[Samba] Samba4 subdomain delegation

Roberto Suárez Soto robe at allenta.com
Mon Aug 11 05:21:04 MDT 2014


     we're planning a Samba 3 to Samba 4 upgrade, and we're quite happy 
with the tests we've done. Everything worked as expected, and I hope 
that the migration will be done without major issues (famous last 
words). But we're having some problems with subdomain delegation.

     Our setup is formed by the Samba server and a DNS server running 
Bind 9. The DNS server is used both to serve the internal DNS zone 
(let's say "customer.com") and as recursive caching server. Currently, 
the internal DNS zone is configured as "master zone", but our plan is to 
change it to a "forward zone" (pointing to the Samba server) as soon as 
the migration is done. There is also a DNS zone "dhcp.customer.com" used 
for DHCP clients, updated automatically by the DHCP server (also running 
in the DNS server). We would like to keep this zone in the DNS server, 
mostly because it already works and because we'd like everyone querying 
the DNS server for everything, leaving Samba 4 like a sort of "hidden 

     I've added a NS record for "dhcp.customer.com" (pointing to the DNS 
server) with samba-tool, but this seems not to be enough. Queries for 
hosts in this subdomain return a NXDOMAIN result. The Samba server is 
able to query the DNS server, which in fact is its DNS forwarder, so 
communications shouldn't be a problem. I've also tried to use the RSAT 
tools from Windows to add a zone delegation, and it seems to work up to 
a point: a NS record is added, but it still doesn't work. Besides, a 
"Validation error. Try again later." (my translation from spanish to 
english) warning appears when I enter the name and address of the DNS 

     So, my question is: what is the recommended way to add subdomain 
delegation to Samba 4 DNS? Has it any caveats that we should be aware of?

      Thanks in advance,

Roberto Suárez Soto
Allenta Consulting <http://www.allenta.com> (+34 881 922 600)
ISO 9001, ISO 14001, ISO 27001, EMAS <https://www.allenta.com/iso>
Privacidad / Privacy <https://www.allenta.com/mail-privacy>

More information about the samba mailing list