[Samba] Don't use .local
Rowland Penny
rowlandpenny at googlemail.com
Mon Jan 5 05:23:41 MST 2015
On 05/01/15 12:13, Matt . wrote:
> I'm not missing the point, the point is that you actually cannot tell
> why .local should stay local always and forever. That's my point, you
> don't know either as you ask yourself already, "why should I config
> Avahi myself ?". Indeed stay in control of your network or stay out.
NO, I do not ask myself "why should I config Avahi myself ?", what I
said is, most people don't configure avahi themselves. We are *not*
discussing setting up the dns domain here, we are talking about setting
up a samba domain. If you want to use .local, then this is your
decision, but from experience of the problems that appear on this list,
quite a lot of them are caused by using .local. In this case, by not
recommending .local, it is hoped that a lot of problems will never happen.
Rowland
>
>
>
> 2015-01-05 13:02 GMT+01:00 Rowland Penny <rowlandpenny at googlemail.com>:
>> On 05/01/15 11:51, Matt . wrote:
>>> Sending to you without the mailinglist is on the same level as proper
>>> administration of a network ? This is new to me and I'm sure to others
>>> too.
>> No of course it isn't, but it shows that it is very easy to make an error
>> even when you are a super-duper sysadmin. :-)
>>
>>> What might be new to you is that Avahi runs on the domain it finds and
>>> not what it expects. That is how the protocol works, it searches, sees
>>> the domain of the protocol and goes on. So all Avahi users in a
>>> network will run on .alocal is you set the Avahi-server to it.
>>
>> Yes, but how many people *actually* setup avahi themselves ?
>>
>>> The reason to use .local is to make sure traffic you never want go
>>> outside stays local, and that's not guaranteed with any other
>>> domainname as you can register what you want @ ICANN these days.
>>
>> Again you are missing the point, because most people never setup avahi,
>> using .local can and will cause problems. Also, how do you stop traffic
>> going out by just using a dns domain name ending in .local ?
>>
>> Rowland
>>
>>>
>>>
>>>
>>> 2015-01-05 12:43 GMT+01:00 Rowland Penny <rowlandpenny at googlemail.com>:
>>>> On 05/01/15 11:34, Matt . wrote:
>>>>> Micrososft changed this statement a several of times.
>>>>>
>>>>> The only reason they did is because people using Apple are complaining
>>>>> some services are not working "well" on their OSX and it's a pain to
>>>>> change the DNS name of your Business Server on Windows Server
>>>>>
>>>>> As said before, running on .alocal for Avahi works perfectly and mDNS
>>>>> is only for small networks, and setting up some proper DNS is no
>>>>> problem at all.
>>>>>
>>>>> To be honest, most sysadmins don't know much about DNS or how it
>>>>> works, that's a fact where Microsoft has to deal with every day.
>>>>>
>>>>> Not using .local is actually a workaround and no solution for an admin
>>>>> which doesn't know what he is doing.
>>>>>
>>>>> 2015-01-05 12:27 GMT+01:00 Rowland Penny <rowlandpenny at googlemail.com>:
>>>>>> On 05/01/15 11:18, Matt . wrote:
>>>>>>> I'm not sure if I would not advise to use .local, sometimes it seems
>>>>>>> to be needed to make a proper location for a running domain where even
>>>>>>> .cityname cannot accomplish what you need.
>>>>>>
>>>>>> Hi, even microsoft don't recommend using .local, see
>>>>>> http://technet.microsoft.com/en-us/library/cc726016%28v=ws.10%29.aspx/
>>>>>>
>>>>>> For the vast majority of people, using .local can and will cause
>>>>>> problems,
>>>>>> so please, don't use it.
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>>
>>>>>>> To be honest I don't run Avahi and will not either. Avahi and mdns are
>>>>>>> actually only designed because of of bad DNS management by system
>>>>>>> administrators and have (Apple) users use all their features, the same
>>>>>>> for TV's and so on.
>>>>>>>
>>>>>>> If you really need Avahi or so run it on .alocal, etc. Avahi and mDNS
>>>>>>> are just there because most networks are bad in DNS design by the
>>>>>>> admin and users will complain because of it.
>>>>>>>
>>>>>>> 2015-01-05 11:14 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:
>>>>>>>> Hai Achim,
>>>>>>>>
>>>>>>>> If everything is working correct, wel dont change the domainname
>>>>>>>> then.
>>>>>>>> if resolving is setup correct you should not notice the problems.
>>>>>>>> even with apple devices, and looks like you did that already and
>>>>>>>> correct.
>>>>>>>>
>>>>>>>> Its never adviced to change the domainname of a domain, and if you
>>>>>>>> do,
>>>>>>>> make sure you know what to change.
>>>>>>>> - DNS ( any dns/db tools, can be done with the windows tools. (
>>>>>>>> start
>>>>>>>> here. )
>>>>>>>> - samba DB ( ldbedit )
>>>>>>>> - host files
>>>>>>>> - any other router/device with the old domainname.
