[Samba] dns on samba, or not

Rowland Penny rowlandpenny at googlemail.com
Thu Jun 5 13:44:31 MDT 2014

On 05/06/14 20:38, David Bear wrote:
> I still don't understand something I know is critical for a samba 4 addc to
> work.
> We want to run DNS from our firewall/router. This seems to be the natural
> place for it. Furthermore, it's already there.
> But it seems when samba 4.x is running as an ADDC, it also wants to run/be
> dns.
It needs to be the dns for the samba domain

> Is there a way to keep dns running on our firewall appliance and have samba
> refer to that? If so, what are the disadvantages ? Does it prevent machines
> from joining the domain?

yes, none really, no, in that order ;-)

Just point the samba forwarder at the firewall device

> Finally, if it is not possible to allow samba to not run any dns, is there
> a best practice from dns naming conventions. For example, if our dns name
> is
> myschool.com
> all our user principals would be username at myschool.com
Don't do this

> but if samba must run its own dns, could we have a subdomain such as
> authdom.myschool.com

Yes, this is recommended

> And if we did, would the user principal then become
> username at authdom.myschool.com

> ?

More information about the samba mailing list