[Samba] Don't use .local
Matt .
yamakasi.014 at gmail.com
Mon Jan 5 05:27:08 MST 2015
Indeed a Samba-domain which needs a proper DNS setup, no Avahi or mDNS.
2015-01-05 13:23 GMT+01:00 Rowland Penny <rowlandpenny at googlemail.com>:
> On 05/01/15 12:13, Matt . wrote:
>>
>> I'm not missing the point, the point is that you actually cannot tell
>> why .local should stay local always and forever. That's my point, you
>> don't know either as you ask yourself already, "why should I config
>> Avahi myself ?". Indeed stay in control of your network or stay out.
>
>
> NO, I do not ask myself "why should I config Avahi myself ?", what I said
> is, most people don't configure avahi themselves. We are *not* discussing
> setting up the dns domain here, we are talking about setting up a samba
> domain. If you want to use .local, then this is your decision, but from
> experience of the problems that appear on this list, quite a lot of them are
> caused by using .local. In this case, by not recommending .local, it is
> hoped that a lot of problems will never happen.
>
> Rowland
>
>>
>>
>>
>> 2015-01-05 13:02 GMT+01:00 Rowland Penny <rowlandpenny at googlemail.com>:
>>>
>>> On 05/01/15 11:51, Matt . wrote:
>>>>
>>>> Sending to you without the mailinglist is on the same level as proper
>>>> administration of a network ? This is new to me and I'm sure to others
>>>> too.
>>>
>>> No of course it isn't, but it shows that it is very easy to make an error
>>> even when you are a super-duper sysadmin. :-)
>>>
>>>> What might be new to you is that Avahi runs on the domain it finds and
>>>> not what it expects. That is how the protocol works, it searches, sees
>>>> the domain of the protocol and goes on. So all Avahi users in a
>>>> network will run on .alocal is you set the Avahi-server to it.
>>>
>>>
>>> Yes, but how many people *actually* setup avahi themselves ?
>>>
>>>> The reason to use .local is to make sure traffic you never want go
>>>> outside stays local, and that's not guaranteed with any other
>>>> domainname as you can register what you want @ ICANN these days.
>>>
>>>
>>> Again you are missing the point, because most people never setup avahi,
>>> using .local can and will cause problems. Also, how do you stop traffic
>>> going out by just using a dns domain name ending in .local ?
>>>
>>> Rowland
>>>
>>>>
>>>>
>>>>
>>>> 2015-01-05 12:43 GMT+01:00 Rowland Penny <rowlandpenny at googlemail.com>:
>>>>>
>>>>> On 05/01/15 11:34, Matt . wrote:
>>>>>>
>>>>>> Micrososft changed this statement a several of times.
>>>>>>
>>>>>> The only reason they did is because people using Apple are complaining
>>>>>> some services are not working "well" on their OSX and it's a pain to
>>>>>> change the DNS name of your Business Server on Windows Server
>>>>>>
>>>>>> As said before, running on .alocal for Avahi works perfectly and mDNS
>>>>>> is only for small networks, and setting up some proper DNS is no
>>>>>> problem at all.
>>>>>>
>>>>>> To be honest, most sysadmins don't know much about DNS or how it
>>>>>> works, that's a fact where Microsoft has to deal with every day.
>>>>>>
>>>>>> Not using .local is actually a workaround and no solution for an admin
>>>>>> which doesn't know what he is doing.
>>>>>>
>>>>>> 2015-01-05 12:27 GMT+01:00 Rowland Penny
>>>>>> <rowlandpenny at googlemail.com>:
>>>>>>>
>>>>>>> On 05/01/15 11:18, Matt . wrote:
>>>>>>>>
>>>>>>>> I'm not sure if I would not advise to use .local, sometimes it seems
>>>>>>>> to be needed to make a proper location for a running domain where
>>>>>>>> even
>>>>>>>> .cityname cannot accomplish what you need.
>>>>>>>
>>>>>>>
>>>>>>> Hi, even microsoft don't recommend using .local, see
>>>>>>>
>>>>>>> http://technet.microsoft.com/en-us/library/cc726016%28v=ws.10%29.aspx/
>>>>>>>
>>>>>>> For the vast majority of people, using .local can and will cause
>>>>>>> problems,
>>>>>>> so please, don't use it.
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>>
>>>>>>>> To be honest I don't run Avahi and will not either. Avahi and mdns
>>>>>>>> are
>>>>>>>> actually only designed because of of bad DNS management by system
>>>>>>>> administrators and have (Apple) users use all their features, the
>>>>>>>> same
>>>>>>>> for TV's and so on.
>>>>>>>>
>>>>>>>> If you really need Avahi or so run it on .alocal, etc. Avahi and
>>>>>>>> mDNS
>>>>>>>> are just there because most networks are bad in DNS design by the
>>>>>>>> admin and users will complain because of it.
>>>>>>>>
>>>>>>>> 2015-01-05 11:14 GMT+01:00 L.P.H. van Belle <belle at bazuin.nl>:
>>>>>>>>>
>>>>>>>>> Hai Achim,
>>>>>>>>>
>>>>>>>>> If everything is working correct, wel dont change the domainname
>>>>>>>>> then.
>>>>>>>>> if resolving is setup correct you should not notice the problems.
>>>>>>>>> even with apple devices, and looks like you did that already and
>>>>>>>>> correct.
>>>>>>>>>
>>>>>>>>> Its never adviced to change the domainname of a domain, and if you
>>>>>>>>> do,
>>>>>>>>> make sure you know what to change.
>>>>>>>>> - DNS ( any dns/db tools, can be done with the windows tools. (
>>>>>>>>> start
>>>>>>>>> here. )
>>>>>>>>> - samba DB ( ldbedit )
>>>>>>>>> - host files
>>>>>>>>> - any other router/device with the old domainname.