>>>>>>>> - client pc's, remove the from the domain first and add them after
>>>>>>>> again.
>>>>>>>> - you need to test applications, that are incompatible with the
>>>>>>>> domain
>>>>>>>> rename, and if needed te be reinstalled.
>>>>>>>> - reset all your acl's.
>>>>>>>> etc..
>>>>>>>>
>>>>>>>> so imo, dont do it... i dont know how big you network is, but i've
>>>>>>>> dont
>>>>>>>> it 2 times ( just windows servers )
>>>>>>>> and it was hell.. ( ok was a few years ago, but still... )
>>>>>>>>
>>>>>>>> Im here in de middle of something same, and im completly rebuilding
>>>>>>>> my
>>>>>>>> old network in a new network.
>>>>>>>>
>>>>>>>> and...
>>>>>>>>
>>>>>>>> happy new year to everybody, may to world get some peace, and let we
>>>>>>>> all
>>>>>>>> keep a good healt.
>>>>>>>>
>>>>>>>>
>>>>>>>> Louis
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>>> Van: achim at ag-web.biz [mailto:samba-bounces at lists.samba.org]
>>>>>>>>> Namens Achim Gottinger
>>>>>>>>> Verzonden: maandag 5 januari 2015 10:55
>>>>>>>>> Aan: Rowland Penny; samba at lists.samba.org
>>>>>>>>> Onderwerp: Re: [Samba] Don't use .local
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Am 05.01.2015 um 10:28 schrieb Rowland Penny:
>>>>>>>>>> On 05/01/15 07:00, Achim Gottinger wrote:
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> I deployed an Samba 4 AD back in 2013 with .local, not
>>>>>>>>> knowing it can
>>>>>>>>>>> cause troubles with mDns.
>>>>>>>>>>> On my linux server i did not install avahi and i do not
>>>>>>>>> have mDns in
>>>>>>>>>>> my nsswitch.conf hosts entry.
>>>>>>>>>>> On windows machines i usually deinstall bonjour whenever it
>>>>>>>>> shows up
>>>>>>>>>>> and i do not install it when installing itunes.
>>>>>>>>>>> Till now i have not had any dns resolve issues, still i'd like to
>>>>>>>>>>> change it to .loc or similar without having to reprovision ad.
>>>>>>>>>>> Is this possible?
>>>>>>>>>>>
>>>>>>>>>>> Thanks in advance,
>>>>>>>>>>> Achim
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Am 04.01.2015 um 13:16 schrieb Stefan Kania:
>>>>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>>>>> Hash: SHA1
>>>>>>>>>>>>
>>>>>>>>>>>> Hello everyone,
>>>>>>>>>>>>
>>>>>>>>>>>> I know that many people know not to use .local, but in the
>>>>>>>>> last weeks
>>>>>>>>>>>> we had several People having problems using .local.
>>>>>>>>>>>> So to all peopel starting implementing Samba 4 AD, read this:
>>>>>>>>>>>>
>>>>>>>>> http://miketelahun.wordpress.com/2012/09/16/stop-using-local-as
>>>>>>>>> -the-top-level-domain-for-your-lan/
>>>>>>>>>>>>
>>>>>>>>>>>> So stop using .local as TLD. Maybe there should be a BIIIIIG not
>>>>>>>>>>>> inside the wiki?
>>>>>>>>>>>>
>>>>>>>>>>>> Stefan
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>>>>>>> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
>>>>>>>>>>>>
>>>>>>>>>>>> iEYEARECAAYFAlSpLycACgkQ2JOGcNAHDTb0jACfX4Y2zDQuSfevMUvkgWRYcpdw
>>>>>>>>>>>> hY8AoLxNJzOUPa0E3+BEo/zwJ88xk27J
>>>>>>>>>>>> =e33p
>>>>>>>>>>>> -----END PGP SIGNATURE-----
>>>>>>>>>> It would seem that it is possible, see:
>>>>>>>>>>
>>>>>>>>>> http://technet.microsoft.com/en-us/library/cc738208%28v=ws.10%29.aspx
>>>>>>>>>> Only problem, I do not know of any Unix tool to do it and do
>>>>>>>>> not know
>>>>>>>>>> if rendom.exe will work with a samba4 AD DC.
>>>>>>>>>>
>>>>>>>>>> Rowland
>>>>>>>>>>
>>>>>>>>> Thank you for the link Rowland, gotta give it an try in an test
>>>>>>>>> environment. But i guess i wait for version 4.2 before i start
>>>>>>>>> testing.
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>>
>>>>>>>>>
>>>>>>>> --
>>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>> Ah, you just proved that people don't know what they are doing, by
>>>> sending
>>>> the same email twice, once just to me and once again to the list and me.
>>>>
>>>> I understand what you are trying to say, but it totally misses the point.
>>>> using .local can and will interfere with avahi *unless* you turn avahi
>>>> off.
>>>> Only problem with this, by turning off avahi, you may break something
>>>> else.
>>>> So the best option is to *not* use .local.
>>>>
>>>> Rowland
>>
More information about the samba
mailing list