[Samba] Samba 4 DNS name Planing

me at electronico.nc me at electronico.nc
Wed Dec 4 23:59:36 MST 2013 

Le 04/12/2013 21:26, L.P.H. van Belle a écrit :
> Sure if you know what your doing with dns and domainnames, yes, i also preffer your the correct domain and yes, MS also prefers that,
> but because of misusage of the domainnames MS also uses .local
>   
> As M.S. stats:
> If you want to use a full DNS name for the internal domain other than the default, it is strongly recommended that you use the .local label for the extension.
> Using an internal domain name different from your registered Internet domain name is a more secure configuration.
> Using a publicly registered Internet domain name can result in name resolution issues.
>   
>   
> Much to read about it :
>   
> here : http://technet.microsoft.com/en-us/library/cc708159(v=ws.10).aspx
> must read:  dns namespace planning :  http://support.microsoft.com/kb/254680/en-us
>   
>   
> but, if you want to use official certificates, yes, better u use the correct domainname.
> and when your doing that, then you know what your doing..  ;-)
>   
> I myself preffer the following. ( i know how dns works, that helps. )
>   
> INTERNET DNS setup.
>   
> company.tld.     main internet adres, and NO ip assigned, yes lots of people do that, but i dont like it.
> www.company.tld.        points to my webserver. ( external ipnumbers )
> mail.company.tld.        points to my mail server. ( external ipnumbers )
> proxy.company.tld       points to my proxy ip ( external ipnumbers )
>   
> location1.company.tld.   is external resolvable.  ( for use of mail server1 )
> location2.company.tld.   is external resolvable.  ( for use of mail server2 )
> location3.company.tld.   is external resolvable.  ( for use of mail server3 )
> why resolvable, because of all of the spam traps and mail rules etc etc.
>
> Im also into anti-spam setups so this is a must.
>   
>   
> AD and INTERNAL !! dns setup.
> headoffice.location1.company.tld.    the AD server INTERNAL domain.
>      =>  servername in FQDN :   samba4-1.headoffice.location1.company.tld.
>      NETBIOS NAME: HEADOFFICE
>   
> mail.headoffice.company.tld.    points to the internal ipadres
> mail.locaction1.company.tld is a CNAME to mail.headoffice.company.tld.
> mail.locaction2.company.tld is a CNAME to mail.headoffice.company.tld.
> etc
>   
> so the big thing here is
> hostname = samba4-1.headoffice.company.tld
> AD = headoffice.company.tld
> REALM = HEADOFFICE.COMPANY.TLD
> DOMAINNAME ( NT Style )  COMPANY
>   
>   
> yes long names, but scalable to any thing and any where.
>   
> but.. its just what you preffer or understand.
>   
> so think about your dns setup before you are installing any thing is my advice.
>   
> Louis
>   
>
> Van: James Cort [mailto:james.cort at bediwin.co.uk]
> Verzonden: woensdag 4 december 2013 10:47
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba 4 DNS name Planing
>
>
>
> Pretty sure use of .local is deprecated in recent versions of Windows Server - ISTR it's something to do with some Windows client devices requiring a certificate signed by a recognised CA, and of course none of them will sign a certificate ending in .local.
>
> Personally, I d set up a subdomain of a registered domain - eg. ad.mydomain.com - and that d be the AD domain. But I haven t checked to see if that represents recommended practise so take it with all the salt you think it needs.
>
>
>
>
> James.
>
>
> -- 
> Eckland-Cort Ltd T/A Bediwin Information Services
> Registered in England and Wales, no. 02598654
> Registered office:  3 Southleigh Road, Taunton, Somerset  TA1 2XZ
>
>
> Our Managed Workstation service deals with antivirus, backup and updates for just £5.00/month!
> http://www.bediwin.co.uk/services/managed-workstations
>
>
>
>
>
>
>
>
> On 4 Dec 2013, at 08:29, L.P.H. van Belle <belle at bazuin.nl> wrote:
>
>
> I suggest you always use .local if only internal use..
>
> see RFC 6762, which has been approved and was officially published on February 20, 2013,
> essentially reserves the use of .local as a pseudo-TLD for link-local hostnames
> that can be resolved via the Multicast DNS name resolution protocol.
>
> http://tools.ietf.org/html/rfc6762
>
>
> Louis
>
>
> -----Oorspronkelijk bericht-----
> Van: abartlet at samba.org [mailto:samba-bounces at lists.samba.org]
> Namens Andrew Bartlett
> Verzonden: woensdag 4 december 2013 9:15
> Aan: Chan Min Wai
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Samba 4 DNS name Planing
>
> On Tue, 2013-12-03 at 18:48 +0800, Chan Min Wai wrote:
> Dear All,
>
> Can help to advise if there are any name planing for dns?
>
> e.g: I've a domain amtb-m.org
>
> should my samba4 server be
> ad.amtb-m.org?
>
> OR should I create another non-reachable internal domain
> e.g: ad.amtb-m.lan
>
> For them?
>
> What is the benefit on this or that?
> Any documentation about that?
>
> Use a proper subdomain of your registered DNS domain for your new AD
> domain.  Don't use .lan, .local, .corp as you have no idea
> what suffixes
> ICANN might sell off next, use the domain you already own as the base.
>
> Andrew Bartlett
>
Well,
I thought I could have done a mistake ... These messages lead me the 
thought could be right ...
I have named the Samba4 domain : FQDN (domain.com)
What could be issues about that ?
Thanks in advance for your lights.
Nicolas

More information about the samba mailing list