>>>>>>>>> - client pc's, remove the from the domain first and add them after
>>>>>>>>> again.
>>>>>>>>> - you need to test applications, that are incompatible with the
>>>>>>>>> domain
>>>>>>>>> rename, and if needed te be reinstalled.
>>>>>>>>> - reset all your acl's.
>>>>>>>>> etc..
>>>>>>>>>
>>>>>>>>> so imo, dont do it... i dont know how big you network is, but i've
>>>>>>>>> dont
>>>>>>>>> it 2 times ( just windows servers )
>>>>>>>>> and it was hell.. ( ok was a few years ago, but still... )
>>>>>>>>>
>>>>>>>>> Im here in de middle of something same, and im completly rebuilding
>>>>>>>>> my
>>>>>>>>> old network in a new network.
>>>>>>>>>
>>>>>>>>> and...
>>>>>>>>>
>>>>>>>>> happy new year to everybody, may to world get some peace, and let
>>>>>>>>> we
>>>>>>>>> all
>>>>>>>>> keep a good healt.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Louis
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> -----Oorspronkelijk bericht-----
>>>>>>>>>> Van: achim at ag-web.biz [mailto:samba-bounces at lists.samba.org]
>>>>>>>>>> Namens Achim Gottinger
>>>>>>>>>> Verzonden: maandag 5 januari 2015 10:55
>>>>>>>>>> Aan: Rowland Penny; samba at lists.samba.org
>>>>>>>>>> Onderwerp: Re: [Samba] Don't use .local
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Am 05.01.2015 um 10:28 schrieb Rowland Penny:
>>>>>>>>>>>
>>>>>>>>>>> On 05/01/15 07:00, Achim Gottinger wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Hello,
>>>>>>>>>>>>
>>>>>>>>>>>> I deployed an Samba 4 AD back in 2013 with .local, not
>>>>>>>>>>
>>>>>>>>>> knowing it can
>>>>>>>>>>>>
>>>>>>>>>>>> cause troubles with mDns.
>>>>>>>>>>>> On my linux server i did not install avahi and i do not
>>>>>>>>>>
>>>>>>>>>> have mDns in
>>>>>>>>>>>>
>>>>>>>>>>>> my nsswitch.conf hosts entry.
>>>>>>>>>>>> On windows machines i usually deinstall bonjour whenever it
>>>>>>>>>>
>>>>>>>>>> shows up
>>>>>>>>>>>>
>>>>>>>>>>>> and i do not install it when installing itunes.
>>>>>>>>>>>> Till now i have not had any dns resolve issues, still i'd like
>>>>>>>>>>>> to
>>>>>>>>>>>> change it to .loc or similar without having to reprovision ad.
>>>>>>>>>>>> Is this possible?
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks in advance,
>>>>>>>>>>>> Achim
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Am 04.01.2015 um 13:16 schrieb Stefan Kania:
>>>>>>>>>>>>>
>>>>>>>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>>>>>>>> Hash: SHA1
>>>>>>>>>>>>>
>>>>>>>>>>>>> Hello everyone,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I know that many people know not to use .local, but in the
>>>>>>>>>>
>>>>>>>>>> last weeks
>>>>>>>>>>>>>
>>>>>>>>>>>>> we had several People having problems using .local.
>>>>>>>>>>>>> So to all peopel starting implementing Samba 4 AD, read this:
>>>>>>>>>>>>>
>>>>>>>>>> http://miketelahun.wordpress.com/2012/09/16/stop-using-local-as
>>>>>>>>>> -the-top-level-domain-for-your-lan/
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> So stop using .local as TLD. Maybe there should be a BIIIIIG
>>>>>>>>>>>>> not
>>>>>>>>>>>>> inside the wiki?
>>>>>>>>>>>>>
>>>>>>>>>>>>> Stefan
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>>>>>>>> Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> iEYEARECAAYFAlSpLycACgkQ2JOGcNAHDTb0jACfX4Y2zDQuSfevMUvkgWRYcpdw
>>>>>>>>>>>>> hY8AoLxNJzOUPa0E3+BEo/zwJ88xk27J
>>>>>>>>>>>>> =e33p
>>>>>>>>>>>>> -----END PGP SIGNATURE-----
>>>>>>>>>>>
>>>>>>>>>>> It would seem that it is possible, see:
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> http://technet.microsoft.com/en-us/library/cc738208%28v=ws.10%29.aspx
>>>>>>>>>>> Only problem, I do not know of any Unix tool to do it and do
>>>>>>>>>>
>>>>>>>>>> not know
>>>>>>>>>>>
>>>>>>>>>>> if rendom.exe will work with a samba4 AD DC.
>>>>>>>>>>>
>>>>>>>>>>> Rowland
>>>>>>>>>>>
>>>>>>>>>> Thank you for the link Rowland, gotta give it an try in an test
>>>>>>>>>> environment. But i guess i wait for version 4.2 before i start
>>>>>>>>>> testing.
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>
>>>>>
>>>>> Ah, you just proved that people don't know what they are doing, by
>>>>> sending
>>>>> the same email twice, once just to me and once again to the list and
>>>>> me.
>>>>>
>>>>> I understand what you are trying to say, but it totally misses the
>>>>> point.
>>>>> using .local can and will interfere with avahi *unless* you turn avahi
>>>>> off.
>>>>> Only problem with this, by turning off avahi, you may break something
>>>>> else.
>>>>> So the best option is to *not* use .local.
>>>>>
>>>>> Rowland
>>>
>>>
>
More information about the samba
mailing list