[Samba] Samba internal DNS and Sysvol share

Andrew Bartlett abartlet at samba.org
Mon Mar 9 01:45:09 MDT 2015

On Sun, 2015-03-08 at 10:35 +0000, William Ross wrote:
> I have four domain controllers on my Samba 4.1.17 domain. Each is on a
> separate site in AD, in the real world each is at a separate physical
> location connected by VPN links.
> They are each configured as DNS servers for the domain using the
> internal Samba DNS implementation. On each site the local clients are
> configured to go to their local domain controller for DNS.
> My understanding of the Sysvol share is that on startup a domain
> member PC (eg running Win7) will access:
> \\domain.mydomain.com\sysvol
> to check its GPOs are up-to-date.
> My concern is that if I ping domain.mydomain.com from any of the
> sites, domain.mydomain.com resolves to a single domain controller (the
> first domain controller that was configured). So the clients at the
> remote sites will be accessing the sysvol share over the VPN, instead
> of the local copy on their local domain controller.
> Should domain.mydomain.com not resolve to the domain controller that
> is responding to the DNS query? Is this a limitation of the internal
> DNS server?

What the clients should do is use domain DFS to find a real DC,
hopefully the local server, to access - they should not be accessing the
realm name directly.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list