[Samba] specify alternative port for samba internal dns server

Andrew Bartlett abartlet at samba.org
Sat Feb 28 18:22:51 MST 2015 

On Thu, 2015-02-26 at 17:13 -0800, Ben Cohen wrote:
> I read that page -- but I'm not seeing anything that makes me think my dns
> strategy is inappropriate ...
> 
> The article does describe the possible deployment strategies in what I
> believe to be an overly constrained manner:
> 
> >From the wiki:
> 
> ---
> 
> You can use either the internal DNS server that is built into the samba4
> binary, or an external bind DNS server. Default is to use the internal
> server, and it is highly recommended that when you start using Samba4 as
> AD-DC for the first time, you install it this way. You can later switch
> between the two variants if needed. If you do use an external bind DNS
> server, it must use the DLZ backend and run on the Samba AD DC.
> 
> ---
> 
> In my opinion this should be augmented to explain that its simple to use
> the internal samba dns in combination with an external dns server.
> 
> 
> Something like:
> 
> ---
> 
> You can use the samba internal dns in combination with any other dns server
> so long as that external dns server resolves queries for your active
> directory domain via the samba dns server.
> 
> 
> For example, suppose you've configured a samba domain to use the internal
> dns as like this:
> 
> # *samba-tool domain provision --use-rfc2307 --interactive*
> Realm [SAMDOM.EXAMPLE.COM]: *SAMDOM.EXAMPLE.COM <http://SAMDOM.EXAMPLE.COM>*
>  Domain [SAMDOM]: *SAMDOM*
> 
> 
> The above configures samba with and sets the internal samba-dns as the
> authoritative dns server for samdom.example.com.  To ensure clients find
> the necessary active directory information for samdom.example.com, ensure
> the dns server on your network resolves all queries for samdom.example.com
> via the samba internal dns server.
> 
> 
> For example to configure a dnsmasq server to resolve queries for
> samdom.example.com via the samba internal dns server -- include in your
> dnsmasq configuration:
> 
> server=/samdom.example.com/192.168.1.2
> 
> where 192.168.1.2 in the above is the ip address of the server running
> samba4.
> 
> ---
> 
> 
> This third strategy uses the samba internal dns for all dns behavior that
> samba/ad depends on, while still allowing use of another dns server than.
> The source of truth for samdom.example.com is the samba-dns which is
> tightly (and correctly) integrated with the semantics of the active
> directory domain.  This setup does not require use of BIND and does not
> require clients on the network use the samba dns for name resolution.

If you apply for a wiki account, then I think the above would be quite
reasonable to add.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list