[Samba] Samba 4 DNS name Planing

L.P.H. van Belle belle at bazuin.nl
Thu Dec 5 01:11:27 MST 2013 

Hai, 

its simple.. 

if your samba domain is DOMAIN.TLD thats ok, you can do that. 
if your samba domain server is FQDN hostname.DOMAIN.TLD then thats ok also. 

but, if your domain also is registered on the internet, then you can, run in to dns resolving problemens. 
be very carefull about the hostnames you have in AD ( and dns itself ) and the hostnames used on the internet. 

because of this i recommend the use of a sub domain, register the subdomain in the internet dns. 
If you have dhcp on the location, try to use a dynamic dns service. ( like no-ip.org, its free ) 

and then, what do you get. 

in internet dns
registerd at no-ip.org ( for example there are more of these services on the internet) 
- yourfunnyhostname.no-ip.org		-> gets ip through client app, 
in router or linux/windows app, on lokation subdomain.domain.tld  

In you provider DNS.
DOMAIN.TLD				EXTERNAL IP.
SUBDOMAIN.DOMAIN.TLD		( CNAME to yourfunnyhostname.no-ip.org ) a nice to have but not nessesary ! 
i use it for some locations so i always can acces from the internet. 

Internal network.
SUBDOMAIN.DOMAIN.TLD		Samba 4 domain.
SAMBA4.SUBDOMAIN.DOMAIN.TLD	samba 4 server
NETBIOS Domainname, what you want. 
SAMBA dns, with forward to external dns. 

etc etc. 

and yes, .local is NOT recommended as i suggested first, ( sorry about that ) 
i havent seen the note of MS in the site i e-mailed. but good thing is about this.. 
it woke up lots of people, and some are helped with these tips.  ;-)  

Greetz, 

Louis







>-----Oorspronkelijk bericht-----
>Van: me at electronico.nc [mailto:samba-bounces at lists.samba.org] 
>Namens me at electronico.nc
>Verzonden: donderdag 5 december 2013 8:00
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] Samba 4 DNS name Planing
>
>Le 04/12/2013 21:26, L.P.H. van Belle a écrit :
>> Sure if you know what your doing with dns and domainnames, 
>yes, i also preffer your the correct domain and yes, MS also 
>prefers that,
>> but because of misusage of the domainnames MS also uses .local
>>   
>> As M.S. stats:
>> If you want to use a full DNS name for the internal domain 
>other than the default, it is strongly recommended that you 
>use the .local label for the extension.
>> Using an internal domain name different from your registered 
>Internet domain name is a more secure configuration.
>> Using a publicly registered Internet domain name can result 
>in name resolution issues.
>>   
>>   
>> Much to read about it :
>>   
>> here : 
>http://technet.microsoft.com/en-us/library/cc708159(v=ws.10).aspx
>> must read:  dns namespace planning :  
>http://support.microsoft.com/kb/254680/en-us
>>   
>>   
>> but, if you want to use official certificates, yes, better u 
>use the correct domainname.
>> and when your doing that, then you know what your doing..  ;-)
>>   
>> I myself preffer the following. ( i know how dns works, that helps. )
>>   
>> INTERNET DNS setup.
>>   
>> company.tld.     main internet adres, and NO ip assigned, 
>yes lots of people do that, but i dont like it.
>> www.company.tld.        points to my webserver. ( external 
>ipnumbers )
>> mail.company.tld.        points to my mail server. ( 
>external ipnumbers )
>> proxy.company.tld       points to my proxy ip ( external ipnumbers )
>>   
>> location1.company.tld.   is external resolvable.  ( for use 
>of mail server1 )
>> location2.company.tld.   is external resolvable.  ( for use 
>of mail server2 )
>> location3.company.tld.   is external resolvable.  ( for use 
>of mail server3 )
>> why resolvable, because of all of the spam traps and mail 
>rules etc etc.
>>
>> Im also into anti-spam setups so this is a must.
>>   
>>   
>> AD and INTERNAL !! dns setup.
>> headoffice.location1.company.tld.    the AD server INTERNAL domain.
>>      =>  servername in FQDN :   
>samba4-1.headoffice.location1.company.tld.
>>      NETBIOS NAME: HEADOFFICE
>>   
>> mail.headoffice.company.tld.    points to the internal ipadres
>> mail.locaction1.company.tld is a CNAME to 
>mail.headoffice.company.tld.
>> mail.locaction2.company.tld is a CNAME to 
>mail.headoffice.company.tld.
>> etc
>>   
>> so the big thing here is
>> hostname = samba4-1.headoffice.company.tld
>> AD = headoffice.company.tld
>> REALM = HEADOFFICE.COMPANY.TLD
>> DOMAINNAME ( NT Style )  COMPANY
>>   
>>   
>> yes long names, but scalable to any thing and any where.
>>   
>> but.. its just what you preffer or understand.
>>   
>> so think about your dns setup before you are installing any 
>thing is my advice.
>>   
>> Louis
>>   
>>
>> Van: James Cort [mailto:james.cort at bediwin.co.uk]
>> Verzonden: woensdag 4 december 2013 10:47
>> Aan: L.P.H. van Belle
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Samba 4 DNS name Planing
>>
>>
>>
>> Pretty sure use of .local is deprecated in recent versions 
>of Windows Server - ISTR it's something to do with some 
>Windows client devices requiring a certificate signed by a 
>recognised CA, and of course none of them will sign a 
>certificate ending in .local.
>>
>> Personally, I d set up a subdomain of a registered domain - 
>eg. ad.mydomain.com - and that d be the AD domain. But I haven 
>t checked to see if that represents recommended practise so 
>take it with all the salt you think it needs.
>>
>>
>>
>>
>> James.
>>
>>
>> -- 
>> Eckland-Cort Ltd T/A Bediwin Information Services
>> Registered in England and Wales, no. 02598654
>> Registered office:  3 Southleigh Road, Taunton, Somerset  TA1 2XZ
>>
>>
>> Our Managed Workstation service deals with antivirus, backup 
>and updates for just £5.00/month!
>> http://www.bediwin.co.uk/services/managed-workstations
>>
>>
>>
>>
>>
>>
>>
>>
>> On 4 Dec 2013, at 08:29, L.P.H. van Belle <belle at bazuin.nl> wrote:
>>
>>
>> I suggest you always use .local if only internal use..
>>
>> see RFC 6762, which has been approved and was officially 
>published on February 20, 2013,
>> essentially reserves the use of .local as a pseudo-TLD for 
>link-local hostnames
>> that can be resolved via the Multicast DNS name resolution protocol.
>>
>> http://tools.ietf.org/html/rfc6762
>>
>>
>> Louis
>>
>>
>> -----Oorspronkelijk bericht-----
>> Van: abartlet at samba.org [mailto:samba-bounces at lists.samba.org]
>> Namens Andrew Bartlett
>> Verzonden: woensdag 4 december 2013 9:15
>> Aan: Chan Min Wai
>> CC: samba at lists.samba.org
>> Onderwerp: Re: [Samba] Samba 4 DNS name Planing
>>
>> On Tue, 2013-12-03 at 18:48 +0800, Chan Min Wai wrote:
>> Dear All,
>>
>> Can help to advise if there are any name planing for dns?
>>
>> e.g: I've a domain amtb-m.org
>>
>> should my samba4 server be
>> ad.amtb-m.org?
>>
>> OR should I create another non-reachable internal domain
>> e.g: ad.amtb-m.lan
>>
>> For them?
>>
>> What is the benefit on this or that?
>> Any documentation about that?
>>
>> Use a proper subdomain of your registered DNS domain for your new AD
>> domain.  Don't use .lan, .local, .corp as you have no idea
>> what suffixes
>> ICANN might sell off next, use the domain you already own as 
>the base.
>>
>> Andrew Bartlett
>>
>Well,
>I thought I could have done a mistake ... These messages lead me the 
>thought could be right ...
>I have named the Samba4 domain : FQDN (domain.com)
>What could be issues about that ?
>Thanks in advance for your lights.
>Nicolas
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

More information about the samba mailing list