[Samba] Samba 4 AD DC and BIND

Gerry Reno greno at verizon.net
Sun Mar 17 15:16:43 MDT 2013

On 03/17/2013 05:10 PM, Thomas Simmons wrote:
> Ideally you should not use the same domain name for your AD domain. Microsoft used to use "domain.local" for a default
> configuration, but this can cause problems with certain external services (Exchange/Office365 for example) and it also
> conflicts with some "local" Apple services if you have Macs on your networks. You could also purchase and use
> "domain.net <http://domain.net>" if it's available. Finally, what I did was use a sub-domain for AD (I used
> internal.domain.com <http://internal.domain.com> but others use ad.domain.com <http://ad.domain.com>, etc...) If you
> really must use your external FQDN, a split-dns setup (your last statement) is probably going to be your only option.
> On Sun, Mar 17, 2013 at 3:57 PM, Gerry Reno <greno at verizon.net <mailto:greno at verizon.net>> wrote:
>     When you setup Samba 4 AD DC using BIND9_DLZ and your domain has external servers (eg: www,mail) at external providers
>     this means that the ISP and the internal network nameservers will both have SOA record for the domain.
>     /etc/resolv.conf looks like this:
>         domain company.com <http://company.com>
>         nameserver
>     /etc/named.conf contains:
>         forwarders  { isp_nameservers; };
>         recursion   yes;
>     What is the preferred way to forward DNS requests to the ISP nameservers in order to resolve the domain's external
>     servers without using BIND views?
>     Right now, all of Samba 4 AD DC DNS is working with the exception of being able to resolve the domain's external
>     servers.
>     One solution could be to dump all our domain records at the ISP and duplicate them in the AD DNS Zone which seems
>     unnecessary.
>     -Gerry

Please try to avoid top posting.

Certainly having different internal and external domains is easier, but I'm trying to work out the use case for how we
do it when the domain must be the same both internal and external.

Duping the records from the ISP works and we could live with this if necessary.  But I'm trying to avoid Split-DNS
solution and to find a way to use forwarding to do it without having to maintain duplicated records.


More information about the samba mailing list