[Samba] samba 4.1.17 on raspberry pi as ad dc - internal dns problems

Peter Serbe peter at serbe.ch
Thu Mar 12 10:34:09 MDT 2015

Matthias Busch schrieb am 12.03.2015 16:43:

> I am hesitant to use .net (the domain I own) in fear of having dns 
> issues. i do not control the NS for the internet accesible .net domain 
> either.

At least w.r.t. the Bind backend this fear is not necessary. It is indeed 
exactly what I do. The AD-DNS is only authoritative to "domain.samdom.com", 
not to "samdom.com". There is only one little trick necessary if You got 
a slave nameserver, which is tied to Your AD-DC server. 

# forward lookup
zone "domain.samdom.com" {
        type slave;
        masters {;
        ; };
        file "/etc/bind/namedb/bak.domain.samdom.com";

# reverse lookup
zone "1.168.192.in-addr.arpa" {
        type slave;
        masters {;
        ; };
        file "/etc/bind/namedb/bak.192.168.1";

Note the line "forwarders{}", which will ensure, that the local DNS server 
doesn't ask the public DNS, which is authoritative for the public 
"samdom.com". You would then get the IP of "samdom.com" when looking up 
a local host. 

But I agree, that this is a bit of perfectionsm. One can do things simpler. 
On the other hand: one of my two DCs was down for a week (the one 70km away 
in the "weekend"-appartment), but the whole network worked flawlessly. These 
Arm based appliances are definitely less reliable than ordinary PC H/W. I 
use slave DNS servers on my file servers, which keep at least DNS working 
whatever the Raspi or the Cubieboard do (better: don't do...). 

More information about the samba mailing list