name is a more secure configuration. 
Using a publicly registered Internet domain name can result in name resolution issues. 
 
 
Much to read about it : 
 
here : http://technet.microsoft.com/en-us/library/cc708159(v=ws.10).aspx 
must read:  dns namespace planning :  http://support.microsoft.com/kb/254680/en-us 
 
 
but, if you want to use official certificates, yes, better u use the correct domainname. 
and when your doing that, then you know what your doing..  ;-)  
 
I myself preffer the following. ( i know how dns works, that helps. ) 
 
INTERNET DNS setup. 
 
company.tld.     main internet adres, and NO ip assigned, yes lots of people do that, but i dont like it. 
www.company.tld.        points to my webserver. ( external ipnumbers ) 
mail.company.tld.        points to my mail server. ( external ipnumbers ) 
proxy.company.tld       points to my proxy ip ( external ipnumbers ) 
 
location1.company.tld.   is external resolvable.  ( for use of mail server1 )
location2.company.tld.   is external resolvable.  ( for use of mail server2 )  
location3.company.tld.   is external resolvable.  ( for use of mail server3 )  
why resolvable, because of all of the spam traps and mail rules etc etc. 

Im also into anti-spam setups so this is a must. 
 
 
AD and INTERNAL !! dns setup. 
headoffice.location1.company.tld.    the AD server INTERNAL domain.
    =>  servername in FQDN :   samba4-1.headoffice.location1.company.tld.
    NETBIOS NAME: HEADOFFICE 
 
mail.headoffice.company.tld.    points to the internal ipadres 
mail.locaction1.company.tld is a CNAME to mail.headoffice.company.tld.
mail.locaction2.company.tld is a CNAME to mail.headoffice.company.tld.
etc 
 
so the big thing here is  
hostname = samba4-1.headoffice.company.tld 
AD = headoffice.company.tld  
REALM = HEADOFFICE.COMPANY.TLD 
DOMAINNAME ( NT Style )  COMPANY 
 
 
yes long names, but scalable to any thing and any where.  
 
but.. its just what you preffer or understand. 
 
so think about your dns setup before you are installing any thing is my advice. 
 
Louis
 

Van: James Cort [mailto:james.cort at bediwin.co.uk] 
Verzonden: woensdag 4 december 2013 10:47
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba 4 DNS name Planing



Pretty sure use of .local is deprecated in recent versions of Windows Server - ISTR it's something to do with some Windows client devices requiring a certificate signed by a recognised CA, and of course none of them will sign a certificate ending in .local. 

Personally, I d set up a subdomain of a registered domain - eg. ad.mydomain.com - and that d be the AD domain. But I haven t checked to see if that represents recommended practise so take it with all the salt you think it needs.




James.


-- 
Eckland-Cort Ltd T/A Bediwin Information Services
Registered in England and Wales, no. 02598654
Registered office:  3 Southleigh Road, Taunton, Somerset  TA1 2XZ


Our Managed Workstation service deals with antivirus, backup and updates for just £5.00/month!
http://www.bediwin.co.uk/services/managed-workstations








On 4 Dec 2013, at 08:29, L.P.H. van Belle <belle at bazuin.nl> wrote:


I suggest you always use .local if only internal use.. 

see RFC 6762, which has been approved and was officially published on February 20, 2013, 
essentially reserves the use of .local as a pseudo-TLD for link-local hostnames 
that can be resolved via the Multicast DNS name resolution protocol.

http://tools.ietf.org/html/rfc6762 


Louis


-----Oorspronkelijk bericht-----
Van: abartlet at samba.org [mailto:samba-bounces at lists.samba.org] 
Namens Andrew Bartlett
Verzonden: woensdag 4 december 2013 9:15
Aan: Chan Min Wai
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Samba 4 DNS name Planing

On Tue, 2013-12-03 at 18:48 +0800, Chan Min Wai wrote:
Dear All,

Can help to advise if there are any name planing for dns?

e.g: I've a domain amtb-m.org

should my samba4 server be
ad.amtb-m.org?

OR should I create another non-reachable internal domain
e.g: ad.amtb-m.lan

For them?

What is the benefit on this or that?
Any documentation about that?

Use a proper subdomain of your registered DNS domain for your new AD
domain.  Don't use .lan, .local, .corp as you have no idea 
what suffixes
ICANN might sell off next, use the domain you already own as the base. 

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          
http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






More information about the samba mailing list