[Samba] Internal DNS and recursion

John Gardeniers jgardeniers at objectmastery.com
Wed Aug 19 21:43:13 UTC 2015 

Thanks Rowland and everyone else that responded. I just didn't expect 
the AD tool to work with Bind, so that's a pleasant surprise. Looks like 
I'll be switching to Bind then. I must say that given that (according to 
Microsoft) DNS is the single most important component of Active 
Directory I'm surprised it's so very unfinished in Samba 4. I believe it 
would be preferable to have it default to external Bind and it should be 
clearly stated that the internal DNS is not production ready.

Can anyone tell me whether or not the version of Bind in the CentOS 7 
repos is suitable for this purpose or do I have to build from source?

regards,
John


On 19/08/15 18:21, Rowland Penny wrote:
> On 19/08/15 01:57, John Gardeniers wrote:
>> On the Samba wiki at 
>> https://wiki.samba.org/index.php/Samba_Internal_DNS there is the 
>> following:
>>
>> If you have chosen the internal DNS as backend for your environment, 
>> there are only two options that can be added to your smb.conf, to 
>> control the behaviour of DNS at this point:
>>
>> # Don't allow any updates | allow unsigned updates | only allow 
>> signed updates
>> allow dns updates = False | nonsecure | signed
>>
>> # If recursive queries = yes is set, the following is also needed
>> dns forwarder = <ip addr of external dns server>
>>
>>
>> I think the page needs some urgent editing because self 
>> contradictions merely create confusion. Specifically, there should be 
>> no reference to "recursive queries = yes" in the comment if that is 
>> not even a valid option. Alternatively, there could be a comment 
>> explaining that the "dns forwarder" automatically actives recursion.
>
> OK, page updated.
>
>>
>> While on the subject of internal DNS, why do most functions not work 
>> when using the RSAT DNS management tool? Is this situation likely to 
>> improve in the near future? We could of course use external Bind, 
>> which would allow us to use the existing scripts and commands that 
>> we're used to, but that breaks the use of AD tools.
>
> No idea about the dns functions not working but I use Bind and the AD 
> dns tool works for me.
>
> Rowland
>>
>> regards,
>> John
>>
>
>

More information about the samba mailing